Created
December 3, 2019 13:28
-
-
Save nak3/be9eec22e91b0d958b9e23f7b7402d30 to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
------- | |
resource: NAME | |
------- | |
------- | |
resource: bindings | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: componentstatuses | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
conditions: | |
- message: ok | |
status: "True" | |
type: Healthy | |
kind: ComponentStatus | |
metadata: | |
creationTimestamp: null | |
name: scheduler | |
selfLink: /api/v1/componentstatuses/scheduler | |
- apiVersion: v1 | |
conditions: | |
- message: ok | |
status: "True" | |
type: Healthy | |
kind: ComponentStatus | |
metadata: | |
creationTimestamp: null | |
name: controller-manager | |
selfLink: /api/v1/componentstatuses/controller-manager | |
- apiVersion: v1 | |
conditions: | |
- message: '{"health":"true"}' | |
status: "True" | |
type: Healthy | |
kind: ComponentStatus | |
metadata: | |
creationTimestamp: null | |
name: etcd-0 | |
selfLink: /api/v1/componentstatuses/etcd-0 | |
- apiVersion: v1 | |
conditions: | |
- message: '{"health":"true"}' | |
status: "True" | |
type: Healthy | |
kind: ComponentStatus | |
metadata: | |
creationTimestamp: null | |
name: etcd-1 | |
selfLink: /api/v1/componentstatuses/etcd-1 | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: configmaps | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
data: | |
mesh: |- | |
# Set the following variable to true to disable policy checks by Mixer. | |
# Note that metrics will still be reported to Mixer. | |
disablePolicyChecks: true | |
disableMixerHttpReports: false | |
# reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server | |
reportBatchMaxEntries: 100 | |
# reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server | |
reportBatchMaxTime: 1s | |
# Set enableTracing to false to disable request tracing. | |
enableTracing: true | |
# Set accessLogFile to empty string to disable access log. | |
accessLogFile: "/dev/stdout" | |
# If accessLogEncoding is TEXT, value will be used directly as the log format | |
# example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n" | |
# If AccessLogEncoding is JSON, value will be parsed as map[string]string | |
# example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}' | |
# Leave empty to use default log format | |
accessLogFormat: "" | |
# Set accessLogEncoding to JSON or TEXT to configure sidecar access log | |
accessLogEncoding: 'JSON' | |
enableEnvoyAccessLogService: false | |
mixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091 | |
mixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091 | |
# policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. | |
# Default is false which means the traffic is denied when the client is unable to connect to Mixer. | |
policyCheckFailOpen: false | |
# Let Pilot give ingresses the public IP of the Istio ingressgateway | |
ingressService: istio-ingressgateway | |
# Default connect timeout for dynamic clusters generated by Pilot and returned via XDS | |
connectTimeout: 10s | |
# Automatic protocol detection uses a set of heuristics to | |
# determine whether the connection is using TLS or not (on the | |
# server side), as well as the application protocol being used | |
# (e.g., http vs tcp). These heuristics rely on the client sending | |
# the first bits of data. For server first protocols like MySQL, | |
# MongoDB, etc., Envoy will timeout on the protocol detection after | |
# the specified period, defaulting to non mTLS plain TCP | |
# traffic. Set this field to tweak the period that Envoy will wait | |
# for the client to send the first bits of data. (MUST BE >=1ms) | |
protocolDetectionTimeout: 100ms | |
# DNS refresh rate for Envoy clusters of type STRICT_DNS | |
dnsRefreshRate: 300s | |
# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get | |
# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. | |
sdsUdsPath: "" | |
# The trust domain corresponds to the trust root of a system. | |
# Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain | |
trustDomain: "" | |
# The trust domain aliases represent the aliases of trust_domain. | |
# For example, if we have | |
# trustDomain: td1 | |
# trustDomainAliases: [“td2”, "td3"] | |
# Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", | |
# or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. | |
trustDomainAliases: | |
# If true, automatically configure client side mTLS settings to match the corresponding service's | |
# server side mTLS authentication policy, when destination rule for that service does not specify | |
# TLS settings. | |
enableAutoMtls: false | |
# Set the default behavior of the sidecar for handling outbound traffic from the application: | |
# ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no | |
# services or ServiceEntries for the destination port | |
# REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well | |
# as those defined through ServiceEntries | |
outboundTrafficPolicy: | |
mode: ALLOW_ANY | |
localityLbSetting: | |
enabled: true | |
# The namespace to treat as the administrative root namespace for istio | |
# configuration. | |
rootNamespace: istio-system | |
# Configures DNS certificates provisioned through Chiron linked into Pilot. | |
certificates: | |
[] | |
configSources: | |
- address: istio-galley.istio-system.svc:9901 | |
defaultConfig: | |
# | |
# TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters | |
# defined in Envoy's configuration file | |
connectTimeout: 10s | |
# | |
### ADVANCED SETTINGS ############# | |
# Where should envoy's configuration be stored in the istio-proxy container | |
configPath: "/etc/istio/proxy" | |
binaryPath: "/usr/local/bin/envoy" | |
# The pseudo service name used for Envoy. | |
serviceCluster: istio-proxy | |
# These settings that determine how long an old Envoy | |
# process should be kept alive after an occasional reload. | |
drainDuration: 45s | |
parentShutdownDuration: 1m0s | |
# | |
# The mode used to redirect inbound connections to Envoy. This setting | |
# has no effect on outbound traffic: iptables REDIRECT is always used for | |
# outbound connections. | |
# If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. | |
# The "REDIRECT" mode loses source addresses during redirection. | |
# If "TPROXY", use iptables TPROXY to redirect to Envoy. | |
# The "TPROXY" mode preserves both the source and destination IP | |
# addresses and ports, so that they can be used for advanced filtering | |
# and manipulation. | |
# The "TPROXY" mode also configures the sidecar to run with the | |
# CAP_NET_ADMIN capability, which is required to use TPROXY. | |
#interceptionMode: REDIRECT | |
# | |
# Port where Envoy listens (on local host) for admin commands | |
# You can exec into the istio-proxy container in a pod and | |
# curl the admin port (curl http://localhost:15000/) to obtain | |
# diagnostic information from Envoy. See | |
# https://lyft.github.io/envoy/docs/operations/admin.html | |
# for more details | |
proxyAdminPort: 15000 | |
# | |
# Set concurrency to a specific number to control the number of Proxy worker threads. | |
# If set to 0 (default), then start worker thread for each CPU thread/core. | |
concurrency: 2 | |
# | |
tracing: | |
zipkin: | |
# Address of the Zipkin collector | |
address: zipkin.istio-system:9411 | |
# | |
# Mutual TLS authentication between sidecars and istio control plane. | |
controlPlaneAuthPolicy: NONE | |
# | |
# Address where istio Pilot service is running | |
discoveryAddress: istio-pilot.istio-system:15010 | |
meshNetworks: 'networks: {}' | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"mesh":"# Set the following variable to true to disable policy checks by Mixer.\n# Note that metrics will still be reported to Mixer.\ndisablePolicyChecks: true\n\ndisableMixerHttpReports: false\n# reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server\nreportBatchMaxEntries: 100\n# reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server\nreportBatchMaxTime: 1s\n\n# Set enableTracing to false to disable request tracing.\nenableTracing: true\n\n# Set accessLogFile to empty string to disable access log.\naccessLogFile: \"/dev/stdout\"\n\n# If accessLogEncoding is TEXT, value will be used directly as the log format\n# example: \"[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\\n\"\n# If AccessLogEncoding is JSON, value will be parsed as map[string]string\n# example: '{\"start_time\": \"%START_TIME%\", \"req_method\": \"%REQ(:METHOD)%\"}'\n# Leave empty to use default log format\naccessLogFormat: \"\"\n\n# Set accessLogEncoding to JSON or TEXT to configure sidecar access log\naccessLogEncoding: 'JSON'\n\nenableEnvoyAccessLogService: false\nmixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091\nmixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091\n# policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached.\n# Default is false which means the traffic is denied when the client is unable to connect to Mixer.\npolicyCheckFailOpen: false\n# Let Pilot give ingresses the public IP of the Istio ingressgateway\ningressService: istio-ingressgateway\n\n# Default connect timeout for dynamic clusters generated by Pilot and returned via XDS\nconnectTimeout: 10s\n\n# Automatic protocol detection uses a set of heuristics to\n# determine whether the connection is using TLS or not (on the\n# server side), as well as the application protocol being used\n# (e.g., http vs tcp). These heuristics rely on the client sending\n# the first bits of data. For server first protocols like MySQL,\n# MongoDB, etc., Envoy will timeout on the protocol detection after\n# the specified period, defaulting to non mTLS plain TCP\n# traffic. Set this field to tweak the period that Envoy will wait\n# for the client to send the first bits of data. (MUST BE \u003e=1ms)\nprotocolDetectionTimeout: 100ms\n\n# DNS refresh rate for Envoy clusters of type STRICT_DNS\ndnsRefreshRate: 300s\n\n# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get\n# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.\nsdsUdsPath: \"\"\n\n# The trust domain corresponds to the trust root of a system.\n# Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain\ntrustDomain: \"\"\n\n# The trust domain aliases represent the aliases of trust_domain.\n# For example, if we have\n# trustDomain: td1\n# trustDomainAliases: [“td2”, \"td3\"]\n# Any service with the identity \"td1/ns/foo/sa/a-service-account\", \"td2/ns/foo/sa/a-service-account\",\n# or \"td3/ns/foo/sa/a-service-account\" will be treated the same in the Istio mesh.\ntrustDomainAliases:\n\n# If true, automatically configure client side mTLS settings to match the corresponding service's\n# server side mTLS authentication policy, when destination rule for that service does not specify\n# TLS settings.\nenableAutoMtls: false\n\n# Set the default behavior of the sidecar for handling outbound traffic from the application:\n# ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no\n# services or ServiceEntries for the destination port\n# REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well\n# as those defined through ServiceEntries\noutboundTrafficPolicy:\n mode: ALLOW_ANY\nlocalityLbSetting:\n enabled: true\n# The namespace to treat as the administrative root namespace for istio\n# configuration.\nrootNamespace: istio-system\n\n# Configures DNS certificates provisioned through Chiron linked into Pilot.\ncertificates:\n []\nconfigSources:\n- address: istio-galley.istio-system.svc:9901\n\ndefaultConfig:\n #\n # TCP connection timeout between Envoy \u0026 the application, and between Envoys. Used for static clusters\n # defined in Envoy's configuration file\n connectTimeout: 10s\n #\n ### ADVANCED SETTINGS #############\n # Where should envoy's configuration be stored in the istio-proxy container\n configPath: \"/etc/istio/proxy\"\n binaryPath: \"/usr/local/bin/envoy\"\n # The pseudo service name used for Envoy.\n serviceCluster: istio-proxy\n # These settings that determine how long an old Envoy\n # process should be kept alive after an occasional reload.\n drainDuration: 45s\n parentShutdownDuration: 1m0s\n #\n # The mode used to redirect inbound connections to Envoy. This setting\n # has no effect on outbound traffic: iptables REDIRECT is always used for\n # outbound connections.\n # If \"REDIRECT\", use iptables REDIRECT to NAT and redirect to Envoy.\n # The \"REDIRECT\" mode loses source addresses during redirection.\n # If \"TPROXY\", use iptables TPROXY to redirect to Envoy.\n # The \"TPROXY\" mode preserves both the source and destination IP\n # addresses and ports, so that they can be used for advanced filtering\n # and manipulation.\n # The \"TPROXY\" mode also configures the sidecar to run with the\n # CAP_NET_ADMIN capability, which is required to use TPROXY.\n #interceptionMode: REDIRECT\n #\n # Port where Envoy listens (on local host) for admin commands\n # You can exec into the istio-proxy container in a pod and\n # curl the admin port (curl http://localhost:15000/) to obtain\n # diagnostic information from Envoy. See\n # https://lyft.github.io/envoy/docs/operations/admin.html\n # for more details\n proxyAdminPort: 15000\n #\n # Set concurrency to a specific number to control the number of Proxy worker threads.\n # If set to 0 (default), then start worker thread for each CPU thread/core.\n concurrency: 2\n #\n tracing:\n zipkin:\n # Address of the Zipkin collector\n address: zipkin.istio-system:9411\n #\n # Mutual TLS authentication between sidecars and istio control plane.\n controlPlaneAuthPolicy: NONE\n #\n # Address where istio Pilot service is running\n discoveryAddress: istio-pilot.istio-system:15010","meshNetworks":"networks: {}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"istio","chart":"istio","heritage":"Tiller","release":"RELEASE-NAME"},"name":"istio","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:20Z" | |
labels: | |
app: istio | |
chart: istio | |
heritage: Tiller | |
release: RELEASE-NAME | |
name: istio | |
namespace: istio-system | |
resourceVersion: "43410" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio | |
uid: 1ee6e059-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
crd-10.yaml: |- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: mixer | |
chart: istio | |
heritage: Tiller | |
istio: core | |
package: istio.io.mixer | |
release: istio | |
name: attributemanifests.config.istio.io | |
spec: | |
group: config.istio.io | |
names: | |
categories: | |
- istio-io | |
- policy-istio-io | |
kind: attributemanifest | |
plural: attributemanifests | |
singular: attributemanifest | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Describes the rules used to configure Mixer''s policy and | |
telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' | |
properties: | |
attributes: | |
additionalProperties: | |
properties: | |
description: | |
description: A human-readable description of the attribute's purpose. | |
format: string | |
type: string | |
valueType: | |
description: The type of data carried by this attribute. | |
enum: | |
- VALUE_TYPE_UNSPECIFIED | |
- STRING | |
- INT64 | |
- DOUBLE | |
- BOOL | |
- TIMESTAMP | |
- IP_ADDRESS | |
- EMAIL_ADDRESS | |
- URI | |
- DNS_NAME | |
- DURATION | |
- STRING_MAP | |
type: string | |
type: object | |
description: The set of attributes this Istio component will be responsible | |
for producing at runtime. | |
type: object | |
name: | |
description: Name of the component producing these attributes. | |
format: string | |
type: string | |
revision: | |
description: The revision of this document. | |
format: string | |
type: string | |
type: object | |
type: object | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
heritage: Tiller | |
istio: rbac | |
release: istio | |
name: clusterrbacconfigs.rbac.istio.io | |
spec: | |
group: rbac.istio.io | |
names: | |
categories: | |
- istio-io | |
- rbac-istio-io | |
kind: ClusterRbacConfig | |
plural: clusterrbacconfigs | |
singular: clusterrbacconfig | |
scope: Cluster | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration for Role Based Access Control. See more details | |
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' | |
properties: | |
enforcementMode: | |
enum: | |
- ENFORCED | |
- PERMISSIVE | |
type: string | |
exclusion: | |
description: A list of services or namespaces that should not be enforced | |
by Istio RBAC policies. | |
properties: | |
namespaces: | |
description: A list of namespaces. | |
items: | |
format: string | |
type: string | |
type: array | |
services: | |
description: A list of services. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
inclusion: | |
description: A list of services or namespaces that should be enforced | |
by Istio RBAC policies. | |
properties: | |
namespaces: | |
description: A list of namespaces. | |
items: | |
format: string | |
type: string | |
type: array | |
services: | |
description: A list of services. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
mode: | |
description: Istio RBAC mode. | |
enum: | |
- "OFF" | |
- "ON" | |
- ON_WITH_INCLUSION | |
- ON_WITH_EXCLUSION | |
type: string | |
type: object | |
type: object | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: destinationrules.networking.istio.io | |
spec: | |
additionalPrinterColumns: | |
- JSONPath: .spec.host | |
description: The name of a service from the service registry | |
name: Host | |
type: string | |
- JSONPath: .metadata.creationTimestamp | |
description: |- | |
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. | |
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata | |
name: Age | |
type: date | |
group: networking.istio.io | |
names: | |
categories: | |
- istio-io | |
- networking-istio-io | |
kind: DestinationRule | |
listKind: DestinationRuleList | |
plural: destinationrules | |
shortNames: | |
- dr | |
singular: destinationrule | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration affecting load balancing, outlier detection, | |
etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' | |
properties: | |
exportTo: | |
description: A list of namespaces to which this destination rule is | |
exported. | |
items: | |
format: string | |
type: string | |
type: array | |
host: | |
description: The name of a service from the service registry. | |
format: string | |
type: string | |
subsets: | |
items: | |
properties: | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
name: | |
description: Name of the subset. | |
format: string | |
type: string | |
trafficPolicy: | |
description: Traffic policies that apply to this subset. | |
properties: | |
connectionPool: | |
properties: | |
http: | |
description: HTTP connection pool settings. | |
properties: | |
h2UpgradePolicy: | |
description: Specify if http1.1 connection should | |
be upgraded to http2 for the associated destination. | |
enum: | |
- DEFAULT | |
- DO_NOT_UPGRADE | |
- UPGRADE | |
type: string | |
http1MaxPendingRequests: | |
description: Maximum number of pending HTTP requests | |
to a destination. | |
format: int32 | |
type: integer | |
http2MaxRequests: | |
description: Maximum number of requests to a backend. | |
format: int32 | |
type: integer | |
idleTimeout: | |
description: The idle timeout for upstream connection | |
pool connections. | |
type: string | |
maxRequestsPerConnection: | |
description: Maximum number of requests per connection | |
to a backend. | |
format: int32 | |
type: integer | |
maxRetries: | |
format: int32 | |
type: integer | |
type: object | |
tcp: | |
description: Settings common to both HTTP and TCP upstream | |
connections. | |
properties: | |
connectTimeout: | |
description: TCP connection timeout. | |
type: string | |
maxConnections: | |
description: Maximum number of HTTP1 /TCP connections | |
to a destination host. | |
format: int32 | |
type: integer | |
tcpKeepalive: | |
description: If set then set SO_KEEPALIVE on the socket | |
to enable TCP Keepalives. | |
properties: | |
interval: | |
description: The time duration between keep-alive | |
probes. | |
type: string | |
probes: | |
type: integer | |
time: | |
type: string | |
type: object | |
type: object | |
type: object | |
loadBalancer: | |
description: Settings controlling the load balancer algorithms. | |
oneOf: | |
- required: | |
- simple | |
- properties: | |
consistentHash: | |
oneOf: | |
- required: | |
- httpHeaderName | |
- required: | |
- httpCookie | |
- required: | |
- useSourceIp | |
required: | |
- consistentHash | |
properties: | |
consistentHash: | |
properties: | |
httpCookie: | |
description: Hash based on HTTP cookie. | |
properties: | |
name: | |
description: Name of the cookie. | |
format: string | |
type: string | |
path: | |
description: Path to set for the cookie. | |
format: string | |
type: string | |
ttl: | |
description: Lifetime of the cookie. | |
type: string | |
type: object | |
httpHeaderName: | |
description: Hash based on a specific HTTP header. | |
format: string | |
type: string | |
minimumRingSize: | |
type: integer | |
useSourceIp: | |
description: Hash based on the source IP address. | |
type: boolean | |
type: object | |
simple: | |
enum: | |
- ROUND_ROBIN | |
- LEAST_CONN | |
- RANDOM | |
- PASSTHROUGH | |
type: string | |
type: object | |
outlierDetection: | |
properties: | |
baseEjectionTime: | |
description: Minimum ejection duration. | |
type: string | |
consecutiveErrors: | |
format: int32 | |
type: integer | |
interval: | |
description: Time interval between ejection sweep analysis. | |
type: string | |
maxEjectionPercent: | |
format: int32 | |
type: integer | |
minHealthPercent: | |
format: int32 | |
type: integer | |
type: object | |
portLevelSettings: | |
description: Traffic policies specific to individual ports. | |
items: | |
properties: | |
connectionPool: | |
properties: | |
http: | |
description: HTTP connection pool settings. | |
properties: | |
h2UpgradePolicy: | |
description: Specify if http1.1 connection should | |
be upgraded to http2 for the associated destination. | |
enum: | |
- DEFAULT | |
- DO_NOT_UPGRADE | |
- UPGRADE | |
type: string | |
http1MaxPendingRequests: | |
description: Maximum number of pending HTTP | |
requests to a destination. | |
format: int32 | |
type: integer | |
http2MaxRequests: | |
description: Maximum number of requests to a | |
backend. | |
format: int32 | |
type: integer | |
idleTimeout: | |
description: The idle timeout for upstream connection | |
pool connections. | |
type: string | |
maxRequestsPerConnection: | |
description: Maximum number of requests per | |
connection to a backend. | |
format: int32 | |
type: integer | |
maxRetries: | |
format: int32 | |
type: integer | |
type: object | |
tcp: | |
description: Settings common to both HTTP and TCP | |
upstream connections. | |
properties: | |
connectTimeout: | |
description: TCP connection timeout. | |
type: string | |
maxConnections: | |
description: Maximum number of HTTP1 /TCP connections | |
to a destination host. | |
format: int32 | |
type: integer | |
tcpKeepalive: | |
description: If set then set SO_KEEPALIVE on | |
the socket to enable TCP Keepalives. | |
properties: | |
interval: | |
description: The time duration between keep-alive | |
probes. | |
type: string | |
probes: | |
type: integer | |
time: | |
type: string | |
type: object | |
type: object | |
type: object | |
loadBalancer: | |
description: Settings controlling the load balancer | |
algorithms. | |
oneOf: | |
- required: | |
- simple | |
- properties: | |
consistentHash: | |
oneOf: | |
- required: | |
- httpHeaderName | |
- required: | |
- httpCookie | |
- required: | |
- useSourceIp | |
required: | |
- consistentHash | |
properties: | |
consistentHash: | |
properties: | |
httpCookie: | |
description: Hash based on HTTP cookie. | |
properties: | |
name: | |
description: Name of the cookie. | |
format: string | |
type: string | |
path: | |
description: Path to set for the cookie. | |
format: string | |
type: string | |
ttl: | |
description: Lifetime of the cookie. | |
type: string | |
type: object | |
httpHeaderName: | |
description: Hash based on a specific HTTP header. | |
format: string | |
type: string | |
minimumRingSize: | |
type: integer | |
useSourceIp: | |
description: Hash based on the source IP address. | |
type: boolean | |
type: object | |
simple: | |
enum: | |
- ROUND_ROBIN | |
- LEAST_CONN | |
- RANDOM | |
- PASSTHROUGH | |
type: string | |
type: object | |
outlierDetection: | |
properties: | |
baseEjectionTime: | |
description: Minimum ejection duration. | |
type: string | |
consecutiveErrors: | |
format: int32 | |
type: integer | |
interval: | |
description: Time interval between ejection sweep | |
analysis. | |
type: string | |
maxEjectionPercent: | |
format: int32 | |
type: integer | |
minHealthPercent: | |
format: int32 | |
type: integer | |
type: object | |
port: | |
properties: | |
number: | |
type: integer | |
type: object | |
tls: | |
description: TLS related settings for connections to | |
the upstream service. | |
properties: | |
caCertificates: | |
format: string | |
type: string | |
clientCertificate: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
mode: | |
enum: | |
- DISABLE | |
- SIMPLE | |
- MUTUAL | |
- ISTIO_MUTUAL | |
type: string | |
privateKey: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
sni: | |
description: SNI string to present to the server | |
during TLS handshake. | |
format: string | |
type: string | |
subjectAltNames: | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: array | |
tls: | |
description: TLS related settings for connections to the upstream | |
service. | |
properties: | |
caCertificates: | |
format: string | |
type: string | |
clientCertificate: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
mode: | |
enum: | |
- DISABLE | |
- SIMPLE | |
- MUTUAL | |
- ISTIO_MUTUAL | |
type: string | |
privateKey: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
sni: | |
description: SNI string to present to the server during | |
TLS handshake. | |
format: string | |
type: string | |
subjectAltNames: | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: object | |
type: array | |
trafficPolicy: | |
properties: | |
connectionPool: | |
properties: | |
http: | |
description: HTTP connection pool settings. | |
properties: | |
h2UpgradePolicy: | |
description: Specify if http1.1 connection should be upgraded | |
to http2 for the associated destination. | |
enum: | |
- DEFAULT | |
- DO_NOT_UPGRADE | |
- UPGRADE | |
type: string | |
http1MaxPendingRequests: | |
description: Maximum number of pending HTTP requests to | |
a destination. | |
format: int32 | |
type: integer | |
http2MaxRequests: | |
description: Maximum number of requests to a backend. | |
format: int32 | |
type: integer | |
idleTimeout: | |
description: The idle timeout for upstream connection pool | |
connections. | |
type: string | |
maxRequestsPerConnection: | |
description: Maximum number of requests per connection to | |
a backend. | |
format: int32 | |
type: integer | |
maxRetries: | |
format: int32 | |
type: integer | |
type: object | |
tcp: | |
description: Settings common to both HTTP and TCP upstream connections. | |
properties: | |
connectTimeout: | |
description: TCP connection timeout. | |
type: string | |
maxConnections: | |
description: Maximum number of HTTP1 /TCP connections to | |
a destination host. | |
format: int32 | |
type: integer | |
tcpKeepalive: | |
description: If set then set SO_KEEPALIVE on the socket | |
to enable TCP Keepalives. | |
properties: | |
interval: | |
description: The time duration between keep-alive probes. | |
type: string | |
probes: | |
type: integer | |
time: | |
type: string | |
type: object | |
type: object | |
type: object | |
loadBalancer: | |
description: Settings controlling the load balancer algorithms. | |
oneOf: | |
- required: | |
- simple | |
- properties: | |
consistentHash: | |
oneOf: | |
- required: | |
- httpHeaderName | |
- required: | |
- httpCookie | |
- required: | |
- useSourceIp | |
required: | |
- consistentHash | |
properties: | |
consistentHash: | |
properties: | |
httpCookie: | |
description: Hash based on HTTP cookie. | |
properties: | |
name: | |
description: Name of the cookie. | |
format: string | |
type: string | |
path: | |
description: Path to set for the cookie. | |
format: string | |
type: string | |
ttl: | |
description: Lifetime of the cookie. | |
type: string | |
type: object | |
httpHeaderName: | |
description: Hash based on a specific HTTP header. | |
format: string | |
type: string | |
minimumRingSize: | |
type: integer | |
useSourceIp: | |
description: Hash based on the source IP address. | |
type: boolean | |
type: object | |
simple: | |
enum: | |
- ROUND_ROBIN | |
- LEAST_CONN | |
- RANDOM | |
- PASSTHROUGH | |
type: string | |
type: object | |
outlierDetection: | |
properties: | |
baseEjectionTime: | |
description: Minimum ejection duration. | |
type: string | |
consecutiveErrors: | |
format: int32 | |
type: integer | |
interval: | |
description: Time interval between ejection sweep analysis. | |
type: string | |
maxEjectionPercent: | |
format: int32 | |
type: integer | |
minHealthPercent: | |
format: int32 | |
type: integer | |
type: object | |
portLevelSettings: | |
description: Traffic policies specific to individual ports. | |
items: | |
properties: | |
connectionPool: | |
properties: | |
http: | |
description: HTTP connection pool settings. | |
properties: | |
h2UpgradePolicy: | |
description: Specify if http1.1 connection should | |
be upgraded to http2 for the associated destination. | |
enum: | |
- DEFAULT | |
- DO_NOT_UPGRADE | |
- UPGRADE | |
type: string | |
http1MaxPendingRequests: | |
description: Maximum number of pending HTTP requests | |
to a destination. | |
format: int32 | |
type: integer | |
http2MaxRequests: | |
description: Maximum number of requests to a backend. | |
format: int32 | |
type: integer | |
idleTimeout: | |
description: The idle timeout for upstream connection | |
pool connections. | |
type: string | |
maxRequestsPerConnection: | |
description: Maximum number of requests per connection | |
to a backend. | |
format: int32 | |
type: integer | |
maxRetries: | |
format: int32 | |
type: integer | |
type: object | |
tcp: | |
description: Settings common to both HTTP and TCP upstream | |
connections. | |
properties: | |
connectTimeout: | |
description: TCP connection timeout. | |
type: string | |
maxConnections: | |
description: Maximum number of HTTP1 /TCP connections | |
to a destination host. | |
format: int32 | |
type: integer | |
tcpKeepalive: | |
description: If set then set SO_KEEPALIVE on the socket | |
to enable TCP Keepalives. | |
properties: | |
interval: | |
description: The time duration between keep-alive | |
probes. | |
type: string | |
probes: | |
type: integer | |
time: | |
type: string | |
type: object | |
type: object | |
type: object | |
loadBalancer: | |
description: Settings controlling the load balancer algorithms. | |
oneOf: | |
- required: | |
- simple | |
- properties: | |
consistentHash: | |
oneOf: | |
- required: | |
- httpHeaderName | |
- required: | |
- httpCookie | |
- required: | |
- useSourceIp | |
required: | |
- consistentHash | |
properties: | |
consistentHash: | |
properties: | |
httpCookie: | |
description: Hash based on HTTP cookie. | |
properties: | |
name: | |
description: Name of the cookie. | |
format: string | |
type: string | |
path: | |
description: Path to set for the cookie. | |
format: string | |
type: string | |
ttl: | |
description: Lifetime of the cookie. | |
type: string | |
type: object | |
httpHeaderName: | |
description: Hash based on a specific HTTP header. | |
format: string | |
type: string | |
minimumRingSize: | |
type: integer | |
useSourceIp: | |
description: Hash based on the source IP address. | |
type: boolean | |
type: object | |
simple: | |
enum: | |
- ROUND_ROBIN | |
- LEAST_CONN | |
- RANDOM | |
- PASSTHROUGH | |
type: string | |
type: object | |
outlierDetection: | |
properties: | |
baseEjectionTime: | |
description: Minimum ejection duration. | |
type: string | |
consecutiveErrors: | |
format: int32 | |
type: integer | |
interval: | |
description: Time interval between ejection sweep analysis. | |
type: string | |
maxEjectionPercent: | |
format: int32 | |
type: integer | |
minHealthPercent: | |
format: int32 | |
type: integer | |
type: object | |
port: | |
properties: | |
number: | |
type: integer | |
type: object | |
tls: | |
description: TLS related settings for connections to the upstream | |
service. | |
properties: | |
caCertificates: | |
format: string | |
type: string | |
clientCertificate: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
mode: | |
enum: | |
- DISABLE | |
- SIMPLE | |
- MUTUAL | |
- ISTIO_MUTUAL | |
type: string | |
privateKey: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
sni: | |
description: SNI string to present to the server during | |
TLS handshake. | |
format: string | |
type: string | |
subjectAltNames: | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: array | |
tls: | |
description: TLS related settings for connections to the upstream | |
service. | |
properties: | |
caCertificates: | |
format: string | |
type: string | |
clientCertificate: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
mode: | |
enum: | |
- DISABLE | |
- SIMPLE | |
- MUTUAL | |
- ISTIO_MUTUAL | |
type: string | |
privateKey: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
sni: | |
description: SNI string to present to the server during TLS | |
handshake. | |
format: string | |
type: string | |
subjectAltNames: | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: object | |
type: object | |
versions: | |
- name: v1alpha3 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: envoyfilters.networking.istio.io | |
spec: | |
group: networking.istio.io | |
names: | |
categories: | |
- istio-io | |
- networking-istio-io | |
kind: EnvoyFilter | |
plural: envoyfilters | |
singular: envoyfilter | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Customizing Envoy configuration generated by Istio. See more | |
details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' | |
properties: | |
configPatches: | |
description: One or more patches with match conditions. | |
items: | |
properties: | |
applyTo: | |
enum: | |
- INVALID | |
- LISTENER | |
- FILTER_CHAIN | |
- NETWORK_FILTER | |
- HTTP_FILTER | |
- ROUTE_CONFIGURATION | |
- VIRTUAL_HOST | |
- HTTP_ROUTE | |
- CLUSTER | |
type: string | |
match: | |
description: Match on listener/route configuration/cluster. | |
oneOf: | |
- required: | |
- listener | |
- required: | |
- routeConfiguration | |
- required: | |
- cluster | |
properties: | |
cluster: | |
description: Match on envoy cluster attributes. | |
properties: | |
name: | |
description: The exact name of the cluster to match. | |
format: string | |
type: string | |
portNumber: | |
description: The service port for which this cluster was | |
generated. | |
type: integer | |
service: | |
description: The fully qualified service name for this | |
cluster. | |
format: string | |
type: string | |
subset: | |
description: The subset associated with the service. | |
format: string | |
type: string | |
type: object | |
context: | |
description: The specific config generation context to match | |
on. | |
enum: | |
- ANY | |
- SIDECAR_INBOUND | |
- SIDECAR_OUTBOUND | |
- GATEWAY | |
type: string | |
listener: | |
description: Match on envoy listener attributes. | |
properties: | |
filterChain: | |
description: Match a specific filter chain in a listener. | |
properties: | |
applicationProtocols: | |
description: Applies only to sidecars. | |
format: string | |
type: string | |
filter: | |
description: The name of a specific filter to apply | |
the patch to. | |
properties: | |
name: | |
description: The filter name to match on. | |
format: string | |
type: string | |
subFilter: | |
properties: | |
name: | |
description: The filter name to match on. | |
format: string | |
type: string | |
type: object | |
type: object | |
name: | |
description: The name assigned to the filter chain. | |
format: string | |
type: string | |
sni: | |
description: The SNI value used by a filter chain's | |
match condition. | |
format: string | |
type: string | |
transportProtocol: | |
description: Applies only to SIDECAR_INBOUND context. | |
format: string | |
type: string | |
type: object | |
name: | |
description: Match a specific listener by its name. | |
format: string | |
type: string | |
portName: | |
format: string | |
type: string | |
portNumber: | |
type: integer | |
type: object | |
proxy: | |
description: Match on properties associated with a proxy. | |
properties: | |
metadata: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
proxyVersion: | |
format: string | |
type: string | |
type: object | |
routeConfiguration: | |
description: Match on envoy HTTP route configuration attributes. | |
properties: | |
gateway: | |
format: string | |
type: string | |
name: | |
description: Route configuration name to match on. | |
format: string | |
type: string | |
portName: | |
description: Applicable only for GATEWAY context. | |
format: string | |
type: string | |
portNumber: | |
type: integer | |
vhost: | |
properties: | |
name: | |
format: string | |
type: string | |
route: | |
description: Match a specific route within the virtual | |
host. | |
properties: | |
action: | |
description: Match a route with specific action | |
type. | |
enum: | |
- ANY | |
- ROUTE | |
- REDIRECT | |
- DIRECT_RESPONSE | |
type: string | |
name: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: object | |
type: object | |
patch: | |
description: The patch to apply along with the operation. | |
properties: | |
operation: | |
description: Determines how the patch should be applied. | |
enum: | |
- INVALID | |
- MERGE | |
- ADD | |
- REMOVE | |
- INSERT_BEFORE | |
- INSERT_AFTER | |
type: string | |
value: | |
description: The JSON config of the object being patched. | |
type: object | |
type: object | |
type: object | |
type: array | |
filters: | |
items: | |
properties: | |
filterConfig: | |
type: object | |
filterName: | |
description: The name of the filter to instantiate. | |
format: string | |
type: string | |
filterType: | |
description: The type of filter to instantiate. | |
enum: | |
- INVALID | |
- HTTP | |
- NETWORK | |
type: string | |
insertPosition: | |
description: Insert position in the filter chain. | |
properties: | |
index: | |
description: Position of this filter in the filter chain. | |
enum: | |
- FIRST | |
- LAST | |
- BEFORE | |
- AFTER | |
type: string | |
relativeTo: | |
format: string | |
type: string | |
type: object | |
listenerMatch: | |
properties: | |
address: | |
description: One or more IP addresses to which the listener | |
is bound. | |
items: | |
format: string | |
type: string | |
type: array | |
listenerProtocol: | |
description: Selects a class of listeners for the same protocol. | |
enum: | |
- ALL | |
- HTTP | |
- TCP | |
type: string | |
listenerType: | |
description: Inbound vs outbound sidecar listener or gateway | |
listener. | |
enum: | |
- ANY | |
- SIDECAR_INBOUND | |
- SIDECAR_OUTBOUND | |
- GATEWAY | |
type: string | |
portNamePrefix: | |
format: string | |
type: string | |
portNumber: | |
type: integer | |
type: object | |
type: object | |
type: array | |
workloadLabels: | |
additionalProperties: | |
format: string | |
type: string | |
description: Deprecated. | |
type: object | |
workloadSelector: | |
properties: | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: object | |
type: object | |
versions: | |
- name: v1alpha3 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: gateways.networking.istio.io | |
spec: | |
group: networking.istio.io | |
names: | |
categories: | |
- istio-io | |
- networking-istio-io | |
kind: Gateway | |
plural: gateways | |
shortNames: | |
- gw | |
singular: gateway | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration affecting edge load balancer. See more details | |
at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' | |
properties: | |
selector: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
servers: | |
description: A list of server specifications. | |
items: | |
properties: | |
bind: | |
format: string | |
type: string | |
defaultEndpoint: | |
format: string | |
type: string | |
hosts: | |
description: One or more hosts exposed by this gateway. | |
items: | |
format: string | |
type: string | |
type: array | |
port: | |
properties: | |
name: | |
description: Label assigned to the port. | |
format: string | |
type: string | |
number: | |
description: A valid non-negative integer port number. | |
type: integer | |
protocol: | |
description: The protocol exposed on the port. | |
format: string | |
type: string | |
type: object | |
tls: | |
description: Set of TLS related options that govern the server's | |
behavior. | |
properties: | |
caCertificates: | |
description: REQUIRED if mode is `MUTUAL`. | |
format: string | |
type: string | |
cipherSuites: | |
description: 'Optional: If specified, only support the specified | |
cipher list.' | |
items: | |
format: string | |
type: string | |
type: array | |
credentialName: | |
format: string | |
type: string | |
httpsRedirect: | |
type: boolean | |
maxProtocolVersion: | |
description: 'Optional: Maximum TLS protocol version.' | |
enum: | |
- TLS_AUTO | |
- TLSV1_0 | |
- TLSV1_1 | |
- TLSV1_2 | |
- TLSV1_3 | |
type: string | |
minProtocolVersion: | |
description: 'Optional: Minimum TLS protocol version.' | |
enum: | |
- TLS_AUTO | |
- TLSV1_0 | |
- TLSV1_1 | |
- TLSV1_2 | |
- TLSV1_3 | |
type: string | |
mode: | |
enum: | |
- PASSTHROUGH | |
- SIMPLE | |
- MUTUAL | |
- AUTO_PASSTHROUGH | |
- ISTIO_MUTUAL | |
type: string | |
privateKey: | |
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. | |
format: string | |
type: string | |
serverCertificate: | |
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. | |
format: string | |
type: string | |
subjectAltNames: | |
items: | |
format: string | |
type: string | |
type: array | |
verifyCertificateHash: | |
items: | |
format: string | |
type: string | |
type: array | |
verifyCertificateSpki: | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha3 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-mixer | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: httpapispecbindings.config.istio.io | |
spec: | |
group: config.istio.io | |
names: | |
categories: | |
- istio-io | |
- apim-istio-io | |
kind: HTTPAPISpecBinding | |
plural: httpapispecbindings | |
singular: httpapispecbinding | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
properties: | |
api_specs: | |
items: | |
properties: | |
name: | |
description: The short name of the HTTPAPISpec. | |
format: string | |
type: string | |
namespace: | |
description: Optional namespace of the HTTPAPISpec. | |
format: string | |
type: string | |
type: object | |
type: array | |
apiSpecs: | |
items: | |
properties: | |
name: | |
description: The short name of the HTTPAPISpec. | |
format: string | |
type: string | |
namespace: | |
description: Optional namespace of the HTTPAPISpec. | |
format: string | |
type: string | |
type: object | |
type: array | |
services: | |
description: One or more services to map the listed HTTPAPISpec onto. | |
items: | |
properties: | |
domain: | |
description: Domain suffix used to construct the service FQDN | |
in implementations that support such specification. | |
format: string | |
type: string | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
description: Optional one or more labels that uniquely identify | |
the service version. | |
type: object | |
name: | |
description: The short name of the service such as "foo". | |
format: string | |
type: string | |
namespace: | |
description: Optional namespace of the service. | |
format: string | |
type: string | |
service: | |
description: The service FQDN. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-mixer | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: httpapispecs.config.istio.io | |
spec: | |
group: config.istio.io | |
names: | |
categories: | |
- istio-io | |
- apim-istio-io | |
kind: HTTPAPISpec | |
plural: httpapispecs | |
singular: httpapispec | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
properties: | |
api_keys: | |
items: | |
oneOf: | |
- required: | |
- query | |
- required: | |
- header | |
- required: | |
- cookie | |
properties: | |
cookie: | |
format: string | |
type: string | |
header: | |
description: API key is sent in a request header. | |
format: string | |
type: string | |
query: | |
description: API Key is sent as a query parameter. | |
format: string | |
type: string | |
type: object | |
type: array | |
apiKeys: | |
items: | |
oneOf: | |
- required: | |
- query | |
- required: | |
- header | |
- required: | |
- cookie | |
properties: | |
cookie: | |
format: string | |
type: string | |
header: | |
description: API key is sent in a request header. | |
format: string | |
type: string | |
query: | |
description: API Key is sent as a query parameter. | |
format: string | |
type: string | |
type: object | |
type: array | |
attributes: | |
properties: | |
attributes: | |
additionalProperties: | |
oneOf: | |
- required: | |
- stringValue | |
- required: | |
- int64Value | |
- required: | |
- doubleValue | |
- required: | |
- boolValue | |
- required: | |
- bytesValue | |
- required: | |
- timestampValue | |
- required: | |
- durationValue | |
- required: | |
- stringMapValue | |
properties: | |
boolValue: | |
type: boolean | |
bytesValue: | |
format: binary | |
type: string | |
doubleValue: | |
format: double | |
type: number | |
durationValue: | |
type: string | |
int64Value: | |
format: int64 | |
type: integer | |
stringMapValue: | |
properties: | |
entries: | |
additionalProperties: | |
format: string | |
type: string | |
description: Holds a set of name/value pairs. | |
type: object | |
type: object | |
stringValue: | |
format: string | |
type: string | |
timestampValue: | |
format: dateTime | |
type: string | |
type: object | |
description: A map of attribute name to its value. | |
type: object | |
type: object | |
patterns: | |
description: List of HTTP patterns to match. | |
items: | |
oneOf: | |
- required: | |
- uriTemplate | |
- required: | |
- regex | |
properties: | |
attributes: | |
properties: | |
attributes: | |
additionalProperties: | |
oneOf: | |
- required: | |
- stringValue | |
- required: | |
- int64Value | |
- required: | |
- doubleValue | |
- required: | |
- boolValue | |
- required: | |
- bytesValue | |
- required: | |
- timestampValue | |
- required: | |
- durationValue | |
- required: | |
- stringMapValue | |
properties: | |
boolValue: | |
type: boolean | |
bytesValue: | |
format: binary | |
type: string | |
doubleValue: | |
format: double | |
type: number | |
durationValue: | |
type: string | |
int64Value: | |
format: int64 | |
type: integer | |
stringMapValue: | |
properties: | |
entries: | |
additionalProperties: | |
format: string | |
type: string | |
description: Holds a set of name/value pairs. | |
type: object | |
type: object | |
stringValue: | |
format: string | |
type: string | |
timestampValue: | |
format: dateTime | |
type: string | |
type: object | |
description: A map of attribute name to its value. | |
type: object | |
type: object | |
httpMethod: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
uriTemplate: | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-citadel | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: meshpolicies.authentication.istio.io | |
spec: | |
group: authentication.istio.io | |
names: | |
categories: | |
- istio-io | |
- authentication-istio-io | |
kind: MeshPolicy | |
listKind: MeshPolicyList | |
plural: meshpolicies | |
singular: meshpolicy | |
scope: Cluster | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Authentication policy for Istio services. See more details | |
at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' | |
properties: | |
originIsOptional: | |
type: boolean | |
origins: | |
description: List of authentication methods that can be used for origin | |
authentication. | |
items: | |
properties: | |
jwt: | |
description: Jwt params for the method. | |
properties: | |
audiences: | |
items: | |
format: string | |
type: string | |
type: array | |
issuer: | |
description: Identifies the issuer that issued the JWT. | |
format: string | |
type: string | |
jwks: | |
description: JSON Web Key Set of public keys to validate signature | |
of the JWT. | |
format: string | |
type: string | |
jwks_uri: | |
format: string | |
type: string | |
jwksUri: | |
format: string | |
type: string | |
jwt_headers: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtHeaders: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtParams: | |
description: JWT is sent in a query parameter. | |
items: | |
format: string | |
type: string | |
type: array | |
trigger_rules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
triggerRules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
type: array | |
peerIsOptional: | |
type: boolean | |
peers: | |
description: List of authentication methods that can be used for peer | |
authentication. | |
items: | |
oneOf: | |
- required: | |
- mtls | |
- required: | |
- jwt | |
properties: | |
jwt: | |
properties: | |
audiences: | |
items: | |
format: string | |
type: string | |
type: array | |
issuer: | |
description: Identifies the issuer that issued the JWT. | |
format: string | |
type: string | |
jwks: | |
description: JSON Web Key Set of public keys to validate signature | |
of the JWT. | |
format: string | |
type: string | |
jwks_uri: | |
format: string | |
type: string | |
jwksUri: | |
format: string | |
type: string | |
jwt_headers: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtHeaders: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtParams: | |
description: JWT is sent in a query parameter. | |
items: | |
format: string | |
type: string | |
type: array | |
trigger_rules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
triggerRules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
mtls: | |
description: Set if mTLS is used. | |
properties: | |
allowTls: | |
description: WILL BE DEPRECATED, if set, will translates to | |
`TLS_PERMISSIVE` mode. | |
type: boolean | |
mode: | |
description: Defines the mode of mTLS authentication. | |
enum: | |
- STRICT | |
- PERMISSIVE | |
type: string | |
type: object | |
type: object | |
type: array | |
principalBinding: | |
description: Define whether peer or origin identity should be use for | |
principal. | |
enum: | |
- USE_PEER | |
- USE_ORIGIN | |
type: string | |
targets: | |
description: List rules to select workloads that the policy should be | |
applied on. | |
items: | |
properties: | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
name: | |
description: The name must be a short name from the service registry. | |
format: string | |
type: string | |
ports: | |
description: Specifies the ports. | |
items: | |
oneOf: | |
- required: | |
- number | |
- required: | |
- name | |
properties: | |
name: | |
format: string | |
type: string | |
number: | |
type: integer | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-citadel | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: policies.authentication.istio.io | |
spec: | |
group: authentication.istio.io | |
names: | |
categories: | |
- istio-io | |
- authentication-istio-io | |
kind: Policy | |
plural: policies | |
singular: policy | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Authentication policy for Istio services. See more details | |
at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' | |
properties: | |
originIsOptional: | |
type: boolean | |
origins: | |
description: List of authentication methods that can be used for origin | |
authentication. | |
items: | |
properties: | |
jwt: | |
description: Jwt params for the method. | |
properties: | |
audiences: | |
items: | |
format: string | |
type: string | |
type: array | |
issuer: | |
description: Identifies the issuer that issued the JWT. | |
format: string | |
type: string | |
jwks: | |
description: JSON Web Key Set of public keys to validate signature | |
of the JWT. | |
format: string | |
type: string | |
jwks_uri: | |
format: string | |
type: string | |
jwksUri: | |
format: string | |
type: string | |
jwt_headers: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtHeaders: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtParams: | |
description: JWT is sent in a query parameter. | |
items: | |
format: string | |
type: string | |
type: array | |
trigger_rules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
triggerRules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
type: array | |
peerIsOptional: | |
type: boolean | |
peers: | |
description: List of authentication methods that can be used for peer | |
authentication. | |
items: | |
oneOf: | |
- required: | |
- mtls | |
- required: | |
- jwt | |
properties: | |
jwt: | |
properties: | |
audiences: | |
items: | |
format: string | |
type: string | |
type: array | |
issuer: | |
description: Identifies the issuer that issued the JWT. | |
format: string | |
type: string | |
jwks: | |
description: JSON Web Key Set of public keys to validate signature | |
of the JWT. | |
format: string | |
type: string | |
jwks_uri: | |
format: string | |
type: string | |
jwksUri: | |
format: string | |
type: string | |
jwt_headers: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtHeaders: | |
description: JWT is sent in a request header. | |
items: | |
format: string | |
type: string | |
type: array | |
jwtParams: | |
description: JWT is sent in a query parameter. | |
items: | |
format: string | |
type: string | |
type: array | |
trigger_rules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
triggerRules: | |
items: | |
properties: | |
excluded_paths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
excludedPaths: | |
description: List of paths to be excluded from the request. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
included_paths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
includedPaths: | |
description: List of paths that the request must include. | |
items: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- suffix | |
- required: | |
- regex | |
properties: | |
exact: | |
description: exact string match. | |
format: string | |
type: string | |
prefix: | |
description: prefix-based match. | |
format: string | |
type: string | |
regex: | |
description: ECMAscript style regex-based match | |
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). | |
format: string | |
type: string | |
suffix: | |
description: suffix-based match. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
mtls: | |
description: Set if mTLS is used. | |
properties: | |
allowTls: | |
description: WILL BE DEPRECATED, if set, will translates to | |
`TLS_PERMISSIVE` mode. | |
type: boolean | |
mode: | |
description: Defines the mode of mTLS authentication. | |
enum: | |
- STRICT | |
- PERMISSIVE | |
type: string | |
type: object | |
type: object | |
type: array | |
principalBinding: | |
description: Define whether peer or origin identity should be use for | |
principal. | |
enum: | |
- USE_PEER | |
- USE_ORIGIN | |
type: string | |
targets: | |
description: List rules to select workloads that the policy should be | |
applied on. | |
items: | |
properties: | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
name: | |
description: The name must be a short name from the service registry. | |
format: string | |
type: string | |
ports: | |
description: Specifies the ports. | |
items: | |
oneOf: | |
- required: | |
- number | |
- required: | |
- name | |
properties: | |
name: | |
format: string | |
type: string | |
number: | |
type: integer | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-mixer | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: quotaspecbindings.config.istio.io | |
spec: | |
group: config.istio.io | |
names: | |
categories: | |
- istio-io | |
- apim-istio-io | |
kind: QuotaSpecBinding | |
plural: quotaspecbindings | |
singular: quotaspecbinding | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
properties: | |
quotaSpecs: | |
items: | |
properties: | |
name: | |
description: The short name of the QuotaSpec. | |
format: string | |
type: string | |
namespace: | |
description: Optional namespace of the QuotaSpec. | |
format: string | |
type: string | |
type: object | |
type: array | |
services: | |
description: One or more services to map the listed QuotaSpec onto. | |
items: | |
properties: | |
domain: | |
description: Domain suffix used to construct the service FQDN | |
in implementations that support such specification. | |
format: string | |
type: string | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
description: Optional one or more labels that uniquely identify | |
the service version. | |
type: object | |
name: | |
description: The short name of the service such as "foo". | |
format: string | |
type: string | |
namespace: | |
description: Optional namespace of the service. | |
format: string | |
type: string | |
service: | |
description: The service FQDN. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-mixer | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: quotaspecs.config.istio.io | |
spec: | |
group: config.istio.io | |
names: | |
categories: | |
- istio-io | |
- apim-istio-io | |
kind: QuotaSpec | |
plural: quotaspecs | |
singular: quotaspec | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: Determines the quotas used for individual requests. | |
properties: | |
rules: | |
description: A list of Quota rules. | |
items: | |
properties: | |
match: | |
description: If empty, match all request. | |
items: | |
properties: | |
clause: | |
additionalProperties: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
description: Map of attribute names to StringMatch type. | |
type: object | |
type: object | |
type: array | |
quotas: | |
description: The list of quotas to charge. | |
items: | |
properties: | |
charge: | |
format: int32 | |
type: integer | |
quota: | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: mixer | |
chart: istio | |
heritage: Tiller | |
istio: rbac | |
package: istio.io.mixer | |
release: istio | |
name: rbacconfigs.rbac.istio.io | |
spec: | |
group: rbac.istio.io | |
names: | |
categories: | |
- istio-io | |
- rbac-istio-io | |
kind: RbacConfig | |
plural: rbacconfigs | |
singular: rbacconfig | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration for Role Based Access Control. See more details | |
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' | |
properties: | |
enforcementMode: | |
enum: | |
- ENFORCED | |
- PERMISSIVE | |
type: string | |
exclusion: | |
description: A list of services or namespaces that should not be enforced | |
by Istio RBAC policies. | |
properties: | |
namespaces: | |
description: A list of namespaces. | |
items: | |
format: string | |
type: string | |
type: array | |
services: | |
description: A list of services. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
inclusion: | |
description: A list of services or namespaces that should be enforced | |
by Istio RBAC policies. | |
properties: | |
namespaces: | |
description: A list of namespaces. | |
items: | |
format: string | |
type: string | |
type: array | |
services: | |
description: A list of services. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
mode: | |
description: Istio RBAC mode. | |
enum: | |
- "OFF" | |
- "ON" | |
- ON_WITH_INCLUSION | |
- ON_WITH_EXCLUSION | |
type: string | |
type: object | |
type: object | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: mixer | |
chart: istio | |
heritage: Tiller | |
istio: core | |
package: istio.io.mixer | |
release: istio | |
name: rules.config.istio.io | |
spec: | |
group: config.istio.io | |
names: | |
categories: | |
- istio-io | |
- policy-istio-io | |
kind: rule | |
plural: rules | |
singular: rule | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Describes the rules used to configure Mixer''s policy and | |
telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' | |
properties: | |
actions: | |
description: The actions that will be executed when match evaluates | |
to `true`. | |
items: | |
properties: | |
handler: | |
description: Fully qualified name of the handler to invoke. | |
format: string | |
type: string | |
instances: | |
items: | |
format: string | |
type: string | |
type: array | |
name: | |
description: A handle to refer to the results of the action. | |
format: string | |
type: string | |
type: object | |
type: array | |
match: | |
description: Match is an attribute based predicate. | |
format: string | |
type: string | |
requestHeaderOperations: | |
items: | |
properties: | |
name: | |
description: Header name literal value. | |
format: string | |
type: string | |
operation: | |
description: Header operation type. | |
enum: | |
- REPLACE | |
- REMOVE | |
- APPEND | |
type: string | |
values: | |
description: Header value expressions. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
responseHeaderOperations: | |
items: | |
properties: | |
name: | |
description: Header name literal value. | |
format: string | |
type: string | |
operation: | |
description: Header operation type. | |
enum: | |
- REPLACE | |
- REMOVE | |
- APPEND | |
type: string | |
values: | |
description: Header value expressions. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
sampling: | |
properties: | |
random: | |
description: Provides filtering of actions based on random selection | |
per request. | |
properties: | |
attributeExpression: | |
description: Specifies an attribute expression to use to override | |
the numerator in the `percent_sampled` field. | |
format: string | |
type: string | |
percentSampled: | |
description: The default sampling rate, expressed as a percentage. | |
properties: | |
denominator: | |
description: Specifies the denominator. | |
enum: | |
- HUNDRED | |
- TEN_THOUSAND | |
type: string | |
numerator: | |
description: Specifies the numerator. | |
type: integer | |
type: object | |
useIndependentRandomness: | |
description: By default sampling will be based on the value | |
of the request header `x-request-id`. | |
type: boolean | |
type: object | |
rateLimit: | |
properties: | |
maxUnsampledEntries: | |
description: Number of entries to allow during the `sampling_duration` | |
before sampling is enforced. | |
format: int64 | |
type: integer | |
samplingDuration: | |
description: Window in which to enforce the sampling rate. | |
type: string | |
samplingRate: | |
description: The rate at which to sample entries once the unsampled | |
limit has been reached. | |
format: int64 | |
type: integer | |
type: object | |
type: object | |
type: object | |
type: object | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: serviceentries.networking.istio.io | |
spec: | |
additionalPrinterColumns: | |
- JSONPath: .spec.hosts | |
description: The hosts associated with the ServiceEntry | |
name: Hosts | |
type: string | |
- JSONPath: .spec.location | |
description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL | |
or MESH_INTERNAL) | |
name: Location | |
type: string | |
- JSONPath: .spec.resolution | |
description: Service discovery mode for the hosts (NONE, STATIC, or DNS) | |
name: Resolution | |
type: string | |
- JSONPath: .metadata.creationTimestamp | |
description: |- | |
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. | |
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata | |
name: Age | |
type: date | |
group: networking.istio.io | |
names: | |
categories: | |
- istio-io | |
- networking-istio-io | |
kind: ServiceEntry | |
listKind: ServiceEntryList | |
plural: serviceentries | |
shortNames: | |
- se | |
singular: serviceentry | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration affecting service registry. See more details | |
at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' | |
properties: | |
addresses: | |
description: The virtual IP addresses associated with the service. | |
items: | |
format: string | |
type: string | |
type: array | |
endpoints: | |
description: One or more endpoints associated with the service. | |
items: | |
properties: | |
address: | |
format: string | |
type: string | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
description: One or more labels associated with the endpoint. | |
type: object | |
locality: | |
description: The locality associated with the endpoint. | |
format: string | |
type: string | |
network: | |
format: string | |
type: string | |
ports: | |
additionalProperties: | |
type: integer | |
description: Set of ports associated with the endpoint. | |
type: object | |
weight: | |
description: The load balancing weight associated with the endpoint. | |
type: integer | |
type: object | |
type: array | |
exportTo: | |
description: A list of namespaces to which this service is exported. | |
items: | |
format: string | |
type: string | |
type: array | |
hosts: | |
description: The hosts associated with the ServiceEntry. | |
items: | |
format: string | |
type: string | |
type: array | |
location: | |
enum: | |
- MESH_EXTERNAL | |
- MESH_INTERNAL | |
type: string | |
ports: | |
description: The ports associated with the external service. | |
items: | |
properties: | |
name: | |
description: Label assigned to the port. | |
format: string | |
type: string | |
number: | |
description: A valid non-negative integer port number. | |
type: integer | |
protocol: | |
description: The protocol exposed on the port. | |
format: string | |
type: string | |
type: object | |
type: array | |
resolution: | |
description: Service discovery mode for the hosts. | |
enum: | |
- NONE | |
- STATIC | |
- DNS | |
type: string | |
subjectAltNames: | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha3 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: mixer | |
chart: istio | |
heritage: Tiller | |
istio: rbac | |
package: istio.io.mixer | |
release: istio | |
name: servicerolebindings.rbac.istio.io | |
spec: | |
additionalPrinterColumns: | |
- JSONPath: .spec.roleRef.name | |
description: The name of the ServiceRole object being referenced | |
name: Reference | |
type: string | |
- JSONPath: .metadata.creationTimestamp | |
description: |- | |
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. | |
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata | |
name: Age | |
type: date | |
group: rbac.istio.io | |
names: | |
categories: | |
- istio-io | |
- rbac-istio-io | |
kind: ServiceRoleBinding | |
plural: servicerolebindings | |
singular: servicerolebinding | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration for Role Based Access Control. See more details | |
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' | |
properties: | |
actions: | |
items: | |
properties: | |
constraints: | |
description: Optional. | |
items: | |
properties: | |
key: | |
description: Key of the constraint. | |
format: string | |
type: string | |
values: | |
description: List of valid values for the constraint. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
hosts: | |
items: | |
format: string | |
type: string | |
type: array | |
methods: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
notHosts: | |
items: | |
format: string | |
type: string | |
type: array | |
notMethods: | |
items: | |
format: string | |
type: string | |
type: array | |
notPaths: | |
items: | |
format: string | |
type: string | |
type: array | |
notPorts: | |
items: | |
format: int32 | |
type: integer | |
type: array | |
paths: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
ports: | |
items: | |
format: int32 | |
type: integer | |
type: array | |
services: | |
description: A list of service names. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
mode: | |
enum: | |
- ENFORCED | |
- PERMISSIVE | |
type: string | |
role: | |
format: string | |
type: string | |
roleRef: | |
description: Reference to the ServiceRole object. | |
properties: | |
kind: | |
description: The type of the role being referenced. | |
format: string | |
type: string | |
name: | |
description: The name of the ServiceRole object being referenced. | |
format: string | |
type: string | |
type: object | |
subjects: | |
description: List of subjects that are assigned the ServiceRole object. | |
items: | |
properties: | |
group: | |
format: string | |
type: string | |
groups: | |
items: | |
format: string | |
type: string | |
type: array | |
ips: | |
items: | |
format: string | |
type: string | |
type: array | |
names: | |
items: | |
format: string | |
type: string | |
type: array | |
namespaces: | |
items: | |
format: string | |
type: string | |
type: array | |
notGroups: | |
items: | |
format: string | |
type: string | |
type: array | |
notIps: | |
items: | |
format: string | |
type: string | |
type: array | |
notNames: | |
items: | |
format: string | |
type: string | |
type: array | |
notNamespaces: | |
items: | |
format: string | |
type: string | |
type: array | |
properties: | |
additionalProperties: | |
format: string | |
type: string | |
description: Optional. | |
type: object | |
user: | |
description: Optional. | |
format: string | |
type: string | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: mixer | |
chart: istio | |
heritage: Tiller | |
istio: rbac | |
package: istio.io.mixer | |
release: istio | |
name: serviceroles.rbac.istio.io | |
spec: | |
group: rbac.istio.io | |
names: | |
categories: | |
- istio-io | |
- rbac-istio-io | |
kind: ServiceRole | |
plural: serviceroles | |
singular: servicerole | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration for Role Based Access Control. See more details | |
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' | |
properties: | |
rules: | |
description: The set of access rules (permissions) that the role has. | |
items: | |
properties: | |
constraints: | |
description: Optional. | |
items: | |
properties: | |
key: | |
description: Key of the constraint. | |
format: string | |
type: string | |
values: | |
description: List of valid values for the constraint. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
hosts: | |
items: | |
format: string | |
type: string | |
type: array | |
methods: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
notHosts: | |
items: | |
format: string | |
type: string | |
type: array | |
notMethods: | |
items: | |
format: string | |
type: string | |
type: array | |
notPaths: | |
items: | |
format: string | |
type: string | |
type: array | |
notPorts: | |
items: | |
format: int32 | |
type: integer | |
type: array | |
paths: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
ports: | |
items: | |
format: int32 | |
type: integer | |
type: array | |
services: | |
description: A list of service names. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: virtualservices.networking.istio.io | |
spec: | |
additionalPrinterColumns: | |
- JSONPath: .spec.gateways | |
description: The names of gateways and sidecars that should apply these routes | |
name: Gateways | |
type: string | |
- JSONPath: .spec.hosts | |
description: The destination hosts to which traffic is being sent | |
name: Hosts | |
type: string | |
- JSONPath: .metadata.creationTimestamp | |
description: |- | |
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. | |
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata | |
name: Age | |
type: date | |
group: networking.istio.io | |
names: | |
categories: | |
- istio-io | |
- networking-istio-io | |
kind: VirtualService | |
listKind: VirtualServiceList | |
plural: virtualservices | |
shortNames: | |
- vs | |
singular: virtualservice | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration affecting label/content routing, sni routing, | |
etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' | |
properties: | |
exportTo: | |
description: A list of namespaces to which this virtual service is exported. | |
items: | |
format: string | |
type: string | |
type: array | |
gateways: | |
description: The names of gateways and sidecars that should apply these | |
routes. | |
items: | |
format: string | |
type: string | |
type: array | |
hosts: | |
description: The destination hosts to which traffic is being sent. | |
items: | |
format: string | |
type: string | |
type: array | |
http: | |
description: An ordered list of route rules for HTTP traffic. | |
items: | |
properties: | |
appendHeaders: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
appendRequestHeaders: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
appendResponseHeaders: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
corsPolicy: | |
description: Cross-Origin Resource Sharing policy (CORS). | |
properties: | |
allowCredentials: | |
nullable: true | |
type: boolean | |
allowHeaders: | |
items: | |
format: string | |
type: string | |
type: array | |
allowMethods: | |
description: List of HTTP methods allowed to access the resource. | |
items: | |
format: string | |
type: string | |
type: array | |
allowOrigin: | |
description: The list of origins that are allowed to perform | |
CORS requests. | |
items: | |
format: string | |
type: string | |
type: array | |
exposeHeaders: | |
items: | |
format: string | |
type: string | |
type: array | |
maxAge: | |
type: string | |
type: object | |
fault: | |
description: Fault injection policy to apply on HTTP traffic at | |
the client side. | |
properties: | |
abort: | |
oneOf: | |
- properties: | |
percent: {} | |
required: | |
- httpStatus | |
- properties: | |
percent: {} | |
required: | |
- grpcStatus | |
- properties: | |
percent: {} | |
required: | |
- http2Error | |
properties: | |
grpcStatus: | |
format: string | |
type: string | |
http2Error: | |
format: string | |
type: string | |
httpStatus: | |
description: HTTP status code to use to abort the Http | |
request. | |
format: int32 | |
type: integer | |
percent: | |
description: Percentage of requests to be aborted with | |
the error code provided (0-100). | |
format: int32 | |
type: integer | |
percentage: | |
description: Percentage of requests to be aborted with | |
the error code provided. | |
properties: | |
value: | |
format: double | |
type: number | |
type: object | |
type: object | |
delay: | |
oneOf: | |
- properties: | |
percent: {} | |
required: | |
- fixedDelay | |
- properties: | |
percent: {} | |
required: | |
- exponentialDelay | |
properties: | |
exponentialDelay: | |
type: string | |
fixedDelay: | |
description: Add a fixed delay before forwarding the request. | |
type: string | |
percent: | |
description: Percentage of requests on which the delay | |
will be injected (0-100). | |
format: int32 | |
type: integer | |
percentage: | |
description: Percentage of requests on which the delay | |
will be injected. | |
properties: | |
value: | |
format: double | |
type: number | |
type: object | |
type: object | |
type: object | |
headers: | |
properties: | |
request: | |
properties: | |
add: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
remove: | |
items: | |
format: string | |
type: string | |
type: array | |
set: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
response: | |
properties: | |
add: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
remove: | |
items: | |
format: string | |
type: string | |
type: array | |
set: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: object | |
match: | |
items: | |
properties: | |
authority: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
gateways: | |
items: | |
format: string | |
type: string | |
type: array | |
headers: | |
additionalProperties: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
type: object | |
ignoreUriCase: | |
description: Flag to specify whether the URI matching should | |
be case-insensitive. | |
type: boolean | |
method: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
name: | |
description: The name assigned to a match. | |
format: string | |
type: string | |
port: | |
description: Specifies the ports on the host that is being | |
addressed. | |
type: integer | |
queryParams: | |
additionalProperties: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
description: Query parameters for matching. | |
type: object | |
scheme: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
sourceLabels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
uri: | |
oneOf: | |
- required: | |
- exact | |
- required: | |
- prefix | |
- required: | |
- regex | |
properties: | |
exact: | |
format: string | |
type: string | |
prefix: | |
format: string | |
type: string | |
regex: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: array | |
mirror: | |
properties: | |
host: | |
description: The name of a service from the service registry. | |
format: string | |
type: string | |
port: | |
description: Specifies the port on the host that is being | |
addressed. | |
properties: | |
number: | |
type: integer | |
type: object | |
subset: | |
description: The name of a subset within the service. | |
format: string | |
type: string | |
type: object | |
mirror_percent: | |
description: Percentage of the traffic to be mirrored by the `mirror` | |
field. | |
nullable: true | |
type: integer | |
mirrorPercent: | |
description: Percentage of the traffic to be mirrored by the `mirror` | |
field. | |
nullable: true | |
type: integer | |
name: | |
description: The name assigned to the route for debugging purposes. | |
format: string | |
type: string | |
redirect: | |
description: A http rule can either redirect or forward (default) | |
traffic. | |
properties: | |
authority: | |
format: string | |
type: string | |
redirectCode: | |
type: integer | |
uri: | |
format: string | |
type: string | |
type: object | |
removeRequestHeaders: | |
items: | |
format: string | |
type: string | |
type: array | |
removeResponseHeaders: | |
items: | |
format: string | |
type: string | |
type: array | |
retries: | |
description: Retry policy for HTTP requests. | |
properties: | |
attempts: | |
description: Number of retries for a given request. | |
format: int32 | |
type: integer | |
perTryTimeout: | |
description: Timeout per retry attempt for a given request. | |
type: string | |
retryOn: | |
description: Specifies the conditions under which retry takes | |
place. | |
format: string | |
type: string | |
type: object | |
rewrite: | |
description: Rewrite HTTP URIs and Authority headers. | |
properties: | |
authority: | |
description: rewrite the Authority/Host header with this value. | |
format: string | |
type: string | |
uri: | |
format: string | |
type: string | |
type: object | |
route: | |
description: A http rule can either redirect or forward (default) | |
traffic. | |
items: | |
properties: | |
appendRequestHeaders: | |
additionalProperties: | |
format: string | |
type: string | |
description: Use of `append_request_headers` is deprecated. | |
type: object | |
appendResponseHeaders: | |
additionalProperties: | |
format: string | |
type: string | |
description: Use of `append_response_headers` is deprecated. | |
type: object | |
destination: | |
properties: | |
host: | |
description: The name of a service from the service | |
registry. | |
format: string | |
type: string | |
port: | |
description: Specifies the port on the host that is | |
being addressed. | |
properties: | |
number: | |
type: integer | |
type: object | |
subset: | |
description: The name of a subset within the service. | |
format: string | |
type: string | |
type: object | |
headers: | |
properties: | |
request: | |
properties: | |
add: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
remove: | |
items: | |
format: string | |
type: string | |
type: array | |
set: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
response: | |
properties: | |
add: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
remove: | |
items: | |
format: string | |
type: string | |
type: array | |
set: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: object | |
removeRequestHeaders: | |
description: Use of `remove_request_headers` is deprecated. | |
items: | |
format: string | |
type: string | |
type: array | |
removeResponseHeaders: | |
description: Use of `remove_response_header` is deprecated. | |
items: | |
format: string | |
type: string | |
type: array | |
weight: | |
format: int32 | |
type: integer | |
type: object | |
type: array | |
timeout: | |
description: Timeout for HTTP requests. | |
type: string | |
websocketUpgrade: | |
description: Deprecated. | |
type: boolean | |
type: object | |
type: array | |
tcp: | |
description: An ordered list of route rules for opaque TCP traffic. | |
items: | |
properties: | |
match: | |
items: | |
properties: | |
destinationSubnets: | |
description: IPv4 or IPv6 ip addresses of destination with | |
optional subnet. | |
items: | |
format: string | |
type: string | |
type: array | |
gateways: | |
description: Names of gateways where the rule should be | |
applied to. | |
items: | |
format: string | |
type: string | |
type: array | |
port: | |
description: Specifies the port on the host that is being | |
addressed. | |
type: integer | |
sourceLabels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
sourceSubnet: | |
description: IPv4 or IPv6 ip address of source with optional | |
subnet. | |
format: string | |
type: string | |
type: object | |
type: array | |
route: | |
description: The destination to which the connection should be | |
forwarded to. | |
items: | |
properties: | |
destination: | |
properties: | |
host: | |
description: The name of a service from the service | |
registry. | |
format: string | |
type: string | |
port: | |
description: Specifies the port on the host that is | |
being addressed. | |
properties: | |
number: | |
type: integer | |
type: object | |
subset: | |
description: The name of a subset within the service. | |
format: string | |
type: string | |
type: object | |
weight: | |
format: int32 | |
type: integer | |
type: object | |
type: array | |
type: object | |
type: array | |
tls: | |
items: | |
properties: | |
match: | |
items: | |
properties: | |
destinationSubnets: | |
description: IPv4 or IPv6 ip addresses of destination with | |
optional subnet. | |
items: | |
format: string | |
type: string | |
type: array | |
gateways: | |
description: Names of gateways where the rule should be | |
applied to. | |
items: | |
format: string | |
type: string | |
type: array | |
port: | |
description: Specifies the port on the host that is being | |
addressed. | |
type: integer | |
sniHosts: | |
description: SNI (server name indicator) to match on. | |
items: | |
format: string | |
type: string | |
type: array | |
sourceLabels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
sourceSubnet: | |
description: IPv4 or IPv6 ip address of source with optional | |
subnet. | |
format: string | |
type: string | |
type: object | |
type: array | |
route: | |
description: The destination to which the connection should be | |
forwarded to. | |
items: | |
properties: | |
destination: | |
properties: | |
host: | |
description: The name of a service from the service | |
registry. | |
format: string | |
type: string | |
port: | |
description: Specifies the port on the host that is | |
being addressed. | |
properties: | |
number: | |
type: integer | |
type: object | |
subset: | |
description: The name of a subset within the service. | |
format: string | |
type: string | |
type: object | |
weight: | |
format: int32 | |
type: integer | |
type: object | |
type: array | |
type: object | |
type: array | |
type: object | |
type: object | |
versions: | |
- name: v1alpha3 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
kind: CustomResourceDefinition | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
metadata: | |
name: adapters.config.istio.io | |
labels: | |
app: mixer | |
package: adapter | |
istio: mixer-adapter | |
chart: istio | |
heritage: Tiller | |
release: istio | |
annotations: | |
"helm.sh/resource-policy": keep | |
spec: | |
group: config.istio.io | |
names: | |
kind: adapter | |
plural: adapters | |
singular: adapter | |
categories: | |
- istio-io | |
- policy-istio-io | |
scope: Namespaced | |
subresources: | |
status: {} | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
--- | |
kind: CustomResourceDefinition | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
metadata: | |
name: instances.config.istio.io | |
labels: | |
app: mixer | |
package: instance | |
istio: mixer-instance | |
chart: istio | |
heritage: Tiller | |
release: istio | |
annotations: | |
"helm.sh/resource-policy": keep | |
spec: | |
group: config.istio.io | |
names: | |
kind: instance | |
plural: instances | |
singular: instance | |
categories: | |
- istio-io | |
- policy-istio-io | |
scope: Namespaced | |
subresources: | |
status: {} | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
--- | |
kind: CustomResourceDefinition | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
metadata: | |
name: templates.config.istio.io | |
labels: | |
app: mixer | |
package: template | |
istio: mixer-template | |
chart: istio | |
heritage: Tiller | |
release: istio | |
annotations: | |
"helm.sh/resource-policy": keep | |
spec: | |
group: config.istio.io | |
names: | |
kind: template | |
plural: templates | |
singular: template | |
categories: | |
- istio-io | |
- policy-istio-io | |
scope: Namespaced | |
subresources: | |
status: {} | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
--- | |
kind: CustomResourceDefinition | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
metadata: | |
name: handlers.config.istio.io | |
labels: | |
app: mixer | |
package: handler | |
istio: mixer-handler | |
chart: istio | |
heritage: Tiller | |
release: istio | |
annotations: | |
"helm.sh/resource-policy": keep | |
spec: | |
group: config.istio.io | |
names: | |
kind: handler | |
plural: handlers | |
singular: handler | |
categories: | |
- istio-io | |
- policy-istio-io | |
scope: Namespaced | |
subresources: | |
status: {} | |
versions: | |
- name: v1alpha2 | |
served: true | |
storage: true | |
--- | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"crd-10.yaml":"apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: core\n package: istio.io.mixer\n release: istio\n name: attributemanifests.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - policy-istio-io\n kind: attributemanifest\n plural: attributemanifests\n singular: attributemanifest\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Describes the rules used to configure Mixer''s policy and\n telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'\n properties:\n attributes:\n additionalProperties:\n properties:\n description:\n description: A human-readable description of the attribute's purpose.\n format: string\n type: string\n valueType:\n description: The type of data carried by this attribute.\n enum:\n - VALUE_TYPE_UNSPECIFIED\n - STRING\n - INT64\n - DOUBLE\n - BOOL\n - TIMESTAMP\n - IP_ADDRESS\n - EMAIL_ADDRESS\n - URI\n - DNS_NAME\n - DURATION\n - STRING_MAP\n type: string\n type: object\n description: The set of attributes this Istio component will be responsible\n for producing at runtime.\n type: object\n name:\n description: Name of the component producing these attributes.\n format: string\n type: string\n revision:\n description: The revision of this document.\n format: string\n type: string\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n heritage: Tiller\n istio: rbac\n release: istio\n name: clusterrbacconfigs.rbac.istio.io\nspec:\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: ClusterRbacConfig\n plural: clusterrbacconfigs\n singular: clusterrbacconfig\n scope: Cluster\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n enforcementMode:\n enum:\n - ENFORCED\n - PERMISSIVE\n type: string\n exclusion:\n description: A list of services or namespaces that should not be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n inclusion:\n description: A list of services or namespaces that should be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n mode:\n description: Istio RBAC mode.\n enum:\n - \"OFF\"\n - \"ON\"\n - ON_WITH_INCLUSION\n - ON_WITH_EXCLUSION\n type: string\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: destinationrules.networking.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.host\n description: The name of a service from the service registry\n name: Host\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: DestinationRule\n listKind: DestinationRuleList\n plural: destinationrules\n shortNames:\n - dr\n singular: destinationrule\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting load balancing, outlier detection,\n etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html'\n properties:\n exportTo:\n description: A list of namespaces to which this destination rule is\n exported.\n items:\n format: string\n type: string\n type: array\n host:\n description: The name of a service from the service registry.\n format: string\n type: string\n subsets:\n items:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n name:\n description: Name of the subset.\n format: string\n type: string\n trafficPolicy:\n description: Traffic policies that apply to this subset.\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should\n be upgraded to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP requests\n to a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection\n pool connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per connection\n to a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP upstream\n connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections\n to a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on the socket\n to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive\n probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n portLevelSettings:\n description: Traffic policies specific to individual ports.\n items:\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should\n be upgraded to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP\n requests to a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a\n backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection\n pool connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per\n connection to a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP\n upstream connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections\n to a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on\n the socket to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive\n probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer\n algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep\n analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n port:\n properties:\n number:\n type: integer\n type: object\n tls:\n description: TLS related settings for connections to\n the upstream service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server\n during TLS handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n tls:\n description: TLS related settings for connections to the upstream\n service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server during\n TLS handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: object\n type: array\n trafficPolicy:\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should be upgraded\n to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP requests to\n a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection pool\n connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per connection to\n a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP upstream connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections to\n a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on the socket\n to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n portLevelSettings:\n description: Traffic policies specific to individual ports.\n items:\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should\n be upgraded to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP requests\n to a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection\n pool connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per connection\n to a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP upstream\n connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections\n to a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on the socket\n to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive\n probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n port:\n properties:\n number:\n type: integer\n type: object\n tls:\n description: TLS related settings for connections to the upstream\n service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server during\n TLS handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n tls:\n description: TLS related settings for connections to the upstream\n service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server during TLS\n handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: envoyfilters.networking.istio.io\nspec:\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: EnvoyFilter\n plural: envoyfilters\n singular: envoyfilter\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Customizing Envoy configuration generated by Istio. See more\n details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html'\n properties:\n configPatches:\n description: One or more patches with match conditions.\n items:\n properties:\n applyTo:\n enum:\n - INVALID\n - LISTENER\n - FILTER_CHAIN\n - NETWORK_FILTER\n - HTTP_FILTER\n - ROUTE_CONFIGURATION\n - VIRTUAL_HOST\n - HTTP_ROUTE\n - CLUSTER\n type: string\n match:\n description: Match on listener/route configuration/cluster.\n oneOf:\n - required:\n - listener\n - required:\n - routeConfiguration\n - required:\n - cluster\n properties:\n cluster:\n description: Match on envoy cluster attributes.\n properties:\n name:\n description: The exact name of the cluster to match.\n format: string\n type: string\n portNumber:\n description: The service port for which this cluster was\n generated.\n type: integer\n service:\n description: The fully qualified service name for this\n cluster.\n format: string\n type: string\n subset:\n description: The subset associated with the service.\n format: string\n type: string\n type: object\n context:\n description: The specific config generation context to match\n on.\n enum:\n - ANY\n - SIDECAR_INBOUND\n - SIDECAR_OUTBOUND\n - GATEWAY\n type: string\n listener:\n description: Match on envoy listener attributes.\n properties:\n filterChain:\n description: Match a specific filter chain in a listener.\n properties:\n applicationProtocols:\n description: Applies only to sidecars.\n format: string\n type: string\n filter:\n description: The name of a specific filter to apply\n the patch to.\n properties:\n name:\n description: The filter name to match on.\n format: string\n type: string\n subFilter:\n properties:\n name:\n description: The filter name to match on.\n format: string\n type: string\n type: object\n type: object\n name:\n description: The name assigned to the filter chain.\n format: string\n type: string\n sni:\n description: The SNI value used by a filter chain's\n match condition.\n format: string\n type: string\n transportProtocol:\n description: Applies only to SIDECAR_INBOUND context.\n format: string\n type: string\n type: object\n name:\n description: Match a specific listener by its name.\n format: string\n type: string\n portName:\n format: string\n type: string\n portNumber:\n type: integer\n type: object\n proxy:\n description: Match on properties associated with a proxy.\n properties:\n metadata:\n additionalProperties:\n format: string\n type: string\n type: object\n proxyVersion:\n format: string\n type: string\n type: object\n routeConfiguration:\n description: Match on envoy HTTP route configuration attributes.\n properties:\n gateway:\n format: string\n type: string\n name:\n description: Route configuration name to match on.\n format: string\n type: string\n portName:\n description: Applicable only for GATEWAY context.\n format: string\n type: string\n portNumber:\n type: integer\n vhost:\n properties:\n name:\n format: string\n type: string\n route:\n description: Match a specific route within the virtual\n host.\n properties:\n action:\n description: Match a route with specific action\n type.\n enum:\n - ANY\n - ROUTE\n - REDIRECT\n - DIRECT_RESPONSE\n type: string\n name:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n patch:\n description: The patch to apply along with the operation.\n properties:\n operation:\n description: Determines how the patch should be applied.\n enum:\n - INVALID\n - MERGE\n - ADD\n - REMOVE\n - INSERT_BEFORE\n - INSERT_AFTER\n type: string\n value:\n description: The JSON config of the object being patched.\n type: object\n type: object\n type: object\n type: array\n filters:\n items:\n properties:\n filterConfig:\n type: object\n filterName:\n description: The name of the filter to instantiate.\n format: string\n type: string\n filterType:\n description: The type of filter to instantiate.\n enum:\n - INVALID\n - HTTP\n - NETWORK\n type: string\n insertPosition:\n description: Insert position in the filter chain.\n properties:\n index:\n description: Position of this filter in the filter chain.\n enum:\n - FIRST\n - LAST\n - BEFORE\n - AFTER\n type: string\n relativeTo:\n format: string\n type: string\n type: object\n listenerMatch:\n properties:\n address:\n description: One or more IP addresses to which the listener\n is bound.\n items:\n format: string\n type: string\n type: array\n listenerProtocol:\n description: Selects a class of listeners for the same protocol.\n enum:\n - ALL\n - HTTP\n - TCP\n type: string\n listenerType:\n description: Inbound vs outbound sidecar listener or gateway\n listener.\n enum:\n - ANY\n - SIDECAR_INBOUND\n - SIDECAR_OUTBOUND\n - GATEWAY\n type: string\n portNamePrefix:\n format: string\n type: string\n portNumber:\n type: integer\n type: object\n type: object\n type: array\n workloadLabels:\n additionalProperties:\n format: string\n type: string\n description: Deprecated.\n type: object\n workloadSelector:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: gateways.networking.istio.io\nspec:\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: Gateway\n plural: gateways\n shortNames:\n - gw\n singular: gateway\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting edge load balancer. See more details\n at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html'\n properties:\n selector:\n additionalProperties:\n format: string\n type: string\n type: object\n servers:\n description: A list of server specifications.\n items:\n properties:\n bind:\n format: string\n type: string\n defaultEndpoint:\n format: string\n type: string\n hosts:\n description: One or more hosts exposed by this gateway.\n items:\n format: string\n type: string\n type: array\n port:\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n tls:\n description: Set of TLS related options that govern the server's\n behavior.\n properties:\n caCertificates:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n cipherSuites:\n description: 'Optional: If specified, only support the specified\n cipher list.'\n items:\n format: string\n type: string\n type: array\n credentialName:\n format: string\n type: string\n httpsRedirect:\n type: boolean\n maxProtocolVersion:\n description: 'Optional: Maximum TLS protocol version.'\n enum:\n - TLS_AUTO\n - TLSV1_0\n - TLSV1_1\n - TLSV1_2\n - TLSV1_3\n type: string\n minProtocolVersion:\n description: 'Optional: Minimum TLS protocol version.'\n enum:\n - TLS_AUTO\n - TLSV1_0\n - TLSV1_1\n - TLSV1_2\n - TLSV1_3\n type: string\n mode:\n enum:\n - PASSTHROUGH\n - SIMPLE\n - MUTUAL\n - AUTO_PASSTHROUGH\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.\n format: string\n type: string\n serverCertificate:\n description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n verifyCertificateHash:\n items:\n format: string\n type: string\n type: array\n verifyCertificateSpki:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: httpapispecbindings.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: HTTPAPISpecBinding\n plural: httpapispecbindings\n singular: httpapispecbinding\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n properties:\n api_specs:\n items:\n properties:\n name:\n description: The short name of the HTTPAPISpec.\n format: string\n type: string\n namespace:\n description: Optional namespace of the HTTPAPISpec.\n format: string\n type: string\n type: object\n type: array\n apiSpecs:\n items:\n properties:\n name:\n description: The short name of the HTTPAPISpec.\n format: string\n type: string\n namespace:\n description: Optional namespace of the HTTPAPISpec.\n format: string\n type: string\n type: object\n type: array\n services:\n description: One or more services to map the listed HTTPAPISpec onto.\n items:\n properties:\n domain:\n description: Domain suffix used to construct the service FQDN\n in implementations that support such specification.\n format: string\n type: string\n labels:\n additionalProperties:\n format: string\n type: string\n description: Optional one or more labels that uniquely identify\n the service version.\n type: object\n name:\n description: The short name of the service such as \"foo\".\n format: string\n type: string\n namespace:\n description: Optional namespace of the service.\n format: string\n type: string\n service:\n description: The service FQDN.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: httpapispecs.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: HTTPAPISpec\n plural: httpapispecs\n singular: httpapispec\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n properties:\n api_keys:\n items:\n oneOf:\n - required:\n - query\n - required:\n - header\n - required:\n - cookie\n properties:\n cookie:\n format: string\n type: string\n header:\n description: API key is sent in a request header.\n format: string\n type: string\n query:\n description: API Key is sent as a query parameter.\n format: string\n type: string\n type: object\n type: array\n apiKeys:\n items:\n oneOf:\n - required:\n - query\n - required:\n - header\n - required:\n - cookie\n properties:\n cookie:\n format: string\n type: string\n header:\n description: API key is sent in a request header.\n format: string\n type: string\n query:\n description: API Key is sent as a query parameter.\n format: string\n type: string\n type: object\n type: array\n attributes:\n properties:\n attributes:\n additionalProperties:\n oneOf:\n - required:\n - stringValue\n - required:\n - int64Value\n - required:\n - doubleValue\n - required:\n - boolValue\n - required:\n - bytesValue\n - required:\n - timestampValue\n - required:\n - durationValue\n - required:\n - stringMapValue\n properties:\n boolValue:\n type: boolean\n bytesValue:\n format: binary\n type: string\n doubleValue:\n format: double\n type: number\n durationValue:\n type: string\n int64Value:\n format: int64\n type: integer\n stringMapValue:\n properties:\n entries:\n additionalProperties:\n format: string\n type: string\n description: Holds a set of name/value pairs.\n type: object\n type: object\n stringValue:\n format: string\n type: string\n timestampValue:\n format: dateTime\n type: string\n type: object\n description: A map of attribute name to its value.\n type: object\n type: object\n patterns:\n description: List of HTTP patterns to match.\n items:\n oneOf:\n - required:\n - uriTemplate\n - required:\n - regex\n properties:\n attributes:\n properties:\n attributes:\n additionalProperties:\n oneOf:\n - required:\n - stringValue\n - required:\n - int64Value\n - required:\n - doubleValue\n - required:\n - boolValue\n - required:\n - bytesValue\n - required:\n - timestampValue\n - required:\n - durationValue\n - required:\n - stringMapValue\n properties:\n boolValue:\n type: boolean\n bytesValue:\n format: binary\n type: string\n doubleValue:\n format: double\n type: number\n durationValue:\n type: string\n int64Value:\n format: int64\n type: integer\n stringMapValue:\n properties:\n entries:\n additionalProperties:\n format: string\n type: string\n description: Holds a set of name/value pairs.\n type: object\n type: object\n stringValue:\n format: string\n type: string\n timestampValue:\n format: dateTime\n type: string\n type: object\n description: A map of attribute name to its value.\n type: object\n type: object\n httpMethod:\n format: string\n type: string\n regex:\n format: string\n type: string\n uriTemplate:\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-citadel\n chart: istio\n heritage: Tiller\n release: istio\n name: meshpolicies.authentication.istio.io\nspec:\n group: authentication.istio.io\n names:\n categories:\n - istio-io\n - authentication-istio-io\n kind: MeshPolicy\n listKind: MeshPolicyList\n plural: meshpolicies\n singular: meshpolicy\n scope: Cluster\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Authentication policy for Istio services. See more details\n at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html'\n properties:\n originIsOptional:\n type: boolean\n origins:\n description: List of authentication methods that can be used for origin\n authentication.\n items:\n properties:\n jwt:\n description: Jwt params for the method.\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n type: array\n peerIsOptional:\n type: boolean\n peers:\n description: List of authentication methods that can be used for peer\n authentication.\n items:\n oneOf:\n - required:\n - mtls\n - required:\n - jwt\n properties:\n jwt:\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n mtls:\n description: Set if mTLS is used.\n properties:\n allowTls:\n description: WILL BE DEPRECATED, if set, will translates to\n `TLS_PERMISSIVE` mode.\n type: boolean\n mode:\n description: Defines the mode of mTLS authentication.\n enum:\n - STRICT\n - PERMISSIVE\n type: string\n type: object\n type: object\n type: array\n principalBinding:\n description: Define whether peer or origin identity should be use for\n principal.\n enum:\n - USE_PEER\n - USE_ORIGIN\n type: string\n targets:\n description: List rules to select workloads that the policy should be\n applied on.\n items:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n name:\n description: The name must be a short name from the service registry.\n format: string\n type: string\n ports:\n description: Specifies the ports.\n items:\n oneOf:\n - required:\n - number\n - required:\n - name\n properties:\n name:\n format: string\n type: string\n number:\n type: integer\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-citadel\n chart: istio\n heritage: Tiller\n release: istio\n name: policies.authentication.istio.io\nspec:\n group: authentication.istio.io\n names:\n categories:\n - istio-io\n - authentication-istio-io\n kind: Policy\n plural: policies\n singular: policy\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Authentication policy for Istio services. See more details\n at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html'\n properties:\n originIsOptional:\n type: boolean\n origins:\n description: List of authentication methods that can be used for origin\n authentication.\n items:\n properties:\n jwt:\n description: Jwt params for the method.\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n type: array\n peerIsOptional:\n type: boolean\n peers:\n description: List of authentication methods that can be used for peer\n authentication.\n items:\n oneOf:\n - required:\n - mtls\n - required:\n - jwt\n properties:\n jwt:\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n mtls:\n description: Set if mTLS is used.\n properties:\n allowTls:\n description: WILL BE DEPRECATED, if set, will translates to\n `TLS_PERMISSIVE` mode.\n type: boolean\n mode:\n description: Defines the mode of mTLS authentication.\n enum:\n - STRICT\n - PERMISSIVE\n type: string\n type: object\n type: object\n type: array\n principalBinding:\n description: Define whether peer or origin identity should be use for\n principal.\n enum:\n - USE_PEER\n - USE_ORIGIN\n type: string\n targets:\n description: List rules to select workloads that the policy should be\n applied on.\n items:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n name:\n description: The name must be a short name from the service registry.\n format: string\n type: string\n ports:\n description: Specifies the ports.\n items:\n oneOf:\n - required:\n - number\n - required:\n - name\n properties:\n name:\n format: string\n type: string\n number:\n type: integer\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: quotaspecbindings.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: QuotaSpecBinding\n plural: quotaspecbindings\n singular: quotaspecbinding\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n properties:\n quotaSpecs:\n items:\n properties:\n name:\n description: The short name of the QuotaSpec.\n format: string\n type: string\n namespace:\n description: Optional namespace of the QuotaSpec.\n format: string\n type: string\n type: object\n type: array\n services:\n description: One or more services to map the listed QuotaSpec onto.\n items:\n properties:\n domain:\n description: Domain suffix used to construct the service FQDN\n in implementations that support such specification.\n format: string\n type: string\n labels:\n additionalProperties:\n format: string\n type: string\n description: Optional one or more labels that uniquely identify\n the service version.\n type: object\n name:\n description: The short name of the service such as \"foo\".\n format: string\n type: string\n namespace:\n description: Optional namespace of the service.\n format: string\n type: string\n service:\n description: The service FQDN.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: quotaspecs.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: QuotaSpec\n plural: quotaspecs\n singular: quotaspec\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: Determines the quotas used for individual requests.\n properties:\n rules:\n description: A list of Quota rules.\n items:\n properties:\n match:\n description: If empty, match all request.\n items:\n properties:\n clause:\n additionalProperties:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n description: Map of attribute names to StringMatch type.\n type: object\n type: object\n type: array\n quotas:\n description: The list of quotas to charge.\n items:\n properties:\n charge:\n format: int32\n type: integer\n quota:\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: rbac\n package: istio.io.mixer\n release: istio\n name: rbacconfigs.rbac.istio.io\nspec:\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: RbacConfig\n plural: rbacconfigs\n singular: rbacconfig\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n enforcementMode:\n enum:\n - ENFORCED\n - PERMISSIVE\n type: string\n exclusion:\n description: A list of services or namespaces that should not be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n inclusion:\n description: A list of services or namespaces that should be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n mode:\n description: Istio RBAC mode.\n enum:\n - \"OFF\"\n - \"ON\"\n - ON_WITH_INCLUSION\n - ON_WITH_EXCLUSION\n type: string\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: core\n package: istio.io.mixer\n release: istio\n name: rules.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - policy-istio-io\n kind: rule\n plural: rules\n singular: rule\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Describes the rules used to configure Mixer''s policy and\n telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'\n properties:\n actions:\n description: The actions that will be executed when match evaluates\n to `true`.\n items:\n properties:\n handler:\n description: Fully qualified name of the handler to invoke.\n format: string\n type: string\n instances:\n items:\n format: string\n type: string\n type: array\n name:\n description: A handle to refer to the results of the action.\n format: string\n type: string\n type: object\n type: array\n match:\n description: Match is an attribute based predicate.\n format: string\n type: string\n requestHeaderOperations:\n items:\n properties:\n name:\n description: Header name literal value.\n format: string\n type: string\n operation:\n description: Header operation type.\n enum:\n - REPLACE\n - REMOVE\n - APPEND\n type: string\n values:\n description: Header value expressions.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n responseHeaderOperations:\n items:\n properties:\n name:\n description: Header name literal value.\n format: string\n type: string\n operation:\n description: Header operation type.\n enum:\n - REPLACE\n - REMOVE\n - APPEND\n type: string\n values:\n description: Header value expressions.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n sampling:\n properties:\n random:\n description: Provides filtering of actions based on random selection\n per request.\n properties:\n attributeExpression:\n description: Specifies an attribute expression to use to override\n the numerator in the `percent_sampled` field.\n format: string\n type: string\n percentSampled:\n description: The default sampling rate, expressed as a percentage.\n properties:\n denominator:\n description: Specifies the denominator.\n enum:\n - HUNDRED\n - TEN_THOUSAND\n type: string\n numerator:\n description: Specifies the numerator.\n type: integer\n type: object\n useIndependentRandomness:\n description: By default sampling will be based on the value\n of the request header `x-request-id`.\n type: boolean\n type: object\n rateLimit:\n properties:\n maxUnsampledEntries:\n description: Number of entries to allow during the `sampling_duration`\n before sampling is enforced.\n format: int64\n type: integer\n samplingDuration:\n description: Window in which to enforce the sampling rate.\n type: string\n samplingRate:\n description: The rate at which to sample entries once the unsampled\n limit has been reached.\n format: int64\n type: integer\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: serviceentries.networking.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.hosts\n description: The hosts associated with the ServiceEntry\n name: Hosts\n type: string\n - JSONPath: .spec.location\n description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL\n or MESH_INTERNAL)\n name: Location\n type: string\n - JSONPath: .spec.resolution\n description: Service discovery mode for the hosts (NONE, STATIC, or DNS)\n name: Resolution\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: ServiceEntry\n listKind: ServiceEntryList\n plural: serviceentries\n shortNames:\n - se\n singular: serviceentry\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting service registry. See more details\n at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html'\n properties:\n addresses:\n description: The virtual IP addresses associated with the service.\n items:\n format: string\n type: string\n type: array\n endpoints:\n description: One or more endpoints associated with the service.\n items:\n properties:\n address:\n format: string\n type: string\n labels:\n additionalProperties:\n format: string\n type: string\n description: One or more labels associated with the endpoint.\n type: object\n locality:\n description: The locality associated with the endpoint.\n format: string\n type: string\n network:\n format: string\n type: string\n ports:\n additionalProperties:\n type: integer\n description: Set of ports associated with the endpoint.\n type: object\n weight:\n description: The load balancing weight associated with the endpoint.\n type: integer\n type: object\n type: array\n exportTo:\n description: A list of namespaces to which this service is exported.\n items:\n format: string\n type: string\n type: array\n hosts:\n description: The hosts associated with the ServiceEntry.\n items:\n format: string\n type: string\n type: array\n location:\n enum:\n - MESH_EXTERNAL\n - MESH_INTERNAL\n type: string\n ports:\n description: The ports associated with the external service.\n items:\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n type: array\n resolution:\n description: Service discovery mode for the hosts.\n enum:\n - NONE\n - STATIC\n - DNS\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: rbac\n package: istio.io.mixer\n release: istio\n name: servicerolebindings.rbac.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.roleRef.name\n description: The name of the ServiceRole object being referenced\n name: Reference\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: ServiceRoleBinding\n plural: servicerolebindings\n singular: servicerolebinding\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n actions:\n items:\n properties:\n constraints:\n description: Optional.\n items:\n properties:\n key:\n description: Key of the constraint.\n format: string\n type: string\n values:\n description: List of valid values for the constraint.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n hosts:\n items:\n format: string\n type: string\n type: array\n methods:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n notHosts:\n items:\n format: string\n type: string\n type: array\n notMethods:\n items:\n format: string\n type: string\n type: array\n notPaths:\n items:\n format: string\n type: string\n type: array\n notPorts:\n items:\n format: int32\n type: integer\n type: array\n paths:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n ports:\n items:\n format: int32\n type: integer\n type: array\n services:\n description: A list of service names.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n mode:\n enum:\n - ENFORCED\n - PERMISSIVE\n type: string\n role:\n format: string\n type: string\n roleRef:\n description: Reference to the ServiceRole object.\n properties:\n kind:\n description: The type of the role being referenced.\n format: string\n type: string\n name:\n description: The name of the ServiceRole object being referenced.\n format: string\n type: string\n type: object\n subjects:\n description: List of subjects that are assigned the ServiceRole object.\n items:\n properties:\n group:\n format: string\n type: string\n groups:\n items:\n format: string\n type: string\n type: array\n ips:\n items:\n format: string\n type: string\n type: array\n names:\n items:\n format: string\n type: string\n type: array\n namespaces:\n items:\n format: string\n type: string\n type: array\n notGroups:\n items:\n format: string\n type: string\n type: array\n notIps:\n items:\n format: string\n type: string\n type: array\n notNames:\n items:\n format: string\n type: string\n type: array\n notNamespaces:\n items:\n format: string\n type: string\n type: array\n properties:\n additionalProperties:\n format: string\n type: string\n description: Optional.\n type: object\n user:\n description: Optional.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: rbac\n package: istio.io.mixer\n release: istio\n name: serviceroles.rbac.istio.io\nspec:\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: ServiceRole\n plural: serviceroles\n singular: servicerole\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n rules:\n description: The set of access rules (permissions) that the role has.\n items:\n properties:\n constraints:\n description: Optional.\n items:\n properties:\n key:\n description: Key of the constraint.\n format: string\n type: string\n values:\n description: List of valid values for the constraint.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n hosts:\n items:\n format: string\n type: string\n type: array\n methods:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n notHosts:\n items:\n format: string\n type: string\n type: array\n notMethods:\n items:\n format: string\n type: string\n type: array\n notPaths:\n items:\n format: string\n type: string\n type: array\n notPorts:\n items:\n format: int32\n type: integer\n type: array\n paths:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n ports:\n items:\n format: int32\n type: integer\n type: array\n services:\n description: A list of service names.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: virtualservices.networking.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.gateways\n description: The names of gateways and sidecars that should apply these routes\n name: Gateways\n type: string\n - JSONPath: .spec.hosts\n description: The destination hosts to which traffic is being sent\n name: Hosts\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: VirtualService\n listKind: VirtualServiceList\n plural: virtualservices\n shortNames:\n - vs\n singular: virtualservice\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting label/content routing, sni routing,\n etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html'\n properties:\n exportTo:\n description: A list of namespaces to which this virtual service is exported.\n items:\n format: string\n type: string\n type: array\n gateways:\n description: The names of gateways and sidecars that should apply these\n routes.\n items:\n format: string\n type: string\n type: array\n hosts:\n description: The destination hosts to which traffic is being sent.\n items:\n format: string\n type: string\n type: array\n http:\n description: An ordered list of route rules for HTTP traffic.\n items:\n properties:\n appendHeaders:\n additionalProperties:\n format: string\n type: string\n type: object\n appendRequestHeaders:\n additionalProperties:\n format: string\n type: string\n type: object\n appendResponseHeaders:\n additionalProperties:\n format: string\n type: string\n type: object\n corsPolicy:\n description: Cross-Origin Resource Sharing policy (CORS).\n properties:\n allowCredentials:\n nullable: true\n type: boolean\n allowHeaders:\n items:\n format: string\n type: string\n type: array\n allowMethods:\n description: List of HTTP methods allowed to access the resource.\n items:\n format: string\n type: string\n type: array\n allowOrigin:\n description: The list of origins that are allowed to perform\n CORS requests.\n items:\n format: string\n type: string\n type: array\n exposeHeaders:\n items:\n format: string\n type: string\n type: array\n maxAge:\n type: string\n type: object\n fault:\n description: Fault injection policy to apply on HTTP traffic at\n the client side.\n properties:\n abort:\n oneOf:\n - properties:\n percent: {}\n required:\n - httpStatus\n - properties:\n percent: {}\n required:\n - grpcStatus\n - properties:\n percent: {}\n required:\n - http2Error\n properties:\n grpcStatus:\n format: string\n type: string\n http2Error:\n format: string\n type: string\n httpStatus:\n description: HTTP status code to use to abort the Http\n request.\n format: int32\n type: integer\n percent:\n description: Percentage of requests to be aborted with\n the error code provided (0-100).\n format: int32\n type: integer\n percentage:\n description: Percentage of requests to be aborted with\n the error code provided.\n properties:\n value:\n format: double\n type: number\n type: object\n type: object\n delay:\n oneOf:\n - properties:\n percent: {}\n required:\n - fixedDelay\n - properties:\n percent: {}\n required:\n - exponentialDelay\n properties:\n exponentialDelay:\n type: string\n fixedDelay:\n description: Add a fixed delay before forwarding the request.\n type: string\n percent:\n description: Percentage of requests on which the delay\n will be injected (0-100).\n format: int32\n type: integer\n percentage:\n description: Percentage of requests on which the delay\n will be injected.\n properties:\n value:\n format: double\n type: number\n type: object\n type: object\n type: object\n headers:\n properties:\n request:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n response:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n match:\n items:\n properties:\n authority:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n gateways:\n items:\n format: string\n type: string\n type: array\n headers:\n additionalProperties:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n type: object\n ignoreUriCase:\n description: Flag to specify whether the URI matching should\n be case-insensitive.\n type: boolean\n method:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n name:\n description: The name assigned to a match.\n format: string\n type: string\n port:\n description: Specifies the ports on the host that is being\n addressed.\n type: integer\n queryParams:\n additionalProperties:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n description: Query parameters for matching.\n type: object\n scheme:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n sourceLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n uri:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n type: object\n type: array\n mirror:\n properties:\n host:\n description: The name of a service from the service registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is being\n addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n mirror_percent:\n description: Percentage of the traffic to be mirrored by the `mirror`\n field.\n nullable: true\n type: integer\n mirrorPercent:\n description: Percentage of the traffic to be mirrored by the `mirror`\n field.\n nullable: true\n type: integer\n name:\n description: The name assigned to the route for debugging purposes.\n format: string\n type: string\n redirect:\n description: A http rule can either redirect or forward (default)\n traffic.\n properties:\n authority:\n format: string\n type: string\n redirectCode:\n type: integer\n uri:\n format: string\n type: string\n type: object\n removeRequestHeaders:\n items:\n format: string\n type: string\n type: array\n removeResponseHeaders:\n items:\n format: string\n type: string\n type: array\n retries:\n description: Retry policy for HTTP requests.\n properties:\n attempts:\n description: Number of retries for a given request.\n format: int32\n type: integer\n perTryTimeout:\n description: Timeout per retry attempt for a given request.\n type: string\n retryOn:\n description: Specifies the conditions under which retry takes\n place.\n format: string\n type: string\n type: object\n rewrite:\n description: Rewrite HTTP URIs and Authority headers.\n properties:\n authority:\n description: rewrite the Authority/Host header with this value.\n format: string\n type: string\n uri:\n format: string\n type: string\n type: object\n route:\n description: A http rule can either redirect or forward (default)\n traffic.\n items:\n properties:\n appendRequestHeaders:\n additionalProperties:\n format: string\n type: string\n description: Use of `append_request_headers` is deprecated.\n type: object\n appendResponseHeaders:\n additionalProperties:\n format: string\n type: string\n description: Use of `append_response_headers` is deprecated.\n type: object\n destination:\n properties:\n host:\n description: The name of a service from the service\n registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is\n being addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n headers:\n properties:\n request:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n response:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n removeRequestHeaders:\n description: Use of `remove_request_headers` is deprecated.\n items:\n format: string\n type: string\n type: array\n removeResponseHeaders:\n description: Use of `remove_response_header` is deprecated.\n items:\n format: string\n type: string\n type: array\n weight:\n format: int32\n type: integer\n type: object\n type: array\n timeout:\n description: Timeout for HTTP requests.\n type: string\n websocketUpgrade:\n description: Deprecated.\n type: boolean\n type: object\n type: array\n tcp:\n description: An ordered list of route rules for opaque TCP traffic.\n items:\n properties:\n match:\n items:\n properties:\n destinationSubnets:\n description: IPv4 or IPv6 ip addresses of destination with\n optional subnet.\n items:\n format: string\n type: string\n type: array\n gateways:\n description: Names of gateways where the rule should be\n applied to.\n items:\n format: string\n type: string\n type: array\n port:\n description: Specifies the port on the host that is being\n addressed.\n type: integer\n sourceLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n sourceSubnet:\n description: IPv4 or IPv6 ip address of source with optional\n subnet.\n format: string\n type: string\n type: object\n type: array\n route:\n description: The destination to which the connection should be\n forwarded to.\n items:\n properties:\n destination:\n properties:\n host:\n description: The name of a service from the service\n registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is\n being addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n weight:\n format: int32\n type: integer\n type: object\n type: array\n type: object\n type: array\n tls:\n items:\n properties:\n match:\n items:\n properties:\n destinationSubnets:\n description: IPv4 or IPv6 ip addresses of destination with\n optional subnet.\n items:\n format: string\n type: string\n type: array\n gateways:\n description: Names of gateways where the rule should be\n applied to.\n items:\n format: string\n type: string\n type: array\n port:\n description: Specifies the port on the host that is being\n addressed.\n type: integer\n sniHosts:\n description: SNI (server name indicator) to match on.\n items:\n format: string\n type: string\n type: array\n sourceLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n sourceSubnet:\n description: IPv4 or IPv6 ip address of source with optional\n subnet.\n format: string\n type: string\n type: object\n type: array\n route:\n description: The destination to which the connection should be\n forwarded to.\n items:\n properties:\n destination:\n properties:\n host:\n description: The name of a service from the service\n registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is\n being addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n weight:\n format: int32\n type: integer\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: adapters.config.istio.io\n labels:\n app: mixer\n package: adapter\n istio: mixer-adapter\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: adapter\n plural: adapters\n singular: adapter\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: instances.config.istio.io\n labels:\n app: mixer\n package: instance\n istio: mixer-instance\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: instance\n plural: instances\n singular: instance\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: templates.config.istio.io\n labels:\n app: mixer\n package: template\n istio: mixer-template\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: template\n plural: templates\n singular: template\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: handlers.config.istio.io\n labels:\n app: mixer\n package: handler\n istio: mixer-handler\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: handler\n plural: handlers\n singular: handler\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-crd-10","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:52:29Z" | |
name: istio-crd-10 | |
namespace: istio-system | |
resourceVersion: "43260" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-crd-10 | |
uid: 003aec4d-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
crd-11.yaml: |- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
"helm.sh/resource-policy": keep | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
chart: istio | |
heritage: Tiller | |
release: istio | |
name: sidecars.networking.istio.io | |
spec: | |
group: networking.istio.io | |
names: | |
categories: | |
- istio-io | |
- networking-istio-io | |
kind: Sidecar | |
plural: sidecars | |
singular: sidecar | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration affecting network reachability of a sidecar. | |
See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' | |
properties: | |
egress: | |
items: | |
properties: | |
bind: | |
format: string | |
type: string | |
captureMode: | |
enum: | |
- DEFAULT | |
- IPTABLES | |
- NONE | |
type: string | |
hosts: | |
items: | |
format: string | |
type: string | |
type: array | |
port: | |
description: The port associated with the listener. | |
properties: | |
name: | |
description: Label assigned to the port. | |
format: string | |
type: string | |
number: | |
description: A valid non-negative integer port number. | |
type: integer | |
protocol: | |
description: The protocol exposed on the port. | |
format: string | |
type: string | |
type: object | |
type: object | |
type: array | |
ingress: | |
items: | |
properties: | |
bind: | |
description: The ip to which the listener should be bound. | |
format: string | |
type: string | |
captureMode: | |
enum: | |
- DEFAULT | |
- IPTABLES | |
- NONE | |
type: string | |
defaultEndpoint: | |
format: string | |
type: string | |
port: | |
description: The port associated with the listener. | |
properties: | |
name: | |
description: Label assigned to the port. | |
format: string | |
type: string | |
number: | |
description: A valid non-negative integer port number. | |
type: integer | |
protocol: | |
description: The protocol exposed on the port. | |
format: string | |
type: string | |
type: object | |
type: object | |
type: array | |
outboundTrafficPolicy: | |
description: This allows to configure the outbound traffic policy. | |
properties: | |
mode: | |
enum: | |
- REGISTRY_ONLY | |
- ALLOW_ANY | |
type: string | |
type: object | |
workloadSelector: | |
properties: | |
labels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: object | |
type: object | |
versions: | |
- name: v1alpha3 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"crd-11.yaml":"apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: sidecars.networking.istio.io\nspec:\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: Sidecar\n plural: sidecars\n singular: sidecar\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting network reachability of a sidecar.\n See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html'\n properties:\n egress:\n items:\n properties:\n bind:\n format: string\n type: string\n captureMode:\n enum:\n - DEFAULT\n - IPTABLES\n - NONE\n type: string\n hosts:\n items:\n format: string\n type: string\n type: array\n port:\n description: The port associated with the listener.\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n type: object\n type: array\n ingress:\n items:\n properties:\n bind:\n description: The ip to which the listener should be bound.\n format: string\n type: string\n captureMode:\n enum:\n - DEFAULT\n - IPTABLES\n - NONE\n type: string\n defaultEndpoint:\n format: string\n type: string\n port:\n description: The port associated with the listener.\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n type: object\n type: array\n outboundTrafficPolicy:\n description: This allows to configure the outbound traffic policy.\n properties:\n mode:\n enum:\n - REGISTRY_ONLY\n - ALLOW_ANY\n type: string\n type: object\n workloadSelector:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-crd-11","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:52:31Z" | |
name: istio-crd-11 | |
namespace: istio-system | |
resourceVersion: "43263" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-crd-11 | |
uid: 014493e8-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
crd-14.yaml: |- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: istio-pilot | |
heritage: Tiller | |
istio: security | |
release: istio | |
name: authorizationpolicies.security.istio.io | |
spec: | |
group: security.istio.io | |
names: | |
categories: | |
- istio-io | |
- security-istio-io | |
kind: AuthorizationPolicy | |
plural: authorizationpolicies | |
singular: authorizationpolicy | |
scope: Namespaced | |
subresources: | |
status: {} | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
description: 'Configuration for access control on workloads. See more details | |
at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' | |
properties: | |
rules: | |
description: Optional. | |
items: | |
properties: | |
from: | |
description: Optional. | |
items: | |
properties: | |
source: | |
description: Source specifies the source of a request. | |
properties: | |
ipBlocks: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
namespaces: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
principals: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
requestPrincipals: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: array | |
to: | |
description: Optional. | |
items: | |
properties: | |
operation: | |
description: Operation specifies the operation of a request. | |
properties: | |
hosts: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
methods: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
paths: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
ports: | |
description: Optional. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: object | |
type: array | |
when: | |
description: Optional. | |
items: | |
properties: | |
key: | |
description: The name of an Istio attribute. | |
format: string | |
type: string | |
values: | |
description: The allowed values for the attribute. | |
items: | |
format: string | |
type: string | |
type: array | |
type: object | |
type: array | |
type: object | |
type: array | |
selector: | |
description: Optional. | |
properties: | |
matchLabels: | |
additionalProperties: | |
format: string | |
type: string | |
type: object | |
type: object | |
type: object | |
type: object | |
versions: | |
- name: v1beta1 | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] | |
--- | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"crd-14.yaml":"apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n creationTimestamp: null\n labels:\n app: istio-pilot\n heritage: Tiller\n istio: security\n release: istio\n name: authorizationpolicies.security.istio.io\nspec:\n group: security.istio.io\n names:\n categories:\n - istio-io\n - security-istio-io\n kind: AuthorizationPolicy\n plural: authorizationpolicies\n singular: authorizationpolicy\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for access control on workloads. See more details\n at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html'\n properties:\n rules:\n description: Optional.\n items:\n properties:\n from:\n description: Optional.\n items:\n properties:\n source:\n description: Source specifies the source of a request.\n properties:\n ipBlocks:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n namespaces:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n principals:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n requestPrincipals:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n to:\n description: Optional.\n items:\n properties:\n operation:\n description: Operation specifies the operation of a request.\n properties:\n hosts:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n methods:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n paths:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n ports:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n when:\n description: Optional.\n items:\n properties:\n key:\n description: The name of an Istio attribute.\n format: string\n type: string\n values:\n description: The allowed values for the attribute.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n type: object\n type: array\n selector:\n description: Optional.\n properties:\n matchLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1beta1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-crd-14","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:52:31Z" | |
name: istio-crd-14 | |
namespace: istio-system | |
resourceVersion: "43265" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-crd-14 | |
uid: 0169c45b-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
validatingwebhookconfiguration.yaml: |- | |
apiVersion: admissionregistration.k8s.io/v1beta1 | |
kind: ValidatingWebhookConfiguration | |
metadata: | |
name: istio-galley | |
labels: | |
app: galley | |
chart: galley | |
heritage: Tiller | |
release: RELEASE-NAME | |
istio: galley | |
webhooks: | |
- name: pilot.validation.istio.io | |
clientConfig: | |
service: | |
name: istio-galley | |
namespace: istio-system | |
path: "/admitpilot" | |
caBundle: "" | |
rules: | |
- operations: | |
- CREATE | |
- UPDATE | |
apiGroups: | |
- config.istio.io | |
apiVersions: | |
- v1alpha2 | |
resources: | |
- httpapispecs | |
- httpapispecbindings | |
- quotaspecs | |
- quotaspecbindings | |
- operations: | |
- CREATE | |
- UPDATE | |
apiGroups: | |
- rbac.istio.io | |
apiVersions: | |
- "*" | |
resources: | |
- "*" | |
- operations: | |
- CREATE | |
- UPDATE | |
apiGroups: | |
- security.istio.io | |
apiVersions: | |
- "*" | |
resources: | |
- "*" | |
- operations: | |
- CREATE | |
- UPDATE | |
apiGroups: | |
- authentication.istio.io | |
apiVersions: | |
- "*" | |
resources: | |
- "*" | |
- operations: | |
- CREATE | |
- UPDATE | |
apiGroups: | |
- networking.istio.io | |
apiVersions: | |
- "*" | |
resources: | |
- destinationrules | |
- envoyfilters | |
- gateways | |
- serviceentries | |
- sidecars | |
- virtualservices | |
failurePolicy: Fail | |
sideEffects: None | |
- name: mixer.validation.istio.io | |
clientConfig: | |
service: | |
name: istio-galley | |
namespace: istio-system | |
path: "/admitmixer" | |
caBundle: "" | |
rules: | |
- operations: | |
- CREATE | |
- UPDATE | |
apiGroups: | |
- config.istio.io | |
apiVersions: | |
- v1alpha2 | |
resources: | |
- rules | |
- attributemanifests | |
- circonuses | |
- deniers | |
- fluentds | |
- kubernetesenvs | |
- listcheckers | |
- memquotas | |
- noops | |
- opas | |
- prometheuses | |
- rbacs | |
- solarwindses | |
- stackdrivers | |
- cloudwatches | |
- dogstatsds | |
- statsds | |
- stdios | |
- apikeys | |
- authorizations | |
- checknothings | |
# - kuberneteses | |
- listentries | |
- logentries | |
- metrics | |
- quotas | |
- reportnothings | |
- tracespans | |
- adapters | |
- handlers | |
- instances | |
- templates | |
- zipkins | |
failurePolicy: Fail | |
sideEffects: None | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"validatingwebhookconfiguration.yaml":"apiVersion: admissionregistration.k8s.io/v1beta1\nkind: ValidatingWebhookConfiguration\nmetadata:\n name: istio-galley\n labels:\n app: galley\n chart: galley\n heritage: Tiller\n release: RELEASE-NAME\n istio: galley\nwebhooks:\n - name: pilot.validation.istio.io\n clientConfig:\n service:\n name: istio-galley\n namespace: istio-system\n path: \"/admitpilot\"\n caBundle: \"\"\n rules:\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - config.istio.io\n apiVersions:\n - v1alpha2\n resources:\n - httpapispecs\n - httpapispecbindings\n - quotaspecs\n - quotaspecbindings\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - rbac.istio.io\n apiVersions:\n - \"*\"\n resources:\n - \"*\"\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - security.istio.io\n apiVersions:\n - \"*\"\n resources:\n - \"*\"\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - authentication.istio.io\n apiVersions:\n - \"*\"\n resources:\n - \"*\"\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - networking.istio.io\n apiVersions:\n - \"*\"\n resources:\n - destinationrules\n - envoyfilters\n - gateways\n - serviceentries\n - sidecars\n - virtualservices\n failurePolicy: Fail\n sideEffects: None\n - name: mixer.validation.istio.io\n clientConfig:\n service:\n name: istio-galley\n namespace: istio-system\n path: \"/admitmixer\"\n caBundle: \"\"\n rules:\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - config.istio.io\n apiVersions:\n - v1alpha2\n resources:\n - rules\n - attributemanifests\n - circonuses\n - deniers\n - fluentds\n - kubernetesenvs\n - listcheckers\n - memquotas\n - noops\n - opas\n - prometheuses\n - rbacs\n - solarwindses\n - stackdrivers\n - cloudwatches\n - dogstatsds\n - statsds\n - stdios\n - apikeys\n - authorizations\n - checknothings\n # - kuberneteses\n - listentries\n - logentries\n - metrics\n - quotas\n - reportnothings\n - tracespans\n - adapters\n - handlers\n - instances\n - templates\n - zipkins\n failurePolicy: Fail\n sideEffects: None"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"galley","chart":"galley","heritage":"Tiller","istio":"galley","release":"RELEASE-NAME"},"name":"istio-galley-configuration","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:20Z" | |
labels: | |
app: galley | |
chart: galley | |
heritage: Tiller | |
istio: galley | |
release: RELEASE-NAME | |
name: istio-galley-configuration | |
namespace: istio-system | |
resourceVersion: "43408" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-galley-configuration | |
uid: 1e88c0f8-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
caTLSRootCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: ConfigMap | |
metadata: | |
creationTimestamp: "2019-12-03T10:53:37Z" | |
name: istio-security | |
namespace: istio-system | |
resourceVersion: "43635" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-security | |
uid: 28bd6a39-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
custom-resources.yaml: |- | |
# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh. | |
apiVersion: "authentication.istio.io/v1alpha1" | |
kind: "MeshPolicy" | |
metadata: | |
name: "default" | |
labels: | |
app: security | |
chart: security | |
heritage: Tiller | |
release: RELEASE-NAME | |
spec: | |
peers: | |
- mtls: | |
mode: PERMISSIVE | |
run.sh: |- | |
#!/bin/sh | |
set -x | |
if [ "$#" -ne "1" ]; then | |
echo "first argument should be path to custom resource yaml" | |
exit 1 | |
fi | |
pathToResourceYAML=${1} | |
kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null | |
if [ "$?" -eq 0 ]; then | |
echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready" | |
while true; do | |
kubectl -n istio-system get deployment istio-galley 2>/dev/null | |
if [ "$?" -eq 0 ]; then | |
break | |
fi | |
sleep 1 | |
done | |
kubectl -n istio-system rollout status deployment istio-galley | |
if [ "$?" -ne 0 ]; then | |
echo "istio-galley deployment rollout status check failed" | |
exit 1 | |
fi | |
echo "istio-galley deployment ready for configuration validation" | |
fi | |
sleep 5 | |
kubectl apply -f ${pathToResourceYAML} | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"custom-resources.yaml":"# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh.\napiVersion: \"authentication.istio.io/v1alpha1\"\nkind: \"MeshPolicy\"\nmetadata:\n name: \"default\"\n labels:\n app: security\n chart: security\n heritage: Tiller\n release: RELEASE-NAME\nspec:\n peers:\n - mtls:\n mode: PERMISSIVE","run.sh":"#!/bin/sh\n\nset -x\n\nif [ \"$#\" -ne \"1\" ]; then\n echo \"first argument should be path to custom resource yaml\"\n exit 1\nfi\n\npathToResourceYAML=${1}\n\nkubectl get validatingwebhookconfiguration istio-galley 2\u003e/dev/null\nif [ \"$?\" -eq 0 ]; then\n echo \"istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready\"\n while true; do\n kubectl -n istio-system get deployment istio-galley 2\u003e/dev/null\n if [ \"$?\" -eq 0 ]; then\n break\n fi\n sleep 1\n done\n kubectl -n istio-system rollout status deployment istio-galley\n if [ \"$?\" -ne 0 ]; then\n echo \"istio-galley deployment rollout status check failed\"\n exit 1\n fi\n echo \"istio-galley deployment ready for configuration validation\"\nfi\nsleep 5\nkubectl apply -f ${pathToResourceYAML}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"security","chart":"security","heritage":"Tiller","istio":"citadel","release":"RELEASE-NAME"},"name":"istio-security-custom-resources","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:20Z" | |
labels: | |
app: security | |
chart: security | |
heritage: Tiller | |
istio: citadel | |
release: RELEASE-NAME | |
name: istio-security-custom-resources | |
namespace: istio-system | |
resourceVersion: "43409" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-security-custom-resources | |
uid: 1eb81df9-15bb-11ea-b5af-027e0b84da98 | |
- apiVersion: v1 | |
data: | |
config: |- | |
policy: disabled | |
alwaysInjectSelector: | |
[] | |
neverInjectSelector: | |
[] | |
template: |- | |
rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} | |
{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} | |
initContainers: | |
{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} | |
{{- if not .Values.istio_cni.enabled }} | |
- name: istio-init | |
{{- if contains "/" .Values.global.proxy_init.image }} | |
image: "{{ .Values.global.proxy_init.image }}" | |
{{- else }} | |
image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" | |
{{- end }} | |
command: | |
- istio-iptables | |
- "-p" | |
- "15001" | |
- "-z" | |
- "15006" | |
- "-u" | |
- 1337 | |
- "-m" | |
- "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" | |
- "-i" | |
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" | |
- "-x" | |
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" | |
- "-b" | |
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" | |
- "-d" | |
- "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" | |
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} | |
- "-o" | |
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" | |
{{ end -}} | |
{{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} | |
- "-k" | |
- "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" | |
{{ end -}} | |
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" | |
{{- if .Values.global.proxy.init.resources }} | |
resources: | |
{{ toYaml .Values.global.proxy.init.resources | indent 4 }} | |
{{- else }} | |
resources: {} | |
{{- end }} | |
securityContext: | |
runAsUser: 0 | |
runAsNonRoot: false | |
capabilities: | |
add: | |
- NET_ADMIN | |
{{- if .Values.global.proxy.privileged }} | |
privileged: true | |
{{- end }} | |
restartPolicy: Always | |
{{- end }} | |
{{ end -}} | |
{{- if eq .Values.global.proxy.enableCoreDump true }} | |
- name: enable-core-dump | |
args: | |
- -c | |
- sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited | |
command: | |
- /bin/sh | |
image: {{ $.Values.global.proxy.enableCoreDumpImage }} | |
imagePullPolicy: IfNotPresent | |
resources: {} | |
securityContext: | |
runAsUser: 0 | |
runAsNonRoot: false | |
privileged: true | |
{{ end }} | |
{{- end }} | |
containers: | |
- name: istio-proxy | |
{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} | |
image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" | |
{{- else }} | |
image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" | |
{{- end }} | |
ports: | |
- containerPort: 15090 | |
protocol: TCP | |
name: http-envoy-prom | |
args: | |
- proxy | |
- sidecar | |
- --domain | |
- $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} | |
- --configPath | |
- "{{ .ProxyConfig.ConfigPath }}" | |
- --binaryPath | |
- "{{ .ProxyConfig.BinaryPath }}" | |
- --serviceCluster | |
{{ if ne "" (index .ObjectMeta.Labels "app") -}} | |
- "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" | |
{{ else -}} | |
- "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" | |
{{ end -}} | |
- --drainDuration | |
- "{{ formatDuration .ProxyConfig.DrainDuration }}" | |
- --parentShutdownDuration | |
- "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" | |
- --discoveryAddress | |
- "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" | |
{{- if eq .Values.global.proxy.tracer "lightstep" }} | |
- --lightstepAddress | |
- "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" | |
- --lightstepAccessToken | |
- "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" | |
- --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} | |
- --lightstepCacertPath | |
- "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" | |
{{- else if eq .Values.global.proxy.tracer "zipkin" }} | |
- --zipkinAddress | |
- "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" | |
{{- else if eq .Values.global.proxy.tracer "datadog" }} | |
- --datadogAgentAddress | |
- "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" | |
{{- end }} | |
{{- if .Values.global.proxy.logLevel }} | |
- --proxyLogLevel={{ .Values.global.proxy.logLevel }} | |
{{- end}} | |
{{- if .Values.global.proxy.componentLogLevel }} | |
- --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} | |
{{- end}} | |
- --dnsRefreshRate | |
- {{ .Values.global.proxy.dnsRefreshRate }} | |
- --connectTimeout | |
- "{{ formatDuration .ProxyConfig.ConnectTimeout }}" | |
{{- if .Values.global.proxy.envoyStatsd.enabled }} | |
- --statsdUdpAddress | |
- "{{ .ProxyConfig.StatsdUdpAddress }}" | |
{{- end }} | |
{{- if .Values.global.proxy.envoyMetricsService.enabled }} | |
- --envoyMetricsService | |
- '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' | |
{{- end }} | |
{{- if .Values.global.proxy.envoyAccessLogService.enabled }} | |
- --envoyAccessLogService | |
- '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' | |
{{- end }} | |
- --proxyAdminPort | |
- "{{ .ProxyConfig.ProxyAdminPort }}" | |
{{ if gt .ProxyConfig.Concurrency 0 -}} | |
- --concurrency | |
- "{{ .ProxyConfig.Concurrency }}" | |
{{ end -}} | |
- --controlPlaneAuthPolicy | |
- "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" | |
{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }} | |
- --statusPort | |
- "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" | |
- --applicationPorts | |
- "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" | |
{{- end }} | |
{{- if .Values.global.trustDomain }} | |
- --trust-domain={{ .Values.global.trustDomain }} | |
{{- end }} | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: ISTIO_META_POD_PORTS | |
value: |- | |
[ | |
{{- range $index1, $c := .Spec.Containers }} | |
{{- range $index2, $p := $c.Ports }} | |
{{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }} | |
{{- end}} | |
{{- end}} | |
] | |
- name: ISTIO_META_CLUSTER_ID | |
value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
- name: SERVICE_ACCOUNT | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.serviceAccountName | |
{{- if .Values.global.mtls.auto }} | |
- name: ISTIO_AUTO_MTLS_ENABLED | |
value: "true" | |
{{- end }} | |
{{- if eq .Values.global.proxy.tracer "datadog" }} | |
- name: HOST_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.hostIP | |
{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} | |
{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} | |
- name: {{ $key }} | |
value: "{{ $value }}" | |
{{- end }} | |
{{- end }} | |
{{- end }} | |
- name: ISTIO_META_POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: ISTIO_META_CONFIG_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: SDS_ENABLED | |
value: {{ $.Values.global.sds.enabled }} | |
- name: ISTIO_META_INTERCEPTION_MODE | |
value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" | |
- name: ISTIO_META_INCLUDE_INBOUND_PORTS | |
value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" | |
{{- if .Values.global.network }} | |
- name: ISTIO_META_NETWORK | |
value: "{{ .Values.global.network }}" | |
{{- end }} | |
{{ if .ObjectMeta.Annotations }} | |
- name: ISTIO_METAJSON_ANNOTATIONS | |
value: | | |
{{ toJSON .ObjectMeta.Annotations }} | |
{{ end }} | |
{{ if .ObjectMeta.Labels }} | |
- name: ISTIO_METAJSON_LABELS | |
value: | | |
{{ toJSON .ObjectMeta.Labels }} | |
{{ end }} | |
{{- if .DeploymentMeta.Name }} | |
- name: ISTIO_META_WORKLOAD_NAME | |
value: {{ .DeploymentMeta.Name }} | |
{{ end }} | |
{{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} | |
- name: ISTIO_META_OWNER | |
value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} | |
{{- end}} | |
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} | |
- name: ISTIO_BOOTSTRAP_OVERRIDE | |
value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" | |
{{- end }} | |
{{- if .Values.global.sds.customTokenDirectory }} | |
- name: ISTIO_META_SDS_TOKEN_PATH | |
value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" | |
{{- end }} | |
{{- if .Values.global.meshID }} | |
- name: ISTIO_META_MESH_ID | |
value: "{{ .Values.global.meshID }}" | |
{{- else if .Values.global.trustDomain }} | |
- name: ISTIO_META_MESH_ID | |
value: "{{ .Values.global.trustDomain }}" | |
{{- end }} | |
# PATCH #2: Increase termination drain duration. | |
- name: TERMINATION_DRAIN_DURATION_SECONDS | |
value: "20" | |
# PATCH #2 ends. | |
{{- if eq .Values.global.proxy.tracer "stackdriver" }} | |
- name: STACKDRIVER_TRACING_ENABLED | |
value: "true" | |
- name: STACKDRIVER_TRACING_DEBUG | |
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" | |
{{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }} | |
- name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS | |
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}" | |
{{- end }} | |
{{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }} | |
- name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES | |
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}" | |
{{- end }} | |
{{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }} | |
- name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS | |
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}" | |
{{- end }} | |
{{- end }} | |
imagePullPolicy: {{ .Values.global.imagePullPolicy }} | |
{{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }} | |
readinessProbe: | |
httpGet: | |
path: /healthz/ready | |
port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} | |
initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} | |
periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} | |
failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} | |
{{ end -}} | |
securityContext: | |
{{- if .Values.global.proxy.privileged }} | |
privileged: true | |
{{- end }} | |
{{- if ne .Values.global.proxy.enableCoreDump true }} | |
readOnlyRootFilesystem: true | |
{{- end }} | |
{{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} | |
capabilities: | |
add: | |
- NET_ADMIN | |
runAsGroup: 1337 | |
{{ else -}} | |
{{ if .Values.global.sds.enabled }} | |
runAsGroup: 1337 | |
{{- end }} | |
runAsUser: 1337 | |
{{- end }} | |
resources: | |
{{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} | |
requests: | |
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} | |
cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" | |
{{ end}} | |
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} | |
memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" | |
{{ end }} | |
{{ else -}} | |
{{- if .Values.global.proxy.resources }} | |
{{ toYaml .Values.global.proxy.resources | indent 4 }} | |
{{- end }} | |
{{ end -}} | |
volumeMounts: | |
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} | |
- mountPath: /etc/istio/custom-bootstrap | |
name: custom-bootstrap-volume | |
{{- end }} | |
- mountPath: /etc/istio/proxy | |
name: istio-envoy | |
{{- if .Values.global.sds.enabled }} | |
- mountPath: /var/run/sds | |
name: sds-uds-path | |
readOnly: true | |
- mountPath: /var/run/secrets/tokens | |
name: istio-token | |
{{- if .Values.global.sds.customTokenDirectory }} | |
- mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" | |
name: custom-sds-token | |
readOnly: true | |
{{- end }} | |
{{- else }} | |
- mountPath: /etc/certs/ | |
name: istio-certs | |
readOnly: true | |
{{- end }} | |
{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} | |
- mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} | |
name: lightstep-certs | |
readOnly: true | |
{{- end }} | |
{{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} | |
{{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} | |
- name: "{{ $index }}" | |
{{ toYaml $value | indent 4 }} | |
{{ end }} | |
{{- end }} | |
volumes: | |
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} | |
- name: custom-bootstrap-volume | |
configMap: | |
name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} | |
{{- end }} | |
- emptyDir: | |
medium: Memory | |
name: istio-envoy | |
{{- if .Values.global.sds.enabled }} | |
- name: sds-uds-path | |
hostPath: | |
path: /var/run/sds | |
- name: istio-token | |
projected: | |
sources: | |
- serviceAccountToken: | |
path: istio-token | |
expirationSeconds: 43200 | |
audience: {{ .Values.global.sds.token.aud }} | |
{{- if .Values.global.sds.customTokenDirectory }} | |
- name: custom-sds-token | |
secret: | |
secretName: sdstokensecret | |
{{- end }} | |
{{- else }} | |
- name: istio-certs | |
secret: | |
optional: true | |
{{ if eq .Spec.ServiceAccountName "" }} | |
secretName: istio.default | |
{{ else -}} | |
secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} | |
{{ end -}} | |
{{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} | |
{{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} | |
- name: "{{ $index }}" | |
{{ toYaml $value | indent 2 }} | |
{{ end }} | |
{{ end }} | |
{{- end }} | |
{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} | |
- name: lightstep-certs | |
secret: | |
optional: true | |
secretName: lightstep.cacert | |
{{- end }} | |
{{- if .Values.global.podDNSSearchNamespaces }} | |
dnsConfig: | |
searches: | |
{{- range .Values.global.podDNSSearchNamespaces }} | |
- {{ render . }} | |
{{- end }} | |
{{- end }} | |
podRedirectAnnot: | |
sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" | |
traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" | |
traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" | |
traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" | |
traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" | |
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} | |
traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" | |
{{- end }} | |
traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" | |
injectedAnnotations: | |
values: '{"certmanager":{"enabled":false},"galley":{"enableAnalysis":false,"enableServiceDiscovery":false,"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"galley","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","tolerations":[]},"gateways":{"cluster-local-gateway":{"autoscaleMax":4,"autoscaleMin":2,"cpu":{"targetAverageUtilization":80},"enabled":true,"externalIPs":[],"labels":{"app":"cluster-local-gateway","istio":"cluster-local-gateway"},"loadBalancerIP":"","loadBalancerSourceRanges":{},"podAnnotations":{},"ports":[{"name":"status-port","port":15020},{"name":"http2","port":80},{"name":"https","port":443}],"replicaCount":2,"resources":{"requests":{"cpu":"250m","memory":"256Mi"}},"secretVolumes":[{"mountPath":"/etc/istio/cluster-local-gateway-certs","name":"cluster-local-gateway-certs","secretName":"istio-cluster-local-gateway-certs"},{"mountPath":"/etc/istio/cluster-local-gateway-ca-certs","name":"cluster-local-gateway-ca-certs","secretName":"istio-cluster-local-gateway-ca-certs"}],"serviceAnnotations":{},"type":"ClusterIP"},"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"istio-egressgateway":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":false,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"labels":{"app":"istio-egressgateway","istio":"egressgateway"},"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"ports":[{"name":"http2","port":80},{"name":"https","port":443},{"name":"tls","port":15443,"targetPort":15443}],"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"serviceAnnotations":{},"tolerations":[],"type":"ClusterIP"},"istio-ilbgateway":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":false,"labels":{"app":"istio-ilbgateway","istio":"ilbgateway"},"loadBalancerIP":"","nodeSelector":{},"podAnnotations":{},"ports":[{"name":"grpc-pilot-mtls","port":15011},{"name":"grpc-pilot","port":15010},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns","port":5353}],"resources":{"requests":{"cpu":"800m","memory":"512Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","secretVolumes":[{"mountPath":"/etc/istio/ilbgateway-certs","name":"ilbgateway-certs","secretName":"istio-ilbgateway-certs"},{"mountPath":"/etc/istio/ilbgateway-ca-certs","name":"ilbgateway-ca-certs","secretName":"istio-ilbgateway-ca-certs"}],"serviceAnnotations":{"cloud.google.com/load-balancer-type":"internal"},"tolerations":[],"type":"LoadBalancer"},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"autoscaleMax":4,"autoscaleMin":2,"cpu":{"targetAverageUtilization":80},"enabled":true,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"externalIPs":[],"labels":{"app":"istio-ingressgateway","istio":"ingressgateway"},"loadBalancerIP":"","loadBalancerSourceRanges":[],"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-mixer-grpc-tls","port":15004,"targetPort":15004},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"ports":[{"name":"status-port","port":15020},{"name":"http2","port":80},{"name":"https","port":443}],"replicaCount":2,"resources":{"limits":{"cpu":"3000m","memory":"2048Mi"},"requests":{"cpu":"3000m","memory":"2048Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sds":{"enabled":true,"image":"node-agent-k8s","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}},"secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"serviceAnnotations":{},"tolerations":[],"type":"LoadBalancer"}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"grafana":{"enabled":false},"istio_cni":{"enabled":false},"istiocoredns":{"enabled":false},"kiali":{"enabled":false},"mixer":{"adapters":{"kubernetesenv":{"enabled":true},"prometheus":{"enabled":false,"metricsExpiryDuration":"10m"},"stdio":{"enabled":false,"outputAsJson":true},"useAdapterCRDs":false},"env":{"GOMAXPROCS":"6"},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"mixer","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"policy":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%"},"telemetry":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"loadshedding":{"latencyThreshold":"100ms","mode":"enforce"},"replicaCount":1,"reportBatchMaxEntries":100,"reportBatchMaxTime":"1s","resources":{"limits":{"cpu":"4800m","memory":"4G"},"requests":{"cpu":"1000m","memory":"1G"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sessionAffinityEnabled":false},"tolerations":[]},"nodeagent":{"enabled":false},"pilot":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":2,"configSource":{"subscribedResources":null},"cpu":{"targetAverageUtilization":80},"enableProtocolSniffingForInbound":false,"enableProtocolSniffingForOutbound":true,"enabled":true,"env":{"PILOT_PUSH_THROTTLE":100},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"pilot","keepaliveMaxServerConnectionAge":"30m","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"resources":{"requests":{"cpu":"3000m","memory":"2048Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sidecar":true,"tolerations":[],"traceSampling":100},"prometheus":{"enabled":false},"security":{"citadelHealthCheck":false,"createMeshPolicy":true,"enableNamespacesByDefault":true,"enabled":true,"env":{},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"citadel","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[],"workloadCertTtl":"2160h"},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableNamespacesByDefault":true,"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"sidecar_injector","injectedAnnotations":{},"neverInjectSelector":[],"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","tolerations":[]},"tracing":{"enabled":false}}' | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","data":{"config":"policy: disabled\nalwaysInjectSelector:\n []\nneverInjectSelector:\n []\ntemplate: |-\n rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }}\n {{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }}\n initContainers:\n {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}\n {{- if not .Values.istio_cni.enabled }}\n - name: istio-init\n {{- if contains \"/\" .Values.global.proxy_init.image }}\n image: \"{{ .Values.global.proxy_init.image }}\"\n {{- else }}\n image: \"{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}\"\n {{- end }}\n command:\n - istio-iptables\n - \"-p\"\n - \"15001\"\n - \"-z\"\n - \"15006\"\n - \"-u\"\n - 1337\n - \"-m\"\n - \"{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}\"\n - \"-i\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}\"\n - \"-x\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}\"\n - \"-b\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}\"\n - \"-d\"\n - \"{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}\"\n {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts \"\") -}}\n - \"-o\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}\"\n {{ end -}}\n {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}\n - \"-k\"\n - \"{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}\"\n {{ end -}}\n imagePullPolicy: \"{{ .Values.global.imagePullPolicy }}\"\n {{- if .Values.global.proxy.init.resources }}\n resources:\n {{ toYaml .Values.global.proxy.init.resources | indent 4 }}\n {{- else }}\n resources: {}\n {{- end }}\n securityContext:\n runAsUser: 0\n runAsNonRoot: false\n capabilities:\n add:\n - NET_ADMIN\n {{- if .Values.global.proxy.privileged }}\n privileged: true\n {{- end }}\n restartPolicy: Always\n {{- end }}\n {{ end -}}\n {{- if eq .Values.global.proxy.enableCoreDump true }}\n - name: enable-core-dump\n args:\n - -c\n - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy \u0026\u0026 ulimit -c unlimited\n command:\n - /bin/sh\n image: {{ $.Values.global.proxy.enableCoreDumpImage }}\n imagePullPolicy: IfNotPresent\n resources: {}\n securityContext:\n runAsUser: 0\n runAsNonRoot: false\n privileged: true\n {{ end }}\n {{- end }}\n containers:\n - name: istio-proxy\n {{- if contains \"/\" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}\n image: \"{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}\"\n {{- else }}\n image: \"{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}\"\n {{- end }}\n ports:\n - containerPort: 15090\n protocol: TCP\n name: http-envoy-prom\n args:\n - proxy\n - sidecar\n - --domain\n - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}\n - --configPath\n - \"{{ .ProxyConfig.ConfigPath }}\"\n - --binaryPath\n - \"{{ .ProxyConfig.BinaryPath }}\"\n - --serviceCluster\n {{ if ne \"\" (index .ObjectMeta.Labels \"app\") -}}\n - \"{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)\"\n {{ else -}}\n - \"{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}\"\n {{ end -}}\n - --drainDuration\n - \"{{ formatDuration .ProxyConfig.DrainDuration }}\"\n - --parentShutdownDuration\n - \"{{ formatDuration .ProxyConfig.ParentShutdownDuration }}\"\n - --discoveryAddress\n - \"{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}\"\n {{- if eq .Values.global.proxy.tracer \"lightstep\" }}\n - --lightstepAddress\n - \"{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}\"\n - --lightstepAccessToken\n - \"{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}\"\n - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }}\n - --lightstepCacertPath\n - \"{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}\"\n {{- else if eq .Values.global.proxy.tracer \"zipkin\" }}\n - --zipkinAddress\n - \"{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}\"\n {{- else if eq .Values.global.proxy.tracer \"datadog\" }}\n - --datadogAgentAddress\n - \"{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}\"\n {{- end }}\n {{- if .Values.global.proxy.logLevel }}\n - --proxyLogLevel={{ .Values.global.proxy.logLevel }}\n {{- end}}\n {{- if .Values.global.proxy.componentLogLevel }}\n - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }}\n {{- end}}\n - --dnsRefreshRate\n - {{ .Values.global.proxy.dnsRefreshRate }}\n - --connectTimeout\n - \"{{ formatDuration .ProxyConfig.ConnectTimeout }}\"\n {{- if .Values.global.proxy.envoyStatsd.enabled }}\n - --statsdUdpAddress\n - \"{{ .ProxyConfig.StatsdUdpAddress }}\"\n {{- end }}\n {{- if .Values.global.proxy.envoyMetricsService.enabled }}\n - --envoyMetricsService\n - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}'\n {{- end }}\n {{- if .Values.global.proxy.envoyAccessLogService.enabled }}\n - --envoyAccessLogService\n - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}'\n {{- end }}\n - --proxyAdminPort\n - \"{{ .ProxyConfig.ProxyAdminPort }}\"\n {{ if gt .ProxyConfig.Concurrency 0 -}}\n - --concurrency\n - \"{{ .ProxyConfig.Concurrency }}\"\n {{ end -}}\n - --controlPlaneAuthPolicy\n - \"{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}\"\n {{- if (ne (annotation .ObjectMeta \"status.sidecar.istio.io/port\" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }}\n - --statusPort\n - \"{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}\"\n - --applicationPorts\n - \"{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}\"\n {{- end }}\n {{- if .Values.global.trustDomain }}\n - --trust-domain={{ .Values.global.trustDomain }}\n {{- end }}\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: ISTIO_META_POD_PORTS\n value: |-\n [\n {{- range $index1, $c := .Spec.Containers }}\n {{- range $index2, $p := $c.Ports }}\n {{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }}\n {{- end}}\n {{- end}}\n ]\n - name: ISTIO_META_CLUSTER_ID\n value: \"{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}\"\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: SERVICE_ACCOUNT\n valueFrom:\n fieldRef:\n fieldPath: spec.serviceAccountName\n {{- if .Values.global.mtls.auto }}\n - name: ISTIO_AUTO_MTLS_ENABLED\n value: \"true\"\n {{- end }}\n {{- if eq .Values.global.proxy.tracer \"datadog\" }}\n - name: HOST_IP\n valueFrom:\n fieldRef:\n fieldPath: status.hostIP\n {{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }}\n {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}\n - name: {{ $key }}\n value: \"{{ $value }}\"\n {{- end }}\n {{- end }}\n {{- end }}\n - name: ISTIO_META_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: ISTIO_META_CONFIG_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: SDS_ENABLED\n value: {{ $.Values.global.sds.enabled }}\n - name: ISTIO_META_INTERCEPTION_MODE\n value: \"{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}\"\n - name: ISTIO_META_INCLUDE_INBOUND_PORTS\n value: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}\"\n {{- if .Values.global.network }}\n - name: ISTIO_META_NETWORK\n value: \"{{ .Values.global.network }}\"\n {{- end }}\n {{ if .ObjectMeta.Annotations }}\n - name: ISTIO_METAJSON_ANNOTATIONS\n value: |\n {{ toJSON .ObjectMeta.Annotations }}\n {{ end }}\n {{ if .ObjectMeta.Labels }}\n - name: ISTIO_METAJSON_LABELS\n value: |\n {{ toJSON .ObjectMeta.Labels }}\n {{ end }}\n {{- if .DeploymentMeta.Name }}\n - name: ISTIO_META_WORKLOAD_NAME\n value: {{ .DeploymentMeta.Name }}\n {{ end }}\n {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}\n - name: ISTIO_META_OWNER\n value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}\n {{- end}}\n {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}\n - name: ISTIO_BOOTSTRAP_OVERRIDE\n value: \"/etc/istio/custom-bootstrap/custom_bootstrap.json\"\n {{- end }}\n {{- if .Values.global.sds.customTokenDirectory }}\n - name: ISTIO_META_SDS_TOKEN_PATH\n value: \"{{ .Values.global.sds.customTokenDirectory -}}/sdstoken\"\n {{- end }}\n {{- if .Values.global.meshID }}\n - name: ISTIO_META_MESH_ID\n value: \"{{ .Values.global.meshID }}\"\n {{- else if .Values.global.trustDomain }}\n - name: ISTIO_META_MESH_ID\n value: \"{{ .Values.global.trustDomain }}\"\n {{- end }}\n # PATCH #2: Increase termination drain duration.\n - name: TERMINATION_DRAIN_DURATION_SECONDS\n value: \"20\"\n # PATCH #2 ends.\n {{- if eq .Values.global.proxy.tracer \"stackdriver\" }}\n - name: STACKDRIVER_TRACING_ENABLED\n value: \"true\"\n - name: STACKDRIVER_TRACING_DEBUG\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}\"\n {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}\n - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}\"\n {{- end }}\n {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}\n - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}\"\n {{- end }}\n {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}\n - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}\"\n {{- end }}\n {{- end }}\n imagePullPolicy: {{ .Values.global.imagePullPolicy }}\n {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }}\n readinessProbe:\n httpGet:\n path: /healthz/ready\n port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}\n initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}\n periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}\n failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}\n {{ end -}}\n securityContext:\n {{- if .Values.global.proxy.privileged }}\n privileged: true\n {{- end }}\n {{- if ne .Values.global.proxy.enableCoreDump true }}\n readOnlyRootFilesystem: true\n {{- end }}\n {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}}\n capabilities:\n add:\n - NET_ADMIN\n runAsGroup: 1337\n {{ else -}}\n {{ if .Values.global.sds.enabled }}\n runAsGroup: 1337\n {{- end }}\n runAsUser: 1337\n {{- end }}\n resources:\n {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}\n requests:\n {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}\n cpu: \"{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}\"\n {{ end}}\n {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}\n memory: \"{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}\"\n {{ end }}\n {{ else -}}\n {{- if .Values.global.proxy.resources }}\n {{ toYaml .Values.global.proxy.resources | indent 4 }}\n {{- end }}\n {{ end -}}\n volumeMounts:\n {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}\n - mountPath: /etc/istio/custom-bootstrap\n name: custom-bootstrap-volume\n {{- end }}\n - mountPath: /etc/istio/proxy\n name: istio-envoy\n {{- if .Values.global.sds.enabled }}\n - mountPath: /var/run/sds\n name: sds-uds-path\n readOnly: true\n - mountPath: /var/run/secrets/tokens\n name: istio-token\n {{- if .Values.global.sds.customTokenDirectory }}\n - mountPath: \"{{ .Values.global.sds.customTokenDirectory -}}\"\n name: custom-sds-token\n readOnly: true\n {{- end }}\n {{- else }}\n - mountPath: /etc/certs/\n name: istio-certs\n readOnly: true\n {{- end }}\n {{- if and (eq .Values.global.proxy.tracer \"lightstep\") .Values.global.tracer.lightstep.cacertPath }}\n - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}\n name: lightstep-certs\n readOnly: true\n {{- end }}\n {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}\n {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}\n - name: \"{{ $index }}\"\n {{ toYaml $value | indent 4 }}\n {{ end }}\n {{- end }}\n volumes:\n {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}\n - name: custom-bootstrap-volume\n configMap:\n name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` \"\" }}\n {{- end }}\n - emptyDir:\n medium: Memory\n name: istio-envoy\n {{- if .Values.global.sds.enabled }}\n - name: sds-uds-path\n hostPath:\n path: /var/run/sds\n - name: istio-token\n projected:\n sources:\n - serviceAccountToken:\n path: istio-token\n expirationSeconds: 43200\n audience: {{ .Values.global.sds.token.aud }}\n {{- if .Values.global.sds.customTokenDirectory }}\n - name: custom-sds-token\n secret:\n secretName: sdstokensecret\n {{- end }}\n {{- else }}\n - name: istio-certs\n secret:\n optional: true\n {{ if eq .Spec.ServiceAccountName \"\" }}\n secretName: istio.default\n {{ else -}}\n secretName: {{ printf \"istio.%s\" .Spec.ServiceAccountName }}\n {{ end -}}\n {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}\n {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}\n - name: \"{{ $index }}\"\n {{ toYaml $value | indent 2 }}\n {{ end }}\n {{ end }}\n {{- end }}\n {{- if and (eq .Values.global.proxy.tracer \"lightstep\") .Values.global.tracer.lightstep.cacertPath }}\n - name: lightstep-certs\n secret:\n optional: true\n secretName: lightstep.cacert\n {{- end }}\n {{- if .Values.global.podDNSSearchNamespaces }}\n dnsConfig:\n searches:\n {{- range .Values.global.podDNSSearchNamespaces }}\n - {{ render . }}\n {{- end }}\n {{- end }}\n podRedirectAnnot:\n sidecar.istio.io/interceptionMode: \"{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}\"\n traffic.sidecar.istio.io/includeOutboundIPRanges: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}\"\n traffic.sidecar.istio.io/excludeOutboundIPRanges: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}\"\n traffic.sidecar.istio.io/includeInboundPorts: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}\"\n traffic.sidecar.istio.io/excludeInboundPorts: \"{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}\"\n {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts \"\") }}\n traffic.sidecar.istio.io/excludeOutboundPorts: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}\"\n {{- end }}\n traffic.sidecar.istio.io/kubevirtInterfaces: \"{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}\"\ninjectedAnnotations:","values":"{\"certmanager\":{\"enabled\":false},\"galley\":{\"enableAnalysis\":false,\"enableServiceDiscovery\":false,\"enabled\":true,\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"galley\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"replicaCount\":1,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"tolerations\":[]},\"gateways\":{\"cluster-local-gateway\":{\"autoscaleMax\":4,\"autoscaleMin\":2,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"externalIPs\":[],\"labels\":{\"app\":\"cluster-local-gateway\",\"istio\":\"cluster-local-gateway\"},\"loadBalancerIP\":\"\",\"loadBalancerSourceRanges\":{},\"podAnnotations\":{},\"ports\":[{\"name\":\"status-port\",\"port\":15020},{\"name\":\"http2\",\"port\":80},{\"name\":\"https\",\"port\":443}],\"replicaCount\":2,\"resources\":{\"requests\":{\"cpu\":\"250m\",\"memory\":\"256Mi\"}},\"secretVolumes\":[{\"mountPath\":\"/etc/istio/cluster-local-gateway-certs\",\"name\":\"cluster-local-gateway-certs\",\"secretName\":\"istio-cluster-local-gateway-certs\"},{\"mountPath\":\"/etc/istio/cluster-local-gateway-ca-certs\",\"name\":\"cluster-local-gateway-ca-certs\",\"secretName\":\"istio-cluster-local-gateway-ca-certs\"}],\"serviceAnnotations\":{},\"type\":\"ClusterIP\"},\"enabled\":true,\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"istio-egressgateway\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":false,\"env\":{\"ISTIO_META_ROUTER_MODE\":\"sni-dnat\"},\"labels\":{\"app\":\"istio-egressgateway\",\"istio\":\"egressgateway\"},\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"ports\":[{\"name\":\"http2\",\"port\":80},{\"name\":\"https\",\"port\":443},{\"name\":\"tls\",\"port\":15443,\"targetPort\":15443}],\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"secretVolumes\":[{\"mountPath\":\"/etc/istio/egressgateway-certs\",\"name\":\"egressgateway-certs\",\"secretName\":\"istio-egressgateway-certs\"},{\"mountPath\":\"/etc/istio/egressgateway-ca-certs\",\"name\":\"egressgateway-ca-certs\",\"secretName\":\"istio-egressgateway-ca-certs\"}],\"serviceAnnotations\":{},\"tolerations\":[],\"type\":\"ClusterIP\"},\"istio-ilbgateway\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":false,\"labels\":{\"app\":\"istio-ilbgateway\",\"istio\":\"ilbgateway\"},\"loadBalancerIP\":\"\",\"nodeSelector\":{},\"podAnnotations\":{},\"ports\":[{\"name\":\"grpc-pilot-mtls\",\"port\":15011},{\"name\":\"grpc-pilot\",\"port\":15010},{\"name\":\"tcp-citadel-grpc-tls\",\"port\":8060,\"targetPort\":8060},{\"name\":\"tcp-dns\",\"port\":5353}],\"resources\":{\"requests\":{\"cpu\":\"800m\",\"memory\":\"512Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"secretVolumes\":[{\"mountPath\":\"/etc/istio/ilbgateway-certs\",\"name\":\"ilbgateway-certs\",\"secretName\":\"istio-ilbgateway-certs\"},{\"mountPath\":\"/etc/istio/ilbgateway-ca-certs\",\"name\":\"ilbgateway-ca-certs\",\"secretName\":\"istio-ilbgateway-ca-certs\"}],\"serviceAnnotations\":{\"cloud.google.com/load-balancer-type\":\"internal\"},\"tolerations\":[],\"type\":\"LoadBalancer\"},\"istio-ingressgateway\":{\"applicationPorts\":\"\",\"autoscaleEnabled\":true,\"autoscaleMax\":4,\"autoscaleMin\":2,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"env\":{\"ISTIO_META_ROUTER_MODE\":\"sni-dnat\"},\"externalIPs\":[],\"labels\":{\"app\":\"istio-ingressgateway\",\"istio\":\"ingressgateway\"},\"loadBalancerIP\":\"\",\"loadBalancerSourceRanges\":[],\"meshExpansionPorts\":[{\"name\":\"tcp-pilot-grpc-tls\",\"port\":15011,\"targetPort\":15011},{\"name\":\"tcp-mixer-grpc-tls\",\"port\":15004,\"targetPort\":15004},{\"name\":\"tcp-citadel-grpc-tls\",\"port\":8060,\"targetPort\":8060},{\"name\":\"tcp-dns-tls\",\"port\":853,\"targetPort\":853}],\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"ports\":[{\"name\":\"status-port\",\"port\":15020},{\"name\":\"http2\",\"port\":80},{\"name\":\"https\",\"port\":443}],\"replicaCount\":2,\"resources\":{\"limits\":{\"cpu\":\"3000m\",\"memory\":\"2048Mi\"},\"requests\":{\"cpu\":\"3000m\",\"memory\":\"2048Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"sds\":{\"enabled\":true,\"image\":\"node-agent-k8s\",\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}}},\"secretVolumes\":[{\"mountPath\":\"/etc/istio/ingressgateway-certs\",\"name\":\"ingressgateway-certs\",\"secretName\":\"istio-ingressgateway-certs\"},{\"mountPath\":\"/etc/istio/ingressgateway-ca-certs\",\"name\":\"ingressgateway-ca-certs\",\"secretName\":\"istio-ingressgateway-ca-certs\"}],\"serviceAnnotations\":{},\"tolerations\":[],\"type\":\"LoadBalancer\"}},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"grafana\":{\"enabled\":false},\"istio_cni\":{\"enabled\":false},\"istiocoredns\":{\"enabled\":false},\"kiali\":{\"enabled\":false},\"mixer\":{\"adapters\":{\"kubernetesenv\":{\"enabled\":true},\"prometheus\":{\"enabled\":false,\"metricsExpiryDuration\":\"10m\"},\"stdio\":{\"enabled\":false,\"outputAsJson\":true},\"useAdapterCRDs\":false},\"env\":{\"GOMAXPROCS\":\"6\"},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"mixer\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"policy\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"replicaCount\":1,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\"},\"telemetry\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"loadshedding\":{\"latencyThreshold\":\"100ms\",\"mode\":\"enforce\"},\"replicaCount\":1,\"reportBatchMaxEntries\":100,\"reportBatchMaxTime\":\"1s\",\"resources\":{\"limits\":{\"cpu\":\"4800m\",\"memory\":\"4G\"},\"requests\":{\"cpu\":\"1000m\",\"memory\":\"1G\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"sessionAffinityEnabled\":false},\"tolerations\":[]},\"nodeagent\":{\"enabled\":false},\"pilot\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":2,\"configSource\":{\"subscribedResources\":null},\"cpu\":{\"targetAverageUtilization\":80},\"enableProtocolSniffingForInbound\":false,\"enableProtocolSniffingForOutbound\":true,\"enabled\":true,\"env\":{\"PILOT_PUSH_THROTTLE\":100},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"pilot\",\"keepaliveMaxServerConnectionAge\":\"30m\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"resources\":{\"requests\":{\"cpu\":\"3000m\",\"memory\":\"2048Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"sidecar\":true,\"tolerations\":[],\"traceSampling\":100},\"prometheus\":{\"enabled\":false},\"security\":{\"citadelHealthCheck\":false,\"createMeshPolicy\":true,\"enableNamespacesByDefault\":true,\"enabled\":true,\"env\":{},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"citadel\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"replicaCount\":1,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"selfSigned\":true,\"tolerations\":[],\"workloadCertTtl\":\"2160h\"},\"sidecarInjectorWebhook\":{\"alwaysInjectSelector\":[],\"enableNamespacesByDefault\":true,\"enabled\":true,\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"sidecar_injector\",\"injectedAnnotations\":{},\"neverInjectSelector\":[],\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"replicaCount\":1,\"rewriteAppHTTPProbe\":false,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"tolerations\":[]},\"tracing\":{\"enabled\":false}}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"istio","chart":"istio","heritage":"Tiller","istio":"sidecar-injector","release":"RELEASE-NAME"},"name":"istio-sidecar-injector","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:21Z" | |
labels: | |
app: istio | |
chart: istio | |
heritage: Tiller | |
istio: sidecar-injector | |
release: RELEASE-NAME | |
name: istio-sidecar-injector | |
namespace: istio-system | |
resourceVersion: "43411" | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-sidecar-injector | |
uid: 1f2d3c0f-15bb-11ea-b5af-027e0b84da98 | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: endpoints | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:57Z" | |
creationTimestamp: "2019-12-03T10:53:28Z" | |
labels: | |
app: cluster-local-gateway | |
chart: gateways | |
heritage: Tiller | |
istio: cluster-local-gateway | |
release: RELEASE-NAME | |
name: cluster-local-gateway | |
namespace: istio-system | |
resourceVersion: "54985" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/cluster-local-gateway | |
uid: 232ede47-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.63.67 | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
resourceVersion: "54982" | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
- ip: 172.20.66.124 | |
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
resourceVersion: "54976" | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http2 | |
port: 80 | |
protocol: TCP | |
- name: status-port | |
port: 15020 | |
protocol: TCP | |
- name: https | |
port: 443 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:27Z" | |
creationTimestamp: "2019-12-03T10:53:29Z" | |
labels: | |
app: security | |
chart: security | |
heritage: Tiller | |
istio: citadel | |
release: RELEASE-NAME | |
name: istio-citadel | |
namespace: istio-system | |
resourceVersion: "54804" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-citadel | |
uid: 24000200-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.52.171 | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-citadel-685c4d4b68-bzvxj | |
namespace: istio-system | |
resourceVersion: "54802" | |
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http-monitoring | |
port: 15014 | |
protocol: TCP | |
- name: grpc-citadel | |
port: 8060 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:40Z" | |
creationTimestamp: "2019-12-03T10:53:27Z" | |
labels: | |
app: galley | |
chart: galley | |
heritage: Tiller | |
istio: galley | |
release: RELEASE-NAME | |
name: istio-galley | |
namespace: istio-system | |
resourceVersion: "54898" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-galley | |
uid: 2304aa96-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.43.141 | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
resourceVersion: "54896" | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http-monitoring | |
port: 15014 | |
protocol: TCP | |
- name: https-validation | |
port: 443 | |
protocol: TCP | |
- name: grpc-mcp | |
port: 9901 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:24:11Z" | |
creationTimestamp: "2019-12-03T10:53:28Z" | |
labels: | |
app: istio-ingressgateway | |
chart: gateways | |
heritage: Tiller | |
istio: ingressgateway | |
release: RELEASE-NAME | |
name: istio-ingressgateway | |
namespace: istio-system | |
resourceVersion: "55020" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-ingressgateway | |
uid: 23589228-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.59.74 | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54967" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
- ip: 172.20.73.149 | |
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "55016" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http2 | |
port: 80 | |
protocol: TCP | |
- name: status-port | |
port: 15020 | |
protocol: TCP | |
- name: https | |
port: 443 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:50Z" | |
creationTimestamp: "2019-12-03T10:53:29Z" | |
labels: | |
app: pilot | |
chart: pilot | |
heritage: Tiller | |
istio: pilot | |
release: RELEASE-NAME | |
name: istio-pilot | |
namespace: istio-system | |
resourceVersion: "54948" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-pilot | |
uid: 23d5b800-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.48.51 | |
nodeName: ip-172-20-44-18.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54939" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
- ip: 172.20.95.245 | |
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54945" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http-monitoring | |
port: 15014 | |
protocol: TCP | |
- name: grpc-xds | |
port: 15010 | |
protocol: TCP | |
- name: http-legacy-discovery | |
port: 8080 | |
protocol: TCP | |
- name: https-xds | |
port: 15011 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
creationTimestamp: "2019-12-03T10:53:28Z" | |
labels: | |
app: mixer | |
chart: mixer | |
heritage: Tiller | |
istio: mixer | |
release: RELEASE-NAME | |
name: istio-policy | |
namespace: istio-system | |
resourceVersion: "54874" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-policy | |
uid: 2380258c-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.80.221 | |
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54840" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http-monitoring | |
port: 15014 | |
protocol: TCP | |
- name: grpc-mixer | |
port: 9091 | |
protocol: TCP | |
- name: grpc-mixer-mtls | |
port: 15004 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:39Z" | |
creationTimestamp: "2019-12-03T10:53:29Z" | |
labels: | |
app: sidecarInjectorWebhook | |
chart: sidecarInjectorWebhook | |
heritage: Tiller | |
istio: sidecar-injector | |
release: RELEASE-NAME | |
name: istio-sidecar-injector | |
namespace: istio-system | |
resourceVersion: "54893" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-sidecar-injector | |
uid: 2433ef3f-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.62.179 | |
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
resourceVersion: "54891" | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: http-monitoring | |
port: 15014 | |
protocol: TCP | |
- name: https-inject | |
port: 443 | |
protocol: TCP | |
- apiVersion: v1 | |
kind: Endpoints | |
metadata: | |
annotations: | |
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:52Z" | |
creationTimestamp: "2019-12-03T10:53:28Z" | |
labels: | |
app: mixer | |
chart: mixer | |
heritage: Tiller | |
istio: mixer | |
release: RELEASE-NAME | |
name: istio-telemetry | |
namespace: istio-system | |
resourceVersion: "54957" | |
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-telemetry | |
uid: 23a9bcda-15bb-11ea-b5af-027e0b84da98 | |
subsets: | |
- addresses: | |
- ip: 172.20.61.35 | |
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal | |
targetRef: | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54954" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
ports: | |
- name: prometheus | |
port: 42422 | |
protocol: TCP | |
- name: http-monitoring | |
port: 15014 | |
protocol: TCP | |
- name: grpc-mixer | |
port: 9091 | |
protocol: TCP | |
- name: grpc-mixer-mtls | |
port: 15004 | |
protocol: TCP | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: events | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
resourceVersion: "54674" | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Successfully assigned istio-system/cluster-local-gateway-7458b849c7-7qhwk | |
to ip-172-20-83-101.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2bd7f4724 | |
namespace: istio-system | |
resourceVersion: "3396" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2bd7f4724 | |
uid: b4224484-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
resourceVersion: "54675" | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e5cea2a0 | |
namespace: istio-system | |
resourceVersion: "3415" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e5cea2a0 | |
uid: b4862504-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
resourceVersion: "54675" | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e90c2857 | |
namespace: istio-system | |
resourceVersion: "3417" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e90c2857 | |
uid: b48e78e8-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
resourceVersion: "54675" | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2f337d713 | |
namespace: istio-system | |
resourceVersion: "3422" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2f337d713 | |
uid: b4aa45e1-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 15 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:27Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
resourceVersion: "54675" | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:55Z" | |
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:27Z" | |
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf33f5a1684 | |
namespace: istio-system | |
resourceVersion: "3583" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf33f5a1684 | |
uid: b56b64aa-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-86vsb | |
namespace: istio-system | |
resourceVersion: "43523" | |
uid: 2493b9c6-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-86vsb.15dcdbf2ae01d811 | |
namespace: istio-system | |
resourceVersion: "3390" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-86vsb.15dcdbf2ae01d811 | |
uid: b3f785b6-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 2 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-86vsb | |
namespace: istio-system | |
resourceVersion: "43523" | |
uid: 2493b9c6-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:28Z" | |
message: 'Readiness probe failed: Get http://172.20.55.86:15020/healthz/ready: dial | |
tcp 172.20.55.86:15020: connect: connection refused' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: cluster-local-gateway-7458b849c7-86vsb.15dcdbf3045ddf32 | |
namespace: istio-system | |
resourceVersion: "3461" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-86vsb.15dcdbf3045ddf32 | |
uid: b4d44baa-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-l5qpg | |
namespace: istio-system | |
resourceVersion: "43520" | |
uid: 2491b955-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b68c0608 | |
namespace: istio-system | |
resourceVersion: "3394" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b68c0608 | |
uid: b4115b83-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 3 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-l5qpg | |
namespace: istio-system | |
resourceVersion: "43520" | |
uid: 2491b955-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:29Z" | |
message: 'Readiness probe failed: Get http://172.20.86.34:15020/healthz/ready: dial | |
tcp 172.20.86.34:15020: connect: connection refused' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b96520a6 | |
namespace: istio-system | |
resourceVersion: "3464" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b96520a6 | |
uid: b41588f5-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
resourceVersion: "54663" | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Successfully assigned istio-system/cluster-local-gateway-7458b849c7-t4clh | |
to ip-172-20-44-180.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf2b01dcb67 | |
namespace: istio-system | |
resourceVersion: "3392" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf2b01dcb67 | |
uid: b3fe6137-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
resourceVersion: "54664" | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf2e6725b0b | |
namespace: istio-system | |
resourceVersion: "3416" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf2e6725b0b | |
uid: b487bc01-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
resourceVersion: "54664" | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf2eaea886c | |
namespace: istio-system | |
resourceVersion: "3418" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf2eaea886c | |
uid: b493637f-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
resourceVersion: "54664" | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf3006a8c1e | |
namespace: istio-system | |
resourceVersion: "3433" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf3006a8c1e | |
uid: b4ca36ad-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 14 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:29Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
resourceVersion: "54664" | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:55Z" | |
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:29Z" | |
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf3bb94af6c | |
namespace: istio-system | |
resourceVersion: "3584" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf3bb94af6c | |
uid: b6a960a5-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: cluster-local-gateway-7458b849c7 | |
namespace: istio-system | |
resourceVersion: "43890" | |
uid: 2490d050-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Created pod: cluster-local-gateway-7458b849c7-t4clh' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7.15dcdbf2b0a30ace | |
namespace: istio-system | |
resourceVersion: "3393" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7.15dcdbf2b0a30ace | |
uid: b3ff93bc-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: cluster-local-gateway-7458b849c7 | |
namespace: istio-system | |
resourceVersion: "54670" | |
uid: 2490d050-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Created pod: cluster-local-gateway-7458b849c7-7qhwk' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: cluster-local-gateway-7458b849c7.15dcdbf2bd76aedf | |
namespace: istio-system | |
resourceVersion: "3397" | |
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7.15dcdbf2bd76aedf | |
uid: b423f3a0-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{citadel} | |
kind: Pod | |
name: istio-citadel-685c4d4b68-7qk6b | |
namespace: istio-system | |
resourceVersion: "43575" | |
uid: 2567dc40-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container citadel | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-citadel-685c4d4b68-7qk6b.15dcdbf2c1feaf9a | |
namespace: istio-system | |
resourceVersion: "3398" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-7qk6b.15dcdbf2c1feaf9a | |
uid: b42d0193-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-citadel-685c4d4b68-bzvxj | |
namespace: istio-system | |
resourceVersion: "54682" | |
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Successfully assigned istio-system/istio-citadel-685c4d4b68-bzvxj to ip-172-20-44-180.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf2ccca0e42 | |
namespace: istio-system | |
resourceVersion: "3402" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf2ccca0e42 | |
uid: b447bf36-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{citadel} | |
kind: Pod | |
name: istio-citadel-685c4d4b68-bzvxj | |
namespace: istio-system | |
resourceVersion: "54689" | |
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Container image "docker.io/istio/citadel:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf303ff04f1 | |
namespace: istio-system | |
resourceVersion: "3435" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf303ff04f1 | |
uid: b4d35d62-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{citadel} | |
kind: Pod | |
name: istio-citadel-685c4d4b68-bzvxj | |
namespace: istio-system | |
resourceVersion: "54689" | |
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Created container citadel | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf308413d4a | |
namespace: istio-system | |
resourceVersion: "3437" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf308413d4a | |
uid: b4de390d-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{citadel} | |
kind: Pod | |
name: istio-citadel-685c4d4b68-bzvxj | |
namespace: istio-system | |
resourceVersion: "54689" | |
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Started container citadel | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf31677545f | |
namespace: istio-system | |
resourceVersion: "3448" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf31677545f | |
uid: b50298c7-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-citadel-685c4d4b68 | |
namespace: istio-system | |
resourceVersion: "43642" | |
uid: 256769b7-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Created pod: istio-citadel-685c4d4b68-bzvxj' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-citadel-685c4d4b68.15dcdbf2c43a73db | |
namespace: istio-system | |
resourceVersion: "3399" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68.15dcdbf2c43a73db | |
uid: b4333d58-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Endpoints | |
name: istio-citadel | |
namespace: istio-system | |
resourceVersion: "43645" | |
uid: 24000200-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Failed to update endpoint istio-system/istio-citadel: Operation cannot | |
be fulfilled on endpoints "istio-citadel": the object has been modified; please | |
apply your changes to the latest version and try again' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-citadel.15dcdbf2c9fdce49 | |
namespace: istio-system | |
resourceVersion: "3400" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel.15dcdbf2c9fdce49 | |
uid: b443fdcb-15c7-11ea-b5af-027e0b84da98 | |
reason: FailedToUpdateEndpoint | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: endpoint-controller | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
resourceVersion: "54695" | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Successfully assigned istio-system/istio-galley-5f5b6f77bb-cqp6q to ip-172-20-44-180.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf2d19bc593 | |
namespace: istio-system | |
resourceVersion: "3405" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf2d19bc593 | |
uid: b4531c49-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{galley} | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
resourceVersion: "54698" | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Pulling image "docker.io/istio/galley:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf30a54e1da | |
namespace: istio-system | |
resourceVersion: "3440" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf30a54e1da | |
uid: b4e573db-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:31Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{galley} | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
resourceVersion: "54698" | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:31Z" | |
message: Successfully pulled image "docker.io/istio/galley:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:31Z" | |
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf44c67b996 | |
namespace: istio-system | |
resourceVersion: "3482" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf44c67b996 | |
uid: b81c18cd-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{galley} | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
resourceVersion: "54698" | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Created container galley | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf44f285bdb | |
namespace: istio-system | |
resourceVersion: "3483" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf44f285bdb | |
uid: b823183f-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{galley} | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
resourceVersion: "54698" | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Started container galley | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf456c99939 | |
namespace: istio-system | |
resourceVersion: "3487" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf456c99939 | |
uid: b8369b74-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{galley} | |
kind: Pod | |
name: istio-galley-5f5b6f77bb-dxvp2 | |
namespace: istio-system | |
resourceVersion: "43511" | |
uid: 24687871-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container galley | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-galley-5f5b6f77bb-dxvp2.15dcdbf2ceeffd5a | |
namespace: istio-system | |
resourceVersion: "3403" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-dxvp2.15dcdbf2ceeffd5a | |
uid: b44cf11f-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-galley-5f5b6f77bb | |
namespace: istio-system | |
resourceVersion: "43756" | |
uid: 2465da7d-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Created pod: istio-galley-5f5b6f77bb-cqp6q' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-galley-5f5b6f77bb.15dcdbf2cf1852d1 | |
namespace: istio-system | |
resourceVersion: "3404" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb.15dcdbf2cf1852d1 | |
uid: b450e57e-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-2p2qt | |
namespace: istio-system | |
resourceVersion: "43699" | |
uid: 2f0374e4-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container ingress-sds | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49b4f6e | |
namespace: istio-system | |
resourceVersion: "3407" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49b4f6e | |
uid: b45c93cd-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-2p2qt | |
namespace: istio-system | |
resourceVersion: "43699" | |
uid: 2f0374e4-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49e1109 | |
namespace: istio-system | |
resourceVersion: "3406" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49e1109 | |
uid: b45a59a2-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 2 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:27Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-2p2qt | |
namespace: istio-system | |
resourceVersion: "43699" | |
uid: 2f0374e4-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:29Z" | |
message: 'Readiness probe failed: Get http://172.20.81.53:15020/healthz/ready: dial | |
tcp 172.20.81.53:15020: connect: connection refused' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:27Z" | |
name: istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf347657851 | |
namespace: istio-system | |
resourceVersion: "3468" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf347657851 | |
uid: b57fea35-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-kxpkl | |
namespace: istio-system | |
resourceVersion: "43533" | |
uid: 24bb0759-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container ingress-sds | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacb82a6 | |
namespace: istio-system | |
resourceVersion: "3411" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacb82a6 | |
uid: b46a1227-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-kxpkl | |
namespace: istio-system | |
resourceVersion: "43533" | |
uid: 24bb0759-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacf76e5 | |
namespace: istio-system | |
resourceVersion: "3412" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacf76e5 | |
uid: b46bb7b3-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 2 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:27Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-kxpkl | |
namespace: istio-system | |
resourceVersion: "43533" | |
uid: 24bb0759-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:29Z" | |
message: 'Readiness probe failed: Get http://172.20.52.161:15020/healthz/ready: | |
dial tcp 172.20.52.161:15020: connect: connection refused' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:27Z" | |
name: istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf3293f5967 | |
namespace: istio-system | |
resourceVersion: "3463" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf3293f5967 | |
uid: b532c31d-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54705" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Successfully assigned istio-system/istio-ingressgateway-84dfb78dfb-qlpxr | |
to ip-172-20-44-180.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf2d70e649b | |
namespace: istio-system | |
resourceVersion: "3408" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf2d70e649b | |
uid: b4606fbe-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:27Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:27Z" | |
message: Pulling image "docker.io/istio/node-agent-k8s:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:27Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf335b3c457 | |
namespace: istio-system | |
resourceVersion: "3453" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf335b3c457 | |
uid: b5528f17-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:36Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:36Z" | |
message: Successfully pulled image "docker.io/istio/node-agent-k8s:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:36Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5683cfdbf | |
namespace: istio-system | |
resourceVersion: "3510" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5683cfdbf | |
uid: baf2ae3b-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:36Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:36Z" | |
message: Created container ingress-sds | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:36Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf56b5d345d | |
namespace: istio-system | |
resourceVersion: "3511" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf56b5d345d | |
uid: bafaab9b-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:37Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:37Z" | |
message: Started container ingress-sds | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:37Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57901ea79 | |
namespace: istio-system | |
resourceVersion: "3512" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57901ea79 | |
uid: bb1d99e2-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:37Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:37Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:37Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf579774bf1 | |
namespace: istio-system | |
resourceVersion: "3513" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf579774bf1 | |
uid: bb1ec53a-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:37Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:37Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:37Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57d0a4b9f | |
namespace: istio-system | |
resourceVersion: "3514" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57d0a4b9f | |
uid: bb27f052-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:37Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:37Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:37Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf584c586f5 | |
namespace: istio-system | |
resourceVersion: "3515" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf584c586f5 | |
uid: bb3bbd89-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 9 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:38Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
resourceVersion: "54708" | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:54Z" | |
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:38Z" | |
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5ce6fcd7d | |
namespace: istio-system | |
resourceVersion: "3582" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5ce6fcd7d | |
uid: bbf847c9-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54716" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: Successfully assigned istio-system/istio-ingressgateway-84dfb78dfb-zqbxn | |
to ip-172-20-67-65.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf2e02ea367 | |
namespace: istio-system | |
resourceVersion: "3414" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf2e02ea367 | |
uid: b4790358-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Pulling image "docker.io/istio/node-agent-k8s:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf309c318cc | |
namespace: istio-system | |
resourceVersion: "3438" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf309c318cc | |
uid: b4e22595-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:31Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:31Z" | |
message: Successfully pulled image "docker.io/istio/node-agent-k8s:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:31Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf436ad89fe | |
namespace: istio-system | |
resourceVersion: "3477" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf436ad89fe | |
uid: b7e4941e-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:31Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:31Z" | |
message: Created container ingress-sds | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:31Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf43984ef7f | |
namespace: istio-system | |
resourceVersion: "3478" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf43984ef7f | |
uid: b7ebc1b8-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:31Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{ingress-sds} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:31Z" | |
message: Started container ingress-sds | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:31Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4448e69ae | |
namespace: istio-system | |
resourceVersion: "3479" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4448e69ae | |
uid: b8080951-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:31Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:31Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:31Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf444b0b4e9 | |
namespace: istio-system | |
resourceVersion: "3480" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf444b0b4e9 | |
uid: b8089e79-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:31Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:31Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:31Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf44801e9a9 | |
namespace: istio-system | |
resourceVersion: "3481" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf44801e9a9 | |
uid: b81122ae-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf45026f7a6 | |
namespace: istio-system | |
resourceVersion: "3484" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf45026f7a6 | |
uid: b825b4e8-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 18 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:33Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
resourceVersion: "54719" | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:24:07Z" | |
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:33Z" | |
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4adc23e54 | |
namespace: istio-system | |
resourceVersion: "3599" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4adc23e54 | |
uid: b91553d0-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-ingressgateway-84dfb78dfb | |
namespace: istio-system | |
resourceVersion: "44073" | |
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Created pod: istio-ingressgateway-84dfb78dfb-qlpxr' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb.15dcdbf2d6361923 | |
namespace: istio-system | |
resourceVersion: "3409" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb.15dcdbf2d6361923 | |
uid: b45ff299-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:25Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-ingressgateway-84dfb78dfb | |
namespace: istio-system | |
resourceVersion: "54712" | |
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Created pod: istio-ingressgateway-84dfb78dfb-zqbxn' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway-84dfb78dfb.15dcdbf2dda23987 | |
namespace: istio-system | |
resourceVersion: "3413" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb.15dcdbf2dda23987 | |
uid: b471f268-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 2 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:53:48Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Endpoints | |
name: istio-ingressgateway | |
namespace: istio-system | |
resourceVersion: "44075" | |
uid: 23589228-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:25Z" | |
message: 'Failed to update endpoint istio-system/istio-ingressgateway: Operation | |
cannot be fulfilled on endpoints "istio-ingressgateway": the object has been modified; | |
please apply your changes to the latest version and try again' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
name: istio-ingressgateway.15dcd70ecb8587ff | |
namespace: istio-system | |
resourceVersion: "3410" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway.15dcd70ecb8587ff | |
uid: b4629ec6-15c7-11ea-b5af-027e0b84da98 | |
reason: FailedToUpdateEndpoint | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: endpoint-controller | |
type: Warning | |
- apiVersion: v1 | |
count: 567 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:54:02Z" | |
involvedObject: | |
apiVersion: autoscaling/v2beta2 | |
kind: HorizontalPodAutoscaler | |
name: istio-ingressgateway | |
namespace: istio-system | |
resourceVersion: "43691" | |
uid: 25bedba4-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T13:18:57Z" | |
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource | |
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)' | |
metadata: | |
creationTimestamp: "2019-12-03T10:54:02Z" | |
name: istio-ingressgateway.15dcd7123ba19467 | |
namespace: istio-system | |
resourceVersion: "3748" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway.15dcd7123ba19467 | |
uid: 37f13537-15bb-11ea-b5af-027e0b84da98 | |
reason: FailedGetResourceMetric | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: horizontal-pod-autoscaler | |
type: Warning | |
- apiVersion: v1 | |
count: 469 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:54:02Z" | |
involvedObject: | |
apiVersion: autoscaling/v2beta2 | |
kind: HorizontalPodAutoscaler | |
name: istio-ingressgateway | |
namespace: istio-system | |
resourceVersion: "43766" | |
uid: 25bedba4-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:53:49Z" | |
message: 'failed to get cpu utilization: unable to get metrics for resource cpu: | |
unable to fetch metrics from resource metrics API: the server could not find the | |
requested resource (get pods.metrics.k8s.io)' | |
metadata: | |
creationTimestamp: "2019-12-03T12:53:49Z" | |
name: istio-ingressgateway.15dcd7123bd3345e | |
namespace: istio-system | |
resourceVersion: "3708" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway.15dcd7123bd3345e | |
uid: f370448e-15cb-11ea-b5af-027e0b84da98 | |
reason: FailedComputeMetricsReplicas | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: horizontal-pod-autoscaler | |
type: Warning | |
- apiVersion: v1 | |
count: 4 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54744" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:35Z" | |
message: '0/6 nodes are available: 1 node(s) had taints that the pod didn''t tolerate, | |
5 Insufficient cpu.' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf2f9124b4a | |
namespace: istio-system | |
resourceVersion: "3505" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf2f9124b4a | |
uid: b4b8af51-15c7-11ea-b5af-027e0b84da98 | |
reason: FailedScheduling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:44Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54747" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:44Z" | |
message: Successfully assigned istio-system/istio-pilot-7dbfbcf744-26cvg to ip-172-20-67-65.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:44Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf743f5a562 | |
namespace: istio-system | |
resourceVersion: "3546" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf743f5a562 | |
uid: bfb5a394-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54919" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Container image "docker.io/istio/pilot:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf76816583d | |
namespace: istio-system | |
resourceVersion: "3547" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf76816583d | |
uid: c01132c4-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54919" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Created container discovery | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf76b983a41 | |
namespace: istio-system | |
resourceVersion: "3549" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf76b983a41 | |
uid: c01b12f0-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54919" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Started container discovery | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf7753fba1b | |
namespace: istio-system | |
resourceVersion: "3551" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf7753fba1b | |
uid: c032c20a-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54919" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf7756006af | |
namespace: istio-system | |
resourceVersion: "3553" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf7756006af | |
uid: c0334c8c-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54919" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf77a66e6fa | |
namespace: istio-system | |
resourceVersion: "3557" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf77a66e6fa | |
uid: c03fed5a-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
resourceVersion: "54919" | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf7848e6fec | |
namespace: istio-system | |
resourceVersion: "3558" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf7848e6fec | |
uid: c059ef41-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 4 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54734" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:30Z" | |
message: '0/6 nodes are available: 1 node(s) had taints that the pod didn''t tolerate, | |
5 Insufficient cpu.' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf2f354c2e0 | |
namespace: istio-system | |
resourceVersion: "3471" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf2f354c2e0 | |
uid: b4ab811c-15c7-11ea-b5af-027e0b84da98 | |
reason: FailedScheduling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:35Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54737" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:35Z" | |
message: Successfully assigned istio-system/istio-pilot-7dbfbcf744-7d6vr to ip-172-20-44-18.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:35Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf52ae3f1d6 | |
namespace: istio-system | |
resourceVersion: "3507" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf52ae3f1d6 | |
uid: ba579150-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:36Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:36Z" | |
message: Pulling image "docker.io/istio/pilot:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:36Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf553cb146b | |
namespace: istio-system | |
resourceVersion: "3508" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf553cb146b | |
uid: babe724f-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:42Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:42Z" | |
message: Successfully pulled image "docker.io/istio/pilot:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:42Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6dafbb0b2 | |
namespace: istio-system | |
resourceVersion: "3535" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6dafbb0b2 | |
uid: bea81a1d-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:43Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:43Z" | |
message: Created container discovery | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:43Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6de75d89f | |
namespace: istio-system | |
resourceVersion: "3536" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6de75d89f | |
uid: beb0b8ba-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:43Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:43Z" | |
message: Started container discovery | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:43Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7c4c6b7 | |
namespace: istio-system | |
resourceVersion: "3537" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7c4c6b7 | |
uid: bec89341-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:43Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:43Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:43Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7fc0825 | |
namespace: istio-system | |
resourceVersion: "3538" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7fc0825 | |
uid: bec91fc4-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:43Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:43Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:43Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6eb1bc555 | |
namespace: istio-system | |
resourceVersion: "3539" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6eb1bc555 | |
uid: bed116d1-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:43Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
resourceVersion: "54853" | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:43Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:43Z" | |
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6f39352c0 | |
namespace: istio-system | |
resourceVersion: "3540" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6f39352c0 | |
uid: bee6ca39-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7vz47 | |
namespace: istio-system | |
resourceVersion: "43712" | |
uid: 2f336a4d-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container discovery | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744-7vz47.15dcdbf2f25ef5e6 | |
namespace: istio-system | |
resourceVersion: "3420" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7vz47.15dcdbf2f25ef5e6 | |
uid: b4a6fe32-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-7vz47 | |
namespace: istio-system | |
resourceVersion: "43712" | |
uid: 2f336a4d-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744-7vz47.15dcdbf2f261a4c6 | |
namespace: istio-system | |
resourceVersion: "3419" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7vz47.15dcdbf2f261a4c6 | |
uid: b4a65f6d-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{discovery} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-89kmq | |
namespace: istio-system | |
resourceVersion: "43564" | |
uid: 253f2da9-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container discovery | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8361879 | |
namespace: istio-system | |
resourceVersion: "3426" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8361879 | |
uid: b4b890e0-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-pilot-7dbfbcf744-89kmq | |
namespace: istio-system | |
resourceVersion: "43564" | |
uid: 253f2da9-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8382a4e | |
namespace: istio-system | |
resourceVersion: "3425" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8382a4e | |
uid: b4b544f5-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-pilot-7dbfbcf744 | |
namespace: istio-system | |
resourceVersion: "43881" | |
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: 'Created pod: istio-pilot-7dbfbcf744-7d6vr' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744.15dcdbf2f3a0fab7 | |
namespace: istio-system | |
resourceVersion: "3421" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744.15dcdbf2f3a0fab7 | |
uid: b4a99241-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-pilot-7dbfbcf744 | |
namespace: istio-system | |
resourceVersion: "54739" | |
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: 'Created pod: istio-pilot-7dbfbcf744-26cvg' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-pilot-7dbfbcf744.15dcdbf2f9384b41 | |
namespace: istio-system | |
resourceVersion: "3428" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744.15dcdbf2f9384b41 | |
uid: b4b9e8f3-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 567 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:54:03Z" | |
involvedObject: | |
apiVersion: autoscaling/v2beta2 | |
kind: HorizontalPodAutoscaler | |
name: istio-pilot | |
namespace: istio-system | |
resourceVersion: "43708" | |
uid: 263bc18a-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T13:18:57Z" | |
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource | |
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)' | |
metadata: | |
creationTimestamp: "2019-12-03T10:54:03Z" | |
name: istio-pilot.15dcd7124f937454 | |
namespace: istio-system | |
resourceVersion: "3751" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot.15dcd7124f937454 | |
uid: 38243813-15bb-11ea-b5af-027e0b84da98 | |
reason: FailedGetResourceMetric | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: horizontal-pod-autoscaler | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-ljjpq | |
namespace: istio-system | |
resourceVersion: "43543" | |
uid: 24e420b1-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd48d683 | |
namespace: istio-system | |
resourceVersion: "3430" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd48d683 | |
uid: b4c4990a-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-ljjpq | |
namespace: istio-system | |
resourceVersion: "43543" | |
uid: 24e420b1-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container mixer | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd4c03ed | |
namespace: istio-system | |
resourceVersion: "3429" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd4c03ed | |
uid: b4c2c0e9-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54753" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Successfully assigned istio-system/istio-policy-65b67fd4f8-zsdp8 to ip-172-20-83-101.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf2ff54ac14 | |
namespace: istio-system | |
resourceVersion: "3432" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf2ff54ac14 | |
uid: b4c7935e-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:27Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:27Z" | |
message: Pulling image "docker.io/istio/mixer:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:27Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf32489f005 | |
namespace: istio-system | |
resourceVersion: "3449" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf32489f005 | |
uid: b526b21d-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Successfully pulled image "docker.io/istio/mixer:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf46d5e674f | |
namespace: istio-system | |
resourceVersion: "3489" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf46d5e674f | |
uid: b8708bb3-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Created container mixer | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf470ec87a0 | |
namespace: istio-system | |
resourceVersion: "3490" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf470ec87a0 | |
uid: b8799984-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Started container mixer | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf47b2d4361 | |
namespace: istio-system | |
resourceVersion: "3491" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf47b2d4361 | |
uid: b893d6fd-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf47b6c8159 | |
namespace: istio-system | |
resourceVersion: "3492" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf47b6c8159 | |
uid: b8949ba8-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf47efc1212 | |
namespace: istio-system | |
resourceVersion: "3493" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf47efc1212 | |
uid: b89da06c-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:33Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:33Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:33Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf489b640b9 | |
namespace: istio-system | |
resourceVersion: "3494" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf489b640b9 | |
uid: b8b913f7-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:40Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
resourceVersion: "54756" | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:40Z" | |
message: 'Liveness probe failed: Get http://172.20.80.221:15014/version: dial tcp | |
172.20.80.221:15014: connect: connection refused' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:40Z" | |
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf660bd8153 | |
namespace: istio-system | |
resourceVersion: "3530" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf660bd8153 | |
uid: bd6ee6b2-15c7-11ea-b5af-027e0b84da98 | |
reason: Unhealthy | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-policy-65b67fd4f8 | |
namespace: istio-system | |
resourceVersion: "43648" | |
uid: 24e34d8a-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: 'Created pod: istio-policy-65b67fd4f8-zsdp8' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-policy-65b67fd4f8.15dcdbf2fe0607d7 | |
namespace: istio-system | |
resourceVersion: "3431" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8.15dcdbf2fe0607d7 | |
uid: b4c524b7-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 568 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:53:48Z" | |
involvedObject: | |
apiVersion: autoscaling/v2beta2 | |
kind: HorizontalPodAutoscaler | |
name: istio-policy | |
namespace: istio-system | |
resourceVersion: "43598" | |
uid: 25e873be-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T13:18:57Z" | |
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource | |
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)' | |
metadata: | |
creationTimestamp: "2019-12-03T10:53:48Z" | |
name: istio-policy.15dcd70ec21658e0 | |
namespace: istio-system | |
resourceVersion: "3749" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy.15dcd70ec21658e0 | |
uid: 2f124a0a-15bb-11ea-b5af-027e0b84da98 | |
reason: FailedGetResourceMetric | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: horizontal-pod-autoscaler | |
type: Warning | |
- apiVersion: v1 | |
count: 509 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:53:48Z" | |
involvedObject: | |
apiVersion: autoscaling/v2beta2 | |
kind: HorizontalPodAutoscaler | |
name: istio-policy | |
namespace: istio-system | |
resourceVersion: "43696" | |
uid: 25e873be-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T13:03:51Z" | |
message: 'failed to get cpu utilization: unable to get metrics for resource cpu: | |
unable to fetch metrics from resource metrics API: the server could not find the | |
requested resource (get pods.metrics.k8s.io)' | |
metadata: | |
creationTimestamp: "2019-12-03T13:03:51Z" | |
name: istio-policy.15dcd70ec6df95d2 | |
namespace: istio-system | |
resourceVersion: "3723" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-policy.15dcd70ec6df95d2 | |
uid: 5a1aaf28-15cd-11ea-b5af-027e0b84da98 | |
reason: FailedComputeMetricsReplicas | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: horizontal-pod-autoscaler | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{sidecar-injector-webhook} | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-ptj82 | |
namespace: istio-system | |
resourceVersion: "43587" | |
uid: 259184a9-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container sidecar-injector-webhook | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-sidecar-injector-85bc5dfb7c-ptj82.15dcdbf30a38e967 | |
namespace: istio-system | |
resourceVersion: "3439" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-ptj82.15dcdbf30a38e967 | |
uid: b4e3493b-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
resourceVersion: "54766" | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Successfully assigned istio-system/istio-sidecar-injector-85bc5dfb7c-zvx9k | |
to ip-172-20-40-226.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf30b7453cd | |
namespace: istio-system | |
resourceVersion: "3443" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf30b7453cd | |
uid: b4e763b3-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:27Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{sidecar-injector-webhook} | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
resourceVersion: "54769" | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:27Z" | |
message: Pulling image "docker.io/istio/sidecar_injector:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:27Z" | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf3304f0209 | |
namespace: istio-system | |
resourceVersion: "3451" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf3304f0209 | |
uid: b544d6c7-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{sidecar-injector-webhook} | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
resourceVersion: "54769" | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Successfully pulled image "docker.io/istio/sidecar_injector:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf4527775a8 | |
namespace: istio-system | |
resourceVersion: "3485" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf4527775a8 | |
uid: b82ba809-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{sidecar-injector-webhook} | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
resourceVersion: "54769" | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Created container sidecar-injector-webhook | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf455162d96 | |
namespace: istio-system | |
resourceVersion: "3486" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf455162d96 | |
uid: b83285da-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:32Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{sidecar-injector-webhook} | |
kind: Pod | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
resourceVersion: "54769" | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:32Z" | |
message: Started container sidecar-injector-webhook | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:32Z" | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf45da70eaf | |
namespace: istio-system | |
resourceVersion: "3488" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf45da70eaf | |
uid: b8485a4f-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-sidecar-injector-85bc5dfb7c | |
namespace: istio-system | |
resourceVersion: "43724" | |
uid: 2590ddf3-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: 'Created pod: istio-sidecar-injector-85bc5dfb7c-zvx9k' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-sidecar-injector-85bc5dfb7c.15dcdbf30abc004f | |
namespace: istio-system | |
resourceVersion: "3441" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c.15dcdbf30abc004f | |
uid: b4e59a59-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Endpoints | |
name: istio-sidecar-injector | |
namespace: istio-system | |
resourceVersion: "43726" | |
uid: 2433ef3f-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: 'Failed to update endpoint istio-system/istio-sidecar-injector: Operation | |
cannot be fulfilled on endpoints "istio-sidecar-injector": the object has been | |
modified; please apply your changes to the latest version and try again' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-sidecar-injector.15dcdbf30b7ca5e6 | |
namespace: istio-system | |
resourceVersion: "3442" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector.15dcdbf30b7ca5e6 | |
uid: b4e7658d-15c7-11ea-b5af-027e0b84da98 | |
reason: FailedToUpdateEndpoint | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: endpoint-controller | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-9ffqq | |
namespace: istio-system | |
resourceVersion: "43551" | |
uid: 2512a981-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-telemetry-8bc7955f7-9ffqq.15dcdbf31033b57e | |
namespace: istio-system | |
resourceVersion: "3445" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-9ffqq.15dcdbf31033b57e | |
uid: b4f51aa7-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-9ffqq | |
namespace: istio-system | |
resourceVersion: "43551" | |
uid: 2512a981-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: Stopping container mixer | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-telemetry-8bc7955f7-9ffqq.15dcdbf31037494a | |
namespace: istio-system | |
resourceVersion: "3444" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-9ffqq.15dcdbf31037494a | |
uid: b4f2ee2d-15c7-11ea-b5af-027e0b84da98 | |
reason: Killing | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 4 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54778" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:35Z" | |
message: '0/6 nodes are available: 1 node(s) had taints that the pod didn''t tolerate, | |
5 Insufficient cpu.' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf311773823 | |
namespace: istio-system | |
resourceVersion: "3506" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf311773823 | |
uid: b4f74aa5-15c7-11ea-b5af-027e0b84da98 | |
reason: FailedScheduling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Warning | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:44Z" | |
involvedObject: | |
apiVersion: v1 | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54780" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:44Z" | |
message: Successfully assigned istio-system/istio-telemetry-8bc7955f7-vhv6k to ip-172-20-40-226.ap-southeast-1.compute.internal | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:44Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf743f1cc4a | |
namespace: istio-system | |
resourceVersion: "3545" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf743f1cc4a | |
uid: bfb4af0d-15c7-11ea-b5af-027e0b84da98 | |
reason: Scheduled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: default-scheduler | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:45Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:45Z" | |
message: Pulling image "docker.io/istio/mixer:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:45Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf76bf18b7c | |
namespace: istio-system | |
resourceVersion: "3548" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf76bf18b7c | |
uid: c01b1526-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulling | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:50Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:50Z" | |
message: Successfully pulled image "docker.io/istio/mixer:1.4.0" | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:50Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a401bfcb | |
namespace: istio-system | |
resourceVersion: "3569" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a401bfcb | |
uid: c339f386-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:50Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:50Z" | |
message: Created container mixer | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:50Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a6d766d5 | |
namespace: istio-system | |
resourceVersion: "3570" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a6d766d5 | |
uid: c3411473-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:50Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{mixer} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:50Z" | |
message: Started container mixer | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:50Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4786e91 | |
namespace: istio-system | |
resourceVersion: "3571" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4786e91 | |
uid: c363fd18-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:50Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:50Z" | |
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:50Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4b1656e | |
namespace: istio-system | |
resourceVersion: "3572" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4b1656e | |
uid: c3649166-15c7-11ea-b5af-027e0b84da98 | |
reason: Pulled | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:50Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:50Z" | |
message: Created container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:50Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b9b6df83 | |
namespace: istio-system | |
resourceVersion: "3573" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b9b6df83 | |
uid: c3715d03-15c7-11ea-b5af-027e0b84da98 | |
reason: Created | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:51Z" | |
involvedObject: | |
apiVersion: v1 | |
fieldPath: spec.containers{istio-proxy} | |
kind: Pod | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
resourceVersion: "54920" | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:51Z" | |
message: Started container istio-proxy | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:51Z" | |
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8c3d91fbc | |
namespace: istio-system | |
resourceVersion: "3574" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8c3d91fbc | |
uid: c38b7e51-15c7-11ea-b5af-027e0b84da98 | |
reason: Started | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: kubelet | |
host: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Normal | |
- apiVersion: v1 | |
count: 1 | |
eventTime: null | |
firstTimestamp: "2019-12-03T12:23:26Z" | |
involvedObject: | |
apiVersion: apps/v1 | |
kind: ReplicaSet | |
name: istio-telemetry-8bc7955f7 | |
namespace: istio-system | |
resourceVersion: "43661" | |
uid: 2512191f-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T12:23:26Z" | |
message: 'Created pod: istio-telemetry-8bc7955f7-vhv6k' | |
metadata: | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
name: istio-telemetry-8bc7955f7.15dcdbf3116ac982 | |
namespace: istio-system | |
resourceVersion: "3446" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7.15dcdbf3116ac982 | |
uid: b4f6a88d-15c7-11ea-b5af-027e0b84da98 | |
reason: SuccessfulCreate | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: replicaset-controller | |
type: Normal | |
- apiVersion: v1 | |
count: 568 | |
eventTime: null | |
firstTimestamp: "2019-12-03T10:53:48Z" | |
involvedObject: | |
apiVersion: autoscaling/v2beta2 | |
kind: HorizontalPodAutoscaler | |
name: istio-telemetry | |
namespace: istio-system | |
resourceVersion: "43599" | |
uid: 2611aa94-15bb-11ea-b5af-027e0b84da98 | |
kind: Event | |
lastTimestamp: "2019-12-03T13:18:57Z" | |
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource | |
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)' | |
metadata: | |
creationTimestamp: "2019-12-03T10:53:48Z" | |
name: istio-telemetry.15dcd70ecb06feed | |
namespace: istio-system | |
resourceVersion: "3750" | |
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry.15dcd70ecb06feed | |
uid: 2f2bca81-15bb-11ea-b5af-027e0b84da98 | |
reason: FailedGetResourceMetric | |
reportingComponent: "" | |
reportingInstance: "" | |
source: | |
component: horizontal-pod-autoscaler | |
type: Warning | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: limitranges | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: namespaces | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
creationTimestamp: "2019-12-03T04:43:13Z" | |
name: default | |
resourceVersion: "158" | |
selfLink: /api/v1/namespaces/default | |
uid: 6a10d6e7-1587-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"labels":{"istio-injection":"disabled"},"name":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:52:28Z" | |
labels: | |
istio-injection: disabled | |
name: istio-system | |
resourceVersion: "43255" | |
selfLink: /api/v1/namespaces/istio-system | |
uid: ffb3df9d-15ba-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"labels":{"istio-injection":"enabled","serving.knative.dev/release":"devel"},"name":"knative-serving"}} | |
creationTimestamp: "2019-12-03T10:54:03Z" | |
labels: | |
istio-injection: enabled | |
serving.knative.dev/release: devel | |
name: knative-serving | |
resourceVersion: "43770" | |
selfLink: /api/v1/namespaces/knative-serving | |
uid: 3870c561-15bb-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
creationTimestamp: "2019-12-03T04:43:09Z" | |
name: kube-node-lease | |
resourceVersion: "7" | |
selfLink: /api/v1/namespaces/kube-node-lease | |
uid: 681a31ea-1587-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
creationTimestamp: "2019-12-03T04:43:09Z" | |
name: kube-public | |
resourceVersion: "5" | |
selfLink: /api/v1/namespaces/kube-public | |
uid: 681974bf-1587-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
annotations: | |
addons.k8s.io/core.addons.k8s.io: '{"version":"1.4.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","manifestHash":"3ffe9ac576f9eec72e2bdfbd2ea17d56d9b17b90"}' | |
addons.k8s.io/dns-controller.addons.k8s.io: '{"version":"1.14.0-beta.2","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.12","manifestHash":"3a5efdd7920c96c09158ae60a67b28493b954d45"}' | |
addons.k8s.io/kube-dns.addons.k8s.io: '{"version":"1.14.13-kops.1","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.12","manifestHash":"0051963d9aa7cfc63509498f3ebd2a72fbb624f8"}' | |
addons.k8s.io/kubelet-api.rbac.addons.k8s.io: '{"version":"v0.0.1","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.9","manifestHash":"e1508d77cb4e527d7a2939babe36dc350dd83745"}' | |
addons.k8s.io/limit-range.addons.k8s.io: '{"version":"1.5.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","manifestHash":"2ea50e23f1a5aa41df3724630ac25173738cc90c"}' | |
addons.k8s.io/networking.amazon-vpc-routed-eni: '{"version":"1.5.0-kops.1","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.12","manifestHash":"7c1540b3529e1260c41a9e90ac709c0f672ad47e"}' | |
addons.k8s.io/rbac.addons.k8s.io: '{"version":"1.8.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.8","manifestHash":"5d53ce7b920cd1e8d65d2306d80a041420711914"}' | |
addons.k8s.io/storage-aws.addons.k8s.io: '{"version":"1.7.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"v1.7.0","manifestHash":"62705a596142e6cc283280e8aa973e51536994c5"}' | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"kube-system"}} | |
creationTimestamp: "2019-12-03T04:43:09Z" | |
name: kube-system | |
resourceVersion: "389" | |
selfLink: /api/v1/namespaces/kube-system | |
uid: 6818e75d-1587-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"serving-tests"}} | |
creationTimestamp: "2019-12-03T06:51:16Z" | |
labels: | |
istio-injection: enabled | |
name: serving-tests | |
resourceVersion: "46981" | |
selfLink: /api/v1/namespaces/serving-tests | |
uid: 4d7f1fcb-1599-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
- apiVersion: v1 | |
kind: Namespace | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"serving-tests-alt"}} | |
creationTimestamp: "2019-12-03T06:51:16Z" | |
name: serving-tests-alt | |
resourceVersion: "15014" | |
selfLink: /api/v1/namespaces/serving-tests-alt | |
uid: 4da36e05-1599-11ea-b5af-027e0b84da98 | |
spec: | |
finalizers: | |
- kubernetes | |
status: | |
phase: Active | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: nodes | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
kind: Node | |
metadata: | |
annotations: | |
node.alpha.kubernetes.io/ttl: "0" | |
volumes.kubernetes.io/controller-managed-attach-detach: "true" | |
creationTimestamp: "2019-12-03T04:44:19Z" | |
labels: | |
beta.kubernetes.io/arch: amd64 | |
beta.kubernetes.io/instance-type: t3.large | |
beta.kubernetes.io/os: linux | |
failure-domain.beta.kubernetes.io/region: ap-southeast-1 | |
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a | |
kops.k8s.io/instancegroup: master-ap-southeast-1a | |
kubernetes.io/arch: amd64 | |
kubernetes.io/hostname: ip-172-20-37-73.ap-southeast-1.compute.internal | |
kubernetes.io/os: linux | |
kubernetes.io/role: master | |
node-role.kubernetes.io/master: "" | |
name: ip-172-20-37-73.ap-southeast-1.compute.internal | |
resourceVersion: "60975" | |
selfLink: /api/v1/nodes/ip-172-20-37-73.ap-southeast-1.compute.internal | |
uid: 91d88796-1587-11ea-b5af-027e0b84da98 | |
spec: | |
podCIDR: 172.20.128.0/24 | |
providerID: aws:///ap-southeast-1a/i-0299c3739afd98ba7 | |
taints: | |
- effect: NoSchedule | |
key: node-role.kubernetes.io/master | |
status: | |
addresses: | |
- address: 172.20.37.73 | |
type: InternalIP | |
- address: 18.141.24.94 | |
type: ExternalIP | |
- address: ip-172-20-37-73.ap-southeast-1.compute.internal | |
type: InternalDNS | |
- address: ec2-18-141-24-94.ap-southeast-1.compute.amazonaws.com | |
type: ExternalDNS | |
- address: ip-172-20-37-73.ap-southeast-1.compute.internal | |
type: Hostname | |
allocatable: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: "57916492090" | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 7972780Ki | |
pods: "35" | |
capacity: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: 62843416Ki | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 8075180Ki | |
pods: "35" | |
conditions: | |
- lastHeartbeatTime: "2019-12-03T13:18:21Z" | |
lastTransitionTime: "2019-12-03T04:44:19Z" | |
message: kubelet has sufficient memory available | |
reason: KubeletHasSufficientMemory | |
status: "False" | |
type: MemoryPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:21Z" | |
lastTransitionTime: "2019-12-03T04:44:19Z" | |
message: kubelet has no disk pressure | |
reason: KubeletHasNoDiskPressure | |
status: "False" | |
type: DiskPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:21Z" | |
lastTransitionTime: "2019-12-03T04:44:19Z" | |
message: kubelet has sufficient PID available | |
reason: KubeletHasSufficientPID | |
status: "False" | |
type: PIDPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:21Z" | |
lastTransitionTime: "2019-12-03T04:44:40Z" | |
message: kubelet is posting ready status | |
reason: KubeletReady | |
status: "True" | |
type: Ready | |
daemonEndpoints: | |
kubeletEndpoint: | |
Port: 10250 | |
images: | |
- names: | |
- kopeio/etcd-manager@sha256:74b2866dd62eda22183ce06b8e6c1d2a499f1b281768a0fceee1890ea204fdef | |
- kopeio/etcd-manager:3.0.20190816 | |
sizeBytes: 656348569 | |
- names: | |
- protokube:1.14.0-beta.2 | |
sizeBytes: 287898685 | |
- names: | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 | |
sizeBytes: 247322214 | |
- names: | |
- k8s.gcr.io/kube-apiserver@sha256:8c43d27db9fc89f515ea35e6f7cd8cfe0429e9fc1a0cb7eda9ca9dced36675b0 | |
- k8s.gcr.io/kube-apiserver:v1.14.6 | |
sizeBytes: 209433406 | |
- names: | |
- k8s.gcr.io/kube-controller-manager@sha256:1809ab49da73332ca9f8e46cb0a7b799375a49ed50996c579352fc6e880add95 | |
- k8s.gcr.io/kube-controller-manager:v1.14.6 | |
sizeBytes: 157458462 | |
- names: | |
- kope/dns-controller@sha256:0ebcf793480436fac6ef9af42b465447c1e03b3fac9c258e8292c10063d3dee3 | |
- kope/dns-controller:1.14.0-beta.2 | |
sizeBytes: 122678800 | |
- names: | |
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9 | |
- k8s.gcr.io/kube-proxy:v1.14.6 | |
sizeBytes: 82106236 | |
- names: | |
- k8s.gcr.io/kube-scheduler@sha256:0147e498f115390c6276014c5ac038e1128ba1cc0d15d28c380ba5a8cab34851 | |
- k8s.gcr.io/kube-scheduler:v1.14.6 | |
sizeBytes: 81579742 | |
- names: | |
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516 | |
- k8s.gcr.io/pause-amd64:3.0 | |
sizeBytes: 746888 | |
nodeInfo: | |
architecture: amd64 | |
bootID: b7ad2dae-68bc-4bca-b9ad-d53ba6446cd0 | |
containerRuntimeVersion: docker://18.6.3 | |
kernelVersion: 4.9.0-11-amd64 | |
kubeProxyVersion: v1.14.6 | |
kubeletVersion: v1.14.6 | |
machineID: ec27af0a0426bb93177d40b41608d0de | |
operatingSystem: linux | |
osImage: Debian GNU/Linux 9 (stretch) | |
systemUUID: EC27AF0A-0426-BB93-177D-40B41608D0DE | |
- apiVersion: v1 | |
kind: Node | |
metadata: | |
annotations: | |
node.alpha.kubernetes.io/ttl: "0" | |
volumes.kubernetes.io/controller-managed-attach-detach: "true" | |
creationTimestamp: "2019-12-03T04:45:02Z" | |
labels: | |
beta.kubernetes.io/arch: amd64 | |
beta.kubernetes.io/instance-type: t3.large | |
beta.kubernetes.io/os: linux | |
failure-domain.beta.kubernetes.io/region: ap-southeast-1 | |
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a | |
kops.k8s.io/instancegroup: nodes | |
kubernetes.io/arch: amd64 | |
kubernetes.io/hostname: ip-172-20-40-226.ap-southeast-1.compute.internal | |
kubernetes.io/os: linux | |
kubernetes.io/role: node | |
node-role.kubernetes.io/node: "" | |
name: ip-172-20-40-226.ap-southeast-1.compute.internal | |
resourceVersion: "60971" | |
selfLink: /api/v1/nodes/ip-172-20-40-226.ap-southeast-1.compute.internal | |
uid: ab2dc16f-1587-11ea-b5af-027e0b84da98 | |
spec: | |
podCIDR: 172.20.130.0/24 | |
providerID: aws:///ap-southeast-1a/i-07165c474a3a1fd98 | |
status: | |
addresses: | |
- address: 172.20.40.226 | |
type: InternalIP | |
- address: 13.229.102.237 | |
type: ExternalIP | |
- address: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: InternalDNS | |
- address: ec2-13-229-102-237.ap-southeast-1.compute.amazonaws.com | |
type: ExternalDNS | |
- address: ip-172-20-40-226.ap-southeast-1.compute.internal | |
type: Hostname | |
allocatable: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: "115894266893" | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 7972780Ki | |
pods: "35" | |
capacity: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: 125753328Ki | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 8075180Ki | |
pods: "35" | |
conditions: | |
- lastHeartbeatTime: "2019-12-03T13:18:20Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient memory available | |
reason: KubeletHasSufficientMemory | |
status: "False" | |
type: MemoryPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:20Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has no disk pressure | |
reason: KubeletHasNoDiskPressure | |
status: "False" | |
type: DiskPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:20Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient PID available | |
reason: KubeletHasSufficientPID | |
status: "False" | |
type: PIDPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:20Z" | |
lastTransitionTime: "2019-12-03T04:45:22Z" | |
message: kubelet is posting ready status | |
reason: KubeletReady | |
status: "True" | |
type: Ready | |
daemonEndpoints: | |
kubeletEndpoint: | |
Port: 10250 | |
images: | |
- names: | |
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14 | |
- istio/proxyv2:1.3.5 | |
sizeBytes: 295628711 | |
- names: | |
- protokube:1.14.0-beta.2 | |
sizeBytes: 287898685 | |
- names: | |
- istio/kubectl@sha256:76c76dbed21c162dac9d6fa2337348eeaf5fb0f89a5c9857ff47f352cd6e82b4 | |
- istio/kubectl:1.3.5 | |
sizeBytes: 271562982 | |
- names: | |
- istio/pilot@sha256:17aefbe996d67e9fdf5dbba90bdcf030333a0832a34bc66469472ce61d2eed76 | |
- istio/pilot:1.3.5 | |
sizeBytes: 268531301 | |
- names: | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 | |
sizeBytes: 247322214 | |
- names: | |
- istio/citadel@sha256:8cd4eac4fb8f1f331b0a63bb628c560e9ac5509717c469a9f3f01dec61a2f825 | |
- istio/citadel:1.3.5 | |
sizeBytes: 241393987 | |
- names: | |
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
- istio/proxyv2:1.4.0 | |
sizeBytes: 236743155 | |
- names: | |
- istio/kubectl@sha256:d62512cc4b10228512c86f63501b828b80c20e238452c429cfd62a9b9388cc54 | |
- istio/kubectl:1.4.0 | |
sizeBytes: 218715390 | |
- names: | |
- istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938 | |
- istio/sidecar_injector:1.4.0 | |
sizeBytes: 196252897 | |
- names: | |
- istio/proxy_init@sha256:8278995c58eef8cd4ba32cb8756e2b93a09708e39fc9c0381e90c8a4fb62a042 | |
- istio/proxy_init:1.3.5 | |
sizeBytes: 193060005 | |
- names: | |
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d | |
- istio/node-agent-k8s:1.4.0 | |
sizeBytes: 193009018 | |
- names: | |
- istio/mixer@sha256:8fa82c01ce621a4643600e4c54d4bfa41875c0030e0b41a819dd0e5e75349376 | |
- istio/mixer:1.3.5 | |
sizeBytes: 92658350 | |
- names: | |
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9 | |
- k8s.gcr.io/kube-proxy:v1.14.6 | |
sizeBytes: 82106236 | |
- names: | |
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4 | |
- istio/mixer:1.4.0 | |
sizeBytes: 80456256 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-12c0fa24db31956a7cfa673210e4fa13@sha256:f74987342b3c7bcb8b95006f98a8efcfa19bd518430844df037cd5f29132c997 | |
sizeBytes: 65899235 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/activator-ecd51ca5034883acbe737fde417a3d86@sha256:b2257a5f6e2427a5a96f6ea9ca2b652ee648e131e9a699df6e20b4bcfa4ef940 | |
sizeBytes: 59323763 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/certmanager-f79b5bfeb092d099f0f3326024a30ebb@sha256:9f7622fd03d96c3262e71b4f6fb14455145041c81950b3efe10010c122974bed | |
sizeBytes: 58077460 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/istio-c58c0c8bb8ecc80f800bb788a425ae1d@sha256:ebdb4e8832e9574311494a31ea18dc63cf903e8dd7f0651d640eb2c7f252da2a | |
sizeBytes: 57052872 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/nscert-e3625dd01dcb901439f4630ab9789e75@sha256:77da0645be1369d0e56a1daa204da6de6661488eef5858a60dee9a052f02150c | |
sizeBytes: 56568040 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6 | |
sizeBytes: 55354038 | |
- names: | |
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516 | |
- k8s.gcr.io/pause-amd64:3.0 | |
sizeBytes: 746888 | |
nodeInfo: | |
architecture: amd64 | |
bootID: cf2549e6-50e0-4c1f-a09c-da8be985c8b8 | |
containerRuntimeVersion: docker://18.6.3 | |
kernelVersion: 4.9.0-11-amd64 | |
kubeProxyVersion: v1.14.6 | |
kubeletVersion: v1.14.6 | |
machineID: ec22f1bbd486f63ef1252035db817620 | |
operatingSystem: linux | |
osImage: Debian GNU/Linux 9 (stretch) | |
systemUUID: EC22F1BB-D486-F63E-F125-2035DB817620 | |
- apiVersion: v1 | |
kind: Node | |
metadata: | |
annotations: | |
node.alpha.kubernetes.io/ttl: "0" | |
volumes.kubernetes.io/controller-managed-attach-detach: "true" | |
creationTimestamp: "2019-12-03T04:45:02Z" | |
labels: | |
beta.kubernetes.io/arch: amd64 | |
beta.kubernetes.io/instance-type: t3.large | |
beta.kubernetes.io/os: linux | |
failure-domain.beta.kubernetes.io/region: ap-southeast-1 | |
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a | |
kops.k8s.io/instancegroup: nodes | |
kubernetes.io/arch: amd64 | |
kubernetes.io/hostname: ip-172-20-44-18.ap-southeast-1.compute.internal | |
kubernetes.io/os: linux | |
kubernetes.io/role: node | |
node-role.kubernetes.io/node: "" | |
name: ip-172-20-44-18.ap-southeast-1.compute.internal | |
resourceVersion: "61033" | |
selfLink: /api/v1/nodes/ip-172-20-44-18.ap-southeast-1.compute.internal | |
uid: ab6ff308-1587-11ea-b5af-027e0b84da98 | |
spec: | |
podCIDR: 172.20.132.0/24 | |
providerID: aws:///ap-southeast-1a/i-08c20d344fa1fb6c5 | |
status: | |
addresses: | |
- address: 172.20.44.18 | |
type: InternalIP | |
- address: 54.179.175.206 | |
type: ExternalIP | |
- address: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: InternalDNS | |
- address: ec2-54-179-175-206.ap-southeast-1.compute.amazonaws.com | |
type: ExternalDNS | |
- address: ip-172-20-44-18.ap-southeast-1.compute.internal | |
type: Hostname | |
allocatable: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: "115894266893" | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 7972788Ki | |
pods: "35" | |
capacity: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: 125753328Ki | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 8075188Ki | |
pods: "35" | |
conditions: | |
- lastHeartbeatTime: "2019-12-03T13:18:54Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient memory available | |
reason: KubeletHasSufficientMemory | |
status: "False" | |
type: MemoryPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:54Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has no disk pressure | |
reason: KubeletHasNoDiskPressure | |
status: "False" | |
type: DiskPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:54Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient PID available | |
reason: KubeletHasSufficientPID | |
status: "False" | |
type: PIDPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:54Z" | |
lastTransitionTime: "2019-12-03T04:45:22Z" | |
message: kubelet is posting ready status | |
reason: KubeletReady | |
status: "True" | |
type: Ready | |
daemonEndpoints: | |
kubeletEndpoint: | |
Port: 10250 | |
images: | |
- names: | |
- gcr.io/knative-samples/helloworld-go@sha256:5ea96ba4b872685ff4ddb5cd8d1a97ec18c18fae79ee8df0d29f446c5efe5f50 | |
sizeBytes: 780868439 | |
- names: | |
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14 | |
- istio/proxyv2:1.3.5 | |
sizeBytes: 295628711 | |
- names: | |
- protokube:1.14.0-beta.2 | |
sizeBytes: 287898685 | |
- names: | |
- istio/kubectl@sha256:76c76dbed21c162dac9d6fa2337348eeaf5fb0f89a5c9857ff47f352cd6e82b4 | |
- istio/kubectl:1.3.5 | |
sizeBytes: 271562982 | |
- names: | |
- istio/galley@sha256:de9c61c20d8e6b86b7761574789f1660d3b3fdff0463bfc24393e0d9c5985f53 | |
- istio/galley:1.3.5 | |
sizeBytes: 270017814 | |
- names: | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 | |
sizeBytes: 247322214 | |
- names: | |
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
- istio/proxyv2:1.4.0 | |
sizeBytes: 236743155 | |
- names: | |
- istio/kubectl@sha256:d62512cc4b10228512c86f63501b828b80c20e238452c429cfd62a9b9388cc54 | |
- istio/kubectl:1.4.0 | |
sizeBytes: 218715390 | |
- names: | |
- istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc | |
- istio/galley:1.4.0 | |
sizeBytes: 212440743 | |
- names: | |
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb | |
- istio/pilot:1.4.0 | |
sizeBytes: 208430582 | |
- names: | |
- istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938 | |
- istio/sidecar_injector:1.4.0 | |
sizeBytes: 196252897 | |
- names: | |
- istio/citadel@sha256:e168f97716efd0a16a65ad19bdf6be5858c31e0499023b3a3ef15e9f4fcd6ef5 | |
- istio/citadel:1.4.0 | |
sizeBytes: 187942039 | |
- names: | |
- istio/mixer@sha256:8fa82c01ce621a4643600e4c54d4bfa41875c0030e0b41a819dd0e5e75349376 | |
- istio/mixer:1.3.5 | |
sizeBytes: 92658350 | |
- names: | |
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9 | |
- k8s.gcr.io/kube-proxy:v1.14.6 | |
sizeBytes: 82106236 | |
- names: | |
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4 | |
- istio/mixer:1.4.0 | |
sizeBytes: 80456256 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/activator-ecd51ca5034883acbe737fde417a3d86@sha256:b2257a5f6e2427a5a96f6ea9ca2b652ee648e131e9a699df6e20b4bcfa4ef940 | |
sizeBytes: 59323763 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec | |
sizeBytes: 58181702 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/queue-39be6f1d08a095bd076a71d288d295b6@sha256:8adf8f990b4485e7ead4dc9e6f8ddb3a19142835de95386428deb9ffde8d20b2 | |
sizeBytes: 48155143 | |
- names: | |
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516 | |
- k8s.gcr.io/pause-amd64:3.0 | |
sizeBytes: 746888 | |
nodeInfo: | |
architecture: amd64 | |
bootID: 6101bb52-01d3-4bdf-9e12-51188ec1cd60 | |
containerRuntimeVersion: docker://18.6.3 | |
kernelVersion: 4.9.0-11-amd64 | |
kubeProxyVersion: v1.14.6 | |
kubeletVersion: v1.14.6 | |
machineID: ec2ed086b5b5c48fe013453c0596130e | |
operatingSystem: linux | |
osImage: Debian GNU/Linux 9 (stretch) | |
systemUUID: EC2ED086-B5B5-C48F-E013-453C0596130E | |
- apiVersion: v1 | |
kind: Node | |
metadata: | |
annotations: | |
node.alpha.kubernetes.io/ttl: "0" | |
volumes.kubernetes.io/controller-managed-attach-detach: "true" | |
creationTimestamp: "2019-12-03T04:45:02Z" | |
labels: | |
beta.kubernetes.io/arch: amd64 | |
beta.kubernetes.io/instance-type: t3.large | |
beta.kubernetes.io/os: linux | |
failure-domain.beta.kubernetes.io/region: ap-southeast-1 | |
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a | |
kops.k8s.io/instancegroup: nodes | |
kubernetes.io/arch: amd64 | |
kubernetes.io/hostname: ip-172-20-44-180.ap-southeast-1.compute.internal | |
kubernetes.io/os: linux | |
kubernetes.io/role: node | |
node-role.kubernetes.io/node: "" | |
name: ip-172-20-44-180.ap-southeast-1.compute.internal | |
resourceVersion: "61029" | |
selfLink: /api/v1/nodes/ip-172-20-44-180.ap-southeast-1.compute.internal | |
uid: ab3fb0f5-1587-11ea-b5af-027e0b84da98 | |
spec: | |
podCIDR: 172.20.131.0/24 | |
providerID: aws:///ap-southeast-1a/i-0732cd8aeec90e874 | |
status: | |
addresses: | |
- address: 172.20.44.180 | |
type: InternalIP | |
- address: 54.179.147.153 | |
type: ExternalIP | |
- address: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: InternalDNS | |
- address: ec2-54-179-147-153.ap-southeast-1.compute.amazonaws.com | |
type: ExternalDNS | |
- address: ip-172-20-44-180.ap-southeast-1.compute.internal | |
type: Hostname | |
allocatable: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: "115894266893" | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 7972788Ki | |
pods: "35" | |
capacity: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: 125753328Ki | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 8075188Ki | |
pods: "35" | |
conditions: | |
- lastHeartbeatTime: "2019-12-03T13:18:52Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient memory available | |
reason: KubeletHasSufficientMemory | |
status: "False" | |
type: MemoryPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:52Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has no disk pressure | |
reason: KubeletHasNoDiskPressure | |
status: "False" | |
type: DiskPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:52Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient PID available | |
reason: KubeletHasSufficientPID | |
status: "False" | |
type: PIDPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:52Z" | |
lastTransitionTime: "2019-12-03T04:45:22Z" | |
message: kubelet is posting ready status | |
reason: KubeletReady | |
status: "True" | |
type: Ready | |
daemonEndpoints: | |
kubeletEndpoint: | |
Port: 10250 | |
images: | |
- names: | |
- gcr.io/knative-samples/helloworld-go@sha256:5ea96ba4b872685ff4ddb5cd8d1a97ec18c18fae79ee8df0d29f446c5efe5f50 | |
sizeBytes: 780868439 | |
- names: | |
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14 | |
- istio/proxyv2:1.3.5 | |
sizeBytes: 295628711 | |
- names: | |
- protokube:1.14.0-beta.2 | |
sizeBytes: 287898685 | |
- names: | |
- istio/node-agent-k8s@sha256:0a18362538b10523fe2a302ca88e6edd206661658ee43b1bc9e7e671cd2dc0b9 | |
- istio/node-agent-k8s:1.3.5 | |
sizeBytes: 250162398 | |
- names: | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 | |
sizeBytes: 247322214 | |
- names: | |
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
- istio/proxyv2:1.4.0 | |
sizeBytes: 236743155 | |
- names: | |
- istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc | |
- istio/galley:1.4.0 | |
sizeBytes: 212440743 | |
- names: | |
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb | |
- istio/pilot:1.4.0 | |
sizeBytes: 208430582 | |
- names: | |
- istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938 | |
- istio/sidecar_injector:1.4.0 | |
sizeBytes: 196252897 | |
- names: | |
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d | |
- istio/node-agent-k8s:1.4.0 | |
sizeBytes: 193009018 | |
- names: | |
- istio/citadel@sha256:e168f97716efd0a16a65ad19bdf6be5858c31e0499023b3a3ef15e9f4fcd6ef5 | |
- istio/citadel:1.4.0 | |
sizeBytes: 187942039 | |
- names: | |
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9 | |
- k8s.gcr.io/kube-proxy:v1.14.6 | |
sizeBytes: 82106236 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/controller-f6fdb41c6acbc726e29a3104ff2ef720@sha256:7cde59d7e5e3f7891b57fb51ade68929b5220df54b70dc027a62018c54fe23d3 | |
sizeBytes: 59788477 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec | |
sizeBytes: 58181702 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/certmanager-f79b5bfeb092d099f0f3326024a30ebb@sha256:9f7622fd03d96c3262e71b4f6fb14455145041c81950b3efe10010c122974bed | |
sizeBytes: 58077460 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/istio-c58c0c8bb8ecc80f800bb788a425ae1d@sha256:ebdb4e8832e9574311494a31ea18dc63cf903e8dd7f0651d640eb2c7f252da2a | |
sizeBytes: 57052872 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/nscert-e3625dd01dcb901439f4630ab9789e75@sha256:77da0645be1369d0e56a1daa204da6de6661488eef5858a60dee9a052f02150c | |
sizeBytes: 56568040 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6 | |
sizeBytes: 55354038 | |
- names: | |
- k8s.gcr.io/k8s-dns-kube-dns-amd64@sha256:618a82fa66cf0c75e4753369a6999032372be7308866fc9afb381789b1e5ad52 | |
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.13 | |
sizeBytes: 51157394 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/queue-39be6f1d08a095bd076a71d288d295b6@sha256:8adf8f990b4485e7ead4dc9e6f8ddb3a19142835de95386428deb9ffde8d20b2 | |
sizeBytes: 48155143 | |
- names: | |
- k8s.gcr.io/k8s-dns-sidecar-amd64@sha256:cedc8fe2098dffc26d17f64061296b7aa54258a31513b6c52df271a98bb522b3 | |
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.13 | |
sizeBytes: 42852039 | |
- names: | |
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64@sha256:45df3e8e0c551bd0c79cdba48ae6677f817971dcbd1eeed7fd1f9a35118410e4 | |
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.13 | |
sizeBytes: 41372492 | |
- names: | |
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516 | |
- k8s.gcr.io/pause-amd64:3.0 | |
sizeBytes: 746888 | |
nodeInfo: | |
architecture: amd64 | |
bootID: e6259c5a-c4b5-4882-a5cf-8b3021dc4550 | |
containerRuntimeVersion: docker://18.6.3 | |
kernelVersion: 4.9.0-11-amd64 | |
kubeProxyVersion: v1.14.6 | |
kubeletVersion: v1.14.6 | |
machineID: ec26f7e1ac86f9b0ec326d2a53038716 | |
operatingSystem: linux | |
osImage: Debian GNU/Linux 9 (stretch) | |
systemUUID: EC26F7E1-AC86-F9B0-EC32-6D2A53038716 | |
- apiVersion: v1 | |
kind: Node | |
metadata: | |
annotations: | |
node.alpha.kubernetes.io/ttl: "0" | |
volumes.kubernetes.io/controller-managed-attach-detach: "true" | |
creationTimestamp: "2019-12-03T04:45:04Z" | |
labels: | |
beta.kubernetes.io/arch: amd64 | |
beta.kubernetes.io/instance-type: t3.large | |
beta.kubernetes.io/os: linux | |
failure-domain.beta.kubernetes.io/region: ap-southeast-1 | |
failure-domain.beta.kubernetes.io/zone: ap-southeast-1b | |
kops.k8s.io/instancegroup: nodes | |
kubernetes.io/arch: amd64 | |
kubernetes.io/hostname: ip-172-20-67-65.ap-southeast-1.compute.internal | |
kubernetes.io/os: linux | |
kubernetes.io/role: node | |
node-role.kubernetes.io/node: "" | |
name: ip-172-20-67-65.ap-southeast-1.compute.internal | |
resourceVersion: "61020" | |
selfLink: /api/v1/nodes/ip-172-20-67-65.ap-southeast-1.compute.internal | |
uid: ac415e24-1587-11ea-b5af-027e0b84da98 | |
spec: | |
podCIDR: 172.20.133.0/24 | |
providerID: aws:///ap-southeast-1b/i-00c1a6378957ee8f4 | |
status: | |
addresses: | |
- address: 172.20.67.65 | |
type: InternalIP | |
- address: 13.250.22.240 | |
type: ExternalIP | |
- address: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: InternalDNS | |
- address: ec2-13-250-22-240.ap-southeast-1.compute.amazonaws.com | |
type: ExternalDNS | |
- address: ip-172-20-67-65.ap-southeast-1.compute.internal | |
type: Hostname | |
allocatable: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: "115894266893" | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 7972788Ki | |
pods: "35" | |
capacity: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: 125753328Ki | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 8075188Ki | |
pods: "35" | |
conditions: | |
- lastHeartbeatTime: "2019-12-03T13:18:47Z" | |
lastTransitionTime: "2019-12-03T04:45:04Z" | |
message: kubelet has sufficient memory available | |
reason: KubeletHasSufficientMemory | |
status: "False" | |
type: MemoryPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:47Z" | |
lastTransitionTime: "2019-12-03T04:45:04Z" | |
message: kubelet has no disk pressure | |
reason: KubeletHasNoDiskPressure | |
status: "False" | |
type: DiskPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:47Z" | |
lastTransitionTime: "2019-12-03T04:45:04Z" | |
message: kubelet has sufficient PID available | |
reason: KubeletHasSufficientPID | |
status: "False" | |
type: PIDPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:47Z" | |
lastTransitionTime: "2019-12-03T04:45:24Z" | |
message: kubelet is posting ready status | |
reason: KubeletReady | |
status: "True" | |
type: Ready | |
daemonEndpoints: | |
kubeletEndpoint: | |
Port: 10250 | |
images: | |
- names: | |
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14 | |
- istio/proxyv2:1.3.5 | |
sizeBytes: 295628711 | |
- names: | |
- protokube:1.14.0-beta.2 | |
sizeBytes: 287898685 | |
- names: | |
- istio/kubectl@sha256:76c76dbed21c162dac9d6fa2337348eeaf5fb0f89a5c9857ff47f352cd6e82b4 | |
- istio/kubectl:1.3.5 | |
sizeBytes: 271562982 | |
- names: | |
- istio/pilot@sha256:17aefbe996d67e9fdf5dbba90bdcf030333a0832a34bc66469472ce61d2eed76 | |
- istio/pilot:1.3.5 | |
sizeBytes: 268531301 | |
- names: | |
- istio/sidecar_injector@sha256:484506534c3b1e7ef39575dbbc78b2a85457c5204e1d4a7e16e284c5a1cf0002 | |
- istio/sidecar_injector:1.3.5 | |
sizeBytes: 256818781 | |
- names: | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 | |
sizeBytes: 247322214 | |
- names: | |
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
- istio/proxyv2:1.4.0 | |
sizeBytes: 236743155 | |
- names: | |
- istio/kubectl@sha256:d62512cc4b10228512c86f63501b828b80c20e238452c429cfd62a9b9388cc54 | |
- istio/kubectl:1.4.0 | |
sizeBytes: 218715390 | |
- names: | |
- istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc | |
- istio/galley:1.4.0 | |
sizeBytes: 212440743 | |
- names: | |
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb | |
- istio/pilot:1.4.0 | |
sizeBytes: 208430582 | |
- names: | |
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d | |
- istio/node-agent-k8s:1.4.0 | |
sizeBytes: 193009018 | |
- names: | |
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9 | |
- k8s.gcr.io/kube-proxy:v1.14.6 | |
sizeBytes: 82106236 | |
- names: | |
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4 | |
- istio/mixer:1.4.0 | |
sizeBytes: 80456256 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-12c0fa24db31956a7cfa673210e4fa13@sha256:f74987342b3c7bcb8b95006f98a8efcfa19bd518430844df037cd5f29132c997 | |
sizeBytes: 65899235 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/controller-f6fdb41c6acbc726e29a3104ff2ef720@sha256:7cde59d7e5e3f7891b57fb51ade68929b5220df54b70dc027a62018c54fe23d3 | |
sizeBytes: 59788477 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec | |
sizeBytes: 58181702 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/certmanager-f79b5bfeb092d099f0f3326024a30ebb@sha256:9f7622fd03d96c3262e71b4f6fb14455145041c81950b3efe10010c122974bed | |
sizeBytes: 58077460 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/nscert-e3625dd01dcb901439f4630ab9789e75@sha256:77da0645be1369d0e56a1daa204da6de6661488eef5858a60dee9a052f02150c | |
sizeBytes: 56568040 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6 | |
sizeBytes: 55354038 | |
- names: | |
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516 | |
- k8s.gcr.io/pause-amd64:3.0 | |
sizeBytes: 746888 | |
nodeInfo: | |
architecture: amd64 | |
bootID: 5cc4af93-5a4d-4476-9e57-7413e83a0444 | |
containerRuntimeVersion: docker://18.6.3 | |
kernelVersion: 4.9.0-11-amd64 | |
kubeProxyVersion: v1.14.6 | |
kubeletVersion: v1.14.6 | |
machineID: ec21031918156b5eccab20d02c8221fe | |
operatingSystem: linux | |
osImage: Debian GNU/Linux 9 (stretch) | |
systemUUID: EC210319-1815-6B5E-CCAB-20D02C8221FE | |
- apiVersion: v1 | |
kind: Node | |
metadata: | |
annotations: | |
node.alpha.kubernetes.io/ttl: "0" | |
volumes.kubernetes.io/controller-managed-attach-detach: "true" | |
creationTimestamp: "2019-12-03T04:45:02Z" | |
labels: | |
beta.kubernetes.io/arch: amd64 | |
beta.kubernetes.io/instance-type: t3.large | |
beta.kubernetes.io/os: linux | |
failure-domain.beta.kubernetes.io/region: ap-southeast-1 | |
failure-domain.beta.kubernetes.io/zone: ap-southeast-1b | |
kops.k8s.io/instancegroup: nodes | |
kubernetes.io/arch: amd64 | |
kubernetes.io/hostname: ip-172-20-83-101.ap-southeast-1.compute.internal | |
kubernetes.io/os: linux | |
kubernetes.io/role: node | |
node-role.kubernetes.io/node: "" | |
name: ip-172-20-83-101.ap-southeast-1.compute.internal | |
resourceVersion: "61014" | |
selfLink: /api/v1/nodes/ip-172-20-83-101.ap-southeast-1.compute.internal | |
uid: aafe1a1b-1587-11ea-b5af-027e0b84da98 | |
spec: | |
podCIDR: 172.20.129.0/24 | |
providerID: aws:///ap-southeast-1b/i-0d393b2fa5cdc9ad4 | |
status: | |
addresses: | |
- address: 172.20.83.101 | |
type: InternalIP | |
- address: 13.229.237.26 | |
type: ExternalIP | |
- address: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: InternalDNS | |
- address: ec2-13-229-237-26.ap-southeast-1.compute.amazonaws.com | |
type: ExternalDNS | |
- address: ip-172-20-83-101.ap-southeast-1.compute.internal | |
type: Hostname | |
allocatable: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: "115894266893" | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 7972780Ki | |
pods: "35" | |
capacity: | |
attachable-volumes-aws-ebs: "25" | |
cpu: "2" | |
ephemeral-storage: 125753328Ki | |
hugepages-1Gi: "0" | |
hugepages-2Mi: "0" | |
memory: 8075180Ki | |
pods: "35" | |
conditions: | |
- lastHeartbeatTime: "2019-12-03T13:18:44Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient memory available | |
reason: KubeletHasSufficientMemory | |
status: "False" | |
type: MemoryPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:44Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has no disk pressure | |
reason: KubeletHasNoDiskPressure | |
status: "False" | |
type: DiskPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:44Z" | |
lastTransitionTime: "2019-12-03T04:45:02Z" | |
message: kubelet has sufficient PID available | |
reason: KubeletHasSufficientPID | |
status: "False" | |
type: PIDPressure | |
- lastHeartbeatTime: "2019-12-03T13:18:44Z" | |
lastTransitionTime: "2019-12-03T04:45:22Z" | |
message: kubelet is posting ready status | |
reason: KubeletReady | |
status: "True" | |
type: Ready | |
daemonEndpoints: | |
kubeletEndpoint: | |
Port: 10250 | |
images: | |
- names: | |
- gcr.io/knative-samples/helloworld-go@sha256:5ea96ba4b872685ff4ddb5cd8d1a97ec18c18fae79ee8df0d29f446c5efe5f50 | |
sizeBytes: 780868439 | |
- names: | |
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14 | |
- istio/proxyv2:1.3.5 | |
sizeBytes: 295628711 | |
- names: | |
- protokube:1.14.0-beta.2 | |
sizeBytes: 287898685 | |
- names: | |
- istio/node-agent-k8s@sha256:0a18362538b10523fe2a302ca88e6edd206661658ee43b1bc9e7e671cd2dc0b9 | |
- istio/node-agent-k8s:1.3.5 | |
sizeBytes: 250162398 | |
- names: | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de | |
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 | |
sizeBytes: 247322214 | |
- names: | |
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
- istio/proxyv2:1.4.0 | |
sizeBytes: 236743155 | |
- names: | |
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb | |
- istio/pilot:1.4.0 | |
sizeBytes: 208430582 | |
- names: | |
- istio/proxy_init@sha256:8278995c58eef8cd4ba32cb8756e2b93a09708e39fc9c0381e90c8a4fb62a042 | |
- istio/proxy_init:1.3.5 | |
sizeBytes: 193060005 | |
- names: | |
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d | |
- istio/node-agent-k8s:1.4.0 | |
sizeBytes: 193009018 | |
- names: | |
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9 | |
- k8s.gcr.io/kube-proxy:v1.14.6 | |
sizeBytes: 82106236 | |
- names: | |
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4 | |
- istio/mixer:1.4.0 | |
sizeBytes: 80456256 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-12c0fa24db31956a7cfa673210e4fa13@sha256:f74987342b3c7bcb8b95006f98a8efcfa19bd518430844df037cd5f29132c997 | |
sizeBytes: 65899235 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec | |
sizeBytes: 58181702 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/istio-c58c0c8bb8ecc80f800bb788a425ae1d@sha256:ebdb4e8832e9574311494a31ea18dc63cf903e8dd7f0651d640eb2c7f252da2a | |
sizeBytes: 57052872 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6 | |
sizeBytes: 55354038 | |
- names: | |
- k8s.gcr.io/k8s-dns-kube-dns-amd64@sha256:618a82fa66cf0c75e4753369a6999032372be7308866fc9afb381789b1e5ad52 | |
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.13 | |
sizeBytes: 51157394 | |
- names: | |
- gcr.io/gcp-compute-engine-223401/queue-39be6f1d08a095bd076a71d288d295b6@sha256:8adf8f990b4485e7ead4dc9e6f8ddb3a19142835de95386428deb9ffde8d20b2 | |
sizeBytes: 48155143 | |
- names: | |
- k8s.gcr.io/cluster-proportional-autoscaler-amd64@sha256:12370202895b621a2ac28226292e4578598f13c1502aa4d3ee90fff4325d9275 | |
- k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.4.0 | |
sizeBytes: 45853555 | |
- names: | |
- k8s.gcr.io/k8s-dns-sidecar-amd64@sha256:cedc8fe2098dffc26d17f64061296b7aa54258a31513b6c52df271a98bb522b3 | |
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.13 | |
sizeBytes: 42852039 | |
- names: | |
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64@sha256:45df3e8e0c551bd0c79cdba48ae6677f817971dcbd1eeed7fd1f9a35118410e4 | |
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.13 | |
sizeBytes: 41372492 | |
- names: | |
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516 | |
- k8s.gcr.io/pause-amd64:3.0 | |
sizeBytes: 746888 | |
nodeInfo: | |
architecture: amd64 | |
bootID: 76995eef-ea09-47f6-b7f6-55cf7da94ca8 | |
containerRuntimeVersion: docker://18.6.3 | |
kernelVersion: 4.9.0-11-amd64 | |
kubeProxyVersion: v1.14.6 | |
kubeletVersion: v1.14.6 | |
machineID: ec2f0a28f2ec7d60ccd651e152c481ad | |
operatingSystem: linux | |
osImage: Debian GNU/Linux 9 (stretch) | |
systemUUID: EC2F0A28-F2EC-7D60-CCD6-51E152C481AD | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: persistentvolumeclaims | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: persistentvolumes | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: pods | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
generateName: cluster-local-gateway-7458b849c7- | |
labels: | |
app: cluster-local-gateway | |
chart: gateways | |
heritage: Tiller | |
istio: cluster-local-gateway | |
pod-template-hash: 7458b849c7 | |
release: RELEASE-NAME | |
name: cluster-local-gateway-7458b849c7-7qhwk | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: cluster-local-gateway-7458b849c7 | |
uid: 2490d050-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54976" | |
selfLink: /api/v1/namespaces/istio-system/pods/cluster-local-gateway-7458b849c7-7qhwk | |
uid: b41729e6-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- proxy | |
- router | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --log_output_level=default:info | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --connectTimeout | |
- 10s | |
- --serviceCluster | |
- cluster-local-gateway | |
- --zipkinAddress | |
- zipkin:9411 | |
- --proxyAdminPort | |
- "15000" | |
- --statusPort | |
- "15020" | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --discoveryAddress | |
- istio-pilot:15010 | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: HOST_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.hostIP | |
- name: SERVICE_ACCOUNT | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.serviceAccountName | |
- name: ISTIO_META_POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: ISTIO_META_CONFIG_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: ISTIO_METAJSON_LABELS | |
value: | | |
{"app":"cluster-local-gateway","chart":"gateways","heritage":"Tiller","istio":"cluster-local-gateway","release":"RELEASE-NAME"} | |
- name: ISTIO_META_CLUSTER_ID | |
value: Kubernetes | |
- name: SDS_ENABLED | |
value: "false" | |
- name: ISTIO_META_WORKLOAD_NAME | |
value: cluster-local-gateway | |
- name: ISTIO_META_OWNER | |
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 15020 | |
protocol: TCP | |
- containerPort: 80 | |
protocol: TCP | |
- containerPort: 443 | |
protocol: TCP | |
- containerPort: 15090 | |
name: http-envoy-prom | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 30 | |
httpGet: | |
path: /healthz/ready | |
port: 15020 | |
scheme: HTTP | |
initialDelaySeconds: 1 | |
periodSeconds: 2 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
requests: | |
cpu: 250m | |
memory: 256Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /etc/istio/cluster-local-gateway-certs | |
name: cluster-local-gateway-certs | |
readOnly: true | |
- mountPath: /etc/istio/cluster-local-gateway-ca-certs | |
name: cluster-local-gateway-ca-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: cluster-local-gateway-service-account-token-226tq | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: cluster-local-gateway-service-account | |
serviceAccountName: cluster-local-gateway-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.cluster-local-gateway-service-account | |
- name: cluster-local-gateway-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-cluster-local-gateway-certs | |
- name: cluster-local-gateway-ca-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-cluster-local-gateway-ca-certs | |
- name: cluster-local-gateway-service-account-token-226tq | |
secret: | |
defaultMode: 420 | |
secretName: cluster-local-gateway-service-account-token-226tq | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:57Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:57Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://ddf85318a0aa9b816f704760c65c8ceef78994f205c700796d4fe9cfd05cca6f | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:26Z" | |
hostIP: 172.20.83.101 | |
phase: Running | |
podIP: 172.20.66.124 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:25Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
generateName: cluster-local-gateway-7458b849c7- | |
labels: | |
app: cluster-local-gateway | |
chart: gateways | |
heritage: Tiller | |
istio: cluster-local-gateway | |
pod-template-hash: 7458b849c7 | |
release: RELEASE-NAME | |
name: cluster-local-gateway-7458b849c7-t4clh | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: cluster-local-gateway-7458b849c7 | |
uid: 2490d050-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54982" | |
selfLink: /api/v1/namespaces/istio-system/pods/cluster-local-gateway-7458b849c7-t4clh | |
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- proxy | |
- router | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --log_output_level=default:info | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --connectTimeout | |
- 10s | |
- --serviceCluster | |
- cluster-local-gateway | |
- --zipkinAddress | |
- zipkin:9411 | |
- --proxyAdminPort | |
- "15000" | |
- --statusPort | |
- "15020" | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --discoveryAddress | |
- istio-pilot:15010 | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: HOST_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.hostIP | |
- name: SERVICE_ACCOUNT | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.serviceAccountName | |
- name: ISTIO_META_POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: ISTIO_META_CONFIG_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: ISTIO_METAJSON_LABELS | |
value: | | |
{"app":"cluster-local-gateway","chart":"gateways","heritage":"Tiller","istio":"cluster-local-gateway","release":"RELEASE-NAME"} | |
- name: ISTIO_META_CLUSTER_ID | |
value: Kubernetes | |
- name: SDS_ENABLED | |
value: "false" | |
- name: ISTIO_META_WORKLOAD_NAME | |
value: cluster-local-gateway | |
- name: ISTIO_META_OWNER | |
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 15020 | |
protocol: TCP | |
- containerPort: 80 | |
protocol: TCP | |
- containerPort: 443 | |
protocol: TCP | |
- containerPort: 15090 | |
name: http-envoy-prom | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 30 | |
httpGet: | |
path: /healthz/ready | |
port: 15020 | |
scheme: HTTP | |
initialDelaySeconds: 1 | |
periodSeconds: 2 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
requests: | |
cpu: 250m | |
memory: 256Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /etc/istio/cluster-local-gateway-certs | |
name: cluster-local-gateway-certs | |
readOnly: true | |
- mountPath: /etc/istio/cluster-local-gateway-ca-certs | |
name: cluster-local-gateway-ca-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: cluster-local-gateway-service-account-token-226tq | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: cluster-local-gateway-service-account | |
serviceAccountName: cluster-local-gateway-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.cluster-local-gateway-service-account | |
- name: cluster-local-gateway-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-cluster-local-gateway-certs | |
- name: cluster-local-gateway-ca-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-cluster-local-gateway-ca-certs | |
- name: cluster-local-gateway-service-account-token-226tq | |
secret: | |
defaultMode: 420 | |
secretName: cluster-local-gateway-service-account-token-226tq | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:57Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:57Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://c109ca242ec95cbc192958e1db70ae057c7db995008617310eabfe29512713e7 | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:26Z" | |
hostIP: 172.20.44.180 | |
phase: Running | |
podIP: 172.20.63.67 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:25Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
generateName: istio-citadel-685c4d4b68- | |
labels: | |
app: security | |
chart: security | |
heritage: Tiller | |
istio: citadel | |
pod-template-hash: 685c4d4b68 | |
release: RELEASE-NAME | |
name: istio-citadel-685c4d4b68-bzvxj | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-citadel-685c4d4b68 | |
uid: 256769b7-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54802" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-citadel-685c4d4b68-bzvxj | |
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- --append-dns-names=true | |
- --grpc-port=8060 | |
- --citadel-storage-namespace=istio-system | |
- --custom-dns-names=istio-pilot-service-account.istio-system:istio-pilot.istio-system | |
- --monitoring-port=15014 | |
- --self-signed-ca=true | |
- --workload-cert-ttl=2160h | |
env: | |
- name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT | |
value: "true" | |
image: docker.io/istio/citadel:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: citadel | |
resources: | |
requests: | |
cpu: 10m | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-citadel-service-account-token-klk7s | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-citadel-service-account | |
serviceAccountName: istio-citadel-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- name: istio-citadel-service-account-token-klk7s | |
secret: | |
defaultMode: 420 | |
secretName: istio-citadel-service-account-token-klk7s | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:27Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:27Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://f3b1f23684708fcb65502820f327525a2792e9a49af0a34aef5ab8ad788cf73f | |
image: istio/citadel:1.4.0 | |
imageID: docker-pullable://istio/citadel@sha256:e168f97716efd0a16a65ad19bdf6be5858c31e0499023b3a3ef15e9f4fcd6ef5 | |
lastState: {} | |
name: citadel | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:26Z" | |
hostIP: 172.20.44.180 | |
phase: Running | |
podIP: 172.20.52.171 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:25Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
generateName: istio-galley-5f5b6f77bb- | |
labels: | |
app: galley | |
chart: galley | |
heritage: Tiller | |
istio: galley | |
pod-template-hash: 5f5b6f77bb | |
release: RELEASE-NAME | |
name: istio-galley-5f5b6f77bb-cqp6q | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-galley-5f5b6f77bb | |
uid: 2465da7d-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54896" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-galley-5f5b6f77bb-cqp6q | |
uid: b44ae837-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- command: | |
- /usr/local/bin/galley | |
- server | |
- --meshConfigFile=/etc/mesh-config/mesh | |
- --livenessProbeInterval=1s | |
- --livenessProbePath=/healthliveness | |
- --readinessProbePath=/healthready | |
- --readinessProbeInterval=1s | |
- --deployment-namespace=istio-system | |
- --insecure=true | |
- --enable-reconcileWebhookConfiguration=true | |
- --validation-webhook-config-file | |
- /etc/config/validatingwebhookconfiguration.yaml | |
- --monitoringPort=15014 | |
- --log_output_level=default:info | |
image: docker.io/istio/galley:1.4.0 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
exec: | |
command: | |
- /usr/local/bin/galley | |
- probe | |
- --probe-path=/healthliveness | |
- --interval=10s | |
failureThreshold: 3 | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
name: galley | |
ports: | |
- containerPort: 443 | |
protocol: TCP | |
- containerPort: 15014 | |
protocol: TCP | |
- containerPort: 9901 | |
protocol: TCP | |
readinessProbe: | |
exec: | |
command: | |
- /usr/local/bin/galley | |
- probe | |
- --probe-path=/healthready | |
- --interval=10s | |
failureThreshold: 3 | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
requests: | |
cpu: 10m | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: certs | |
readOnly: true | |
- mountPath: /etc/config | |
name: config | |
readOnly: true | |
- mountPath: /etc/mesh-config | |
name: mesh-config | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-galley-service-account-token-wf8jr | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-galley-service-account | |
serviceAccountName: istio-galley-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- name: certs | |
secret: | |
defaultMode: 420 | |
secretName: istio.istio-galley-service-account | |
- configMap: | |
defaultMode: 420 | |
name: istio-galley-configuration | |
name: config | |
- configMap: | |
defaultMode: 420 | |
name: istio | |
name: mesh-config | |
- name: istio-galley-service-account-token-wf8jr | |
secret: | |
defaultMode: 420 | |
secretName: istio-galley-service-account-token-wf8jr | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:40Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:40Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://ce113f1ee29a6560a5dff55953f2b301a3497ac4a5bf5aade1d2b16c8b7ab89f | |
image: istio/galley:1.4.0 | |
imageID: docker-pullable://istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc | |
lastState: {} | |
name: galley | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:32Z" | |
hostIP: 172.20.44.180 | |
phase: Running | |
podIP: 172.20.43.141 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:25Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
generateName: istio-ingressgateway-84dfb78dfb- | |
labels: | |
app: istio-ingressgateway | |
chart: gateways | |
heritage: Tiller | |
istio: ingressgateway | |
pod-template-hash: 84dfb78dfb | |
release: RELEASE-NAME | |
name: istio-ingressgateway-84dfb78dfb-qlpxr | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-ingressgateway-84dfb78dfb | |
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54967" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-ingressgateway-84dfb78dfb-qlpxr | |
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- env: | |
- name: ENABLE_WORKLOAD_SDS | |
value: "false" | |
- name: ENABLE_INGRESS_GATEWAY_SDS | |
value: "true" | |
- name: INGRESS_GATEWAY_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
image: docker.io/istio/node-agent-k8s:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: ingress-sds | |
resources: | |
limits: | |
cpu: "2" | |
memory: 1Gi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/run/ingress_gateway | |
name: ingressgatewaysdsudspath | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-ingressgateway-service-account-token-pk9tg | |
readOnly: true | |
- args: | |
- proxy | |
- router | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --log_output_level=default:info | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --connectTimeout | |
- 10s | |
- --serviceCluster | |
- istio-ingressgateway | |
- --zipkinAddress | |
- zipkin:9411 | |
- --proxyAdminPort | |
- "15000" | |
- --statusPort | |
- "15020" | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --discoveryAddress | |
- istio-pilot:15010 | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: HOST_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.hostIP | |
- name: SERVICE_ACCOUNT | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.serviceAccountName | |
- name: ISTIO_META_POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: ISTIO_META_CONFIG_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: ISTIO_METAJSON_LABELS | |
value: | | |
{"app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","release":"RELEASE-NAME"} | |
- name: ISTIO_META_CLUSTER_ID | |
value: Kubernetes | |
- name: SDS_ENABLED | |
value: "false" | |
- name: ISTIO_META_WORKLOAD_NAME | |
value: istio-ingressgateway | |
- name: ISTIO_META_OWNER | |
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway | |
- name: ISTIO_META_USER_SDS | |
value: "true" | |
- name: ISTIO_META_ROUTER_MODE | |
value: sni-dnat | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 15020 | |
protocol: TCP | |
- containerPort: 80 | |
protocol: TCP | |
- containerPort: 443 | |
protocol: TCP | |
- containerPort: 15090 | |
name: http-envoy-prom | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 30 | |
httpGet: | |
path: /healthz/ready | |
port: 15020 | |
scheme: HTTP | |
initialDelaySeconds: 1 | |
periodSeconds: 2 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
limits: | |
cpu: "3" | |
memory: 2Gi | |
requests: | |
cpu: 500m | |
memory: 2Gi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/run/ingress_gateway | |
name: ingressgatewaysdsudspath | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /etc/istio/ingressgateway-certs | |
name: ingressgateway-certs | |
readOnly: true | |
- mountPath: /etc/istio/ingressgateway-ca-certs | |
name: ingressgateway-ca-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-ingressgateway-service-account-token-pk9tg | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-ingressgateway-service-account | |
serviceAccountName: istio-ingressgateway-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- emptyDir: {} | |
name: ingressgatewaysdsudspath | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.istio-ingressgateway-service-account | |
- name: ingressgateway-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-ingressgateway-certs | |
- name: ingressgateway-ca-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-ingressgateway-ca-certs | |
- name: istio-ingressgateway-service-account-token-pk9tg | |
secret: | |
defaultMode: 420 | |
secretName: istio-ingressgateway-service-account-token-pk9tg | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:56Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:56Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://6d34a3751b52943ab441024fd5c33219244e7b470244d8ba38571aa9c615d91b | |
image: istio/node-agent-k8s:1.4.0 | |
imageID: docker-pullable://istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d | |
lastState: {} | |
name: ingress-sds | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:37Z" | |
- containerID: docker://1e3f986b150e1a865b9a079999b5732dcb7e974c6628c2680ff6c7429e1b66f4 | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:37Z" | |
hostIP: 172.20.44.180 | |
phase: Running | |
podIP: 172.20.59.74 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:25Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:25Z" | |
generateName: istio-ingressgateway-84dfb78dfb- | |
labels: | |
app: istio-ingressgateway | |
chart: gateways | |
heritage: Tiller | |
istio: ingressgateway | |
pod-template-hash: 84dfb78dfb | |
release: RELEASE-NAME | |
name: istio-ingressgateway-84dfb78dfb-zqbxn | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-ingressgateway-84dfb78dfb | |
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "55016" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-ingressgateway-84dfb78dfb-zqbxn | |
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- env: | |
- name: ENABLE_WORKLOAD_SDS | |
value: "false" | |
- name: ENABLE_INGRESS_GATEWAY_SDS | |
value: "true" | |
- name: INGRESS_GATEWAY_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
image: docker.io/istio/node-agent-k8s:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: ingress-sds | |
resources: | |
limits: | |
cpu: "2" | |
memory: 1Gi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/run/ingress_gateway | |
name: ingressgatewaysdsudspath | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-ingressgateway-service-account-token-pk9tg | |
readOnly: true | |
- args: | |
- proxy | |
- router | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --log_output_level=default:info | |
- --drainDuration | |
- 45s | |
- --parentShutdownDuration | |
- 1m0s | |
- --connectTimeout | |
- 10s | |
- --serviceCluster | |
- istio-ingressgateway | |
- --zipkinAddress | |
- zipkin:9411 | |
- --proxyAdminPort | |
- "15000" | |
- --statusPort | |
- "15020" | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --discoveryAddress | |
- istio-pilot:15010 | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: HOST_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.hostIP | |
- name: SERVICE_ACCOUNT | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.serviceAccountName | |
- name: ISTIO_META_POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: ISTIO_META_CONFIG_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: ISTIO_METAJSON_LABELS | |
value: | | |
{"app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","release":"RELEASE-NAME"} | |
- name: ISTIO_META_CLUSTER_ID | |
value: Kubernetes | |
- name: SDS_ENABLED | |
value: "false" | |
- name: ISTIO_META_WORKLOAD_NAME | |
value: istio-ingressgateway | |
- name: ISTIO_META_OWNER | |
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway | |
- name: ISTIO_META_USER_SDS | |
value: "true" | |
- name: ISTIO_META_ROUTER_MODE | |
value: sni-dnat | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 15020 | |
protocol: TCP | |
- containerPort: 80 | |
protocol: TCP | |
- containerPort: 443 | |
protocol: TCP | |
- containerPort: 15090 | |
name: http-envoy-prom | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 30 | |
httpGet: | |
path: /healthz/ready | |
port: 15020 | |
scheme: HTTP | |
initialDelaySeconds: 1 | |
periodSeconds: 2 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
limits: | |
cpu: "3" | |
memory: 2Gi | |
requests: | |
cpu: 500m | |
memory: 2Gi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /var/run/ingress_gateway | |
name: ingressgatewaysdsudspath | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /etc/istio/ingressgateway-certs | |
name: ingressgateway-certs | |
readOnly: true | |
- mountPath: /etc/istio/ingressgateway-ca-certs | |
name: ingressgateway-ca-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-ingressgateway-service-account-token-pk9tg | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-ingressgateway-service-account | |
serviceAccountName: istio-ingressgateway-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- emptyDir: {} | |
name: ingressgatewaysdsudspath | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.istio-ingressgateway-service-account | |
- name: ingressgateway-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-ingressgateway-certs | |
- name: ingressgateway-ca-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio-ingressgateway-ca-certs | |
- name: istio-ingressgateway-service-account-token-pk9tg | |
secret: | |
defaultMode: 420 | |
secretName: istio-ingressgateway-service-account-token-pk9tg | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:24:11Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:24:11Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:25Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://7cc29f0cf1f2dcdb1092d378743eb54059144e656ba4c69cad1db3b99864fb74 | |
image: istio/node-agent-k8s:1.4.0 | |
imageID: docker-pullable://istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d | |
lastState: {} | |
name: ingress-sds | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:31Z" | |
- containerID: docker://7f1c5999b8e9e328620dadea517fa1efdbd93f0346b3961cf67b9a6d26562fc2 | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:32Z" | |
hostIP: 172.20.67.65 | |
phase: Running | |
podIP: 172.20.73.149 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:25Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
generateName: istio-pilot-7dbfbcf744- | |
labels: | |
app: pilot | |
chart: pilot | |
heritage: Tiller | |
istio: pilot | |
pod-template-hash: 7dbfbcf744 | |
release: RELEASE-NAME | |
name: istio-pilot-7dbfbcf744-26cvg | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-pilot-7dbfbcf744 | |
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54945" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-pilot-7dbfbcf744-26cvg | |
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- discovery | |
- --monitoringAddr=:15014 | |
- --log_output_level=default:info | |
- --domain | |
- cluster.local | |
- --secureGrpcAddr | |
- "" | |
- --keepaliveMaxServerConnectionAge | |
- 30m | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: PILOT_PUSH_THROTTLE | |
value: "100" | |
- name: PILOT_TRACE_SAMPLING | |
value: "100" | |
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND | |
value: "true" | |
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND | |
value: "false" | |
image: docker.io/istio/pilot:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: discovery | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
- containerPort: 15010 | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /ready | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 5 | |
resources: | |
requests: | |
cpu: 500m | |
memory: 2Gi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/istio/config | |
name: config-volume | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-pilot-service-account-token-c7xjz | |
readOnly: true | |
- args: | |
- proxy | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --serviceCluster | |
- istio-pilot | |
- --templateFile | |
- /etc/istio/proxy/envoy_pilot.yaml.tmpl | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --log_output_level=default:info | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: SDS_ENABLED | |
value: "false" | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 15003 | |
protocol: TCP | |
- containerPort: 15005 | |
protocol: TCP | |
- containerPort: 15007 | |
protocol: TCP | |
- containerPort: 15011 | |
protocol: TCP | |
resources: | |
limits: | |
cpu: "2" | |
memory: 1Gi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-pilot-service-account-token-c7xjz | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-pilot-service-account | |
serviceAccountName: istio-pilot-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- configMap: | |
defaultMode: 420 | |
name: istio | |
name: config-volume | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.istio-pilot-service-account | |
- name: istio-pilot-service-account-token-c7xjz | |
secret: | |
defaultMode: 420 | |
secretName: istio-pilot-service-account-token-c7xjz | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:44Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:50Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:50Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:44Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://38177cda84b07edffb34f234628eaf416789a87d1d8d6cbd9d59eaf110eac79e | |
image: istio/pilot:1.4.0 | |
imageID: docker-pullable://istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb | |
lastState: {} | |
name: discovery | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:45Z" | |
- containerID: docker://a709c180ace04aa9a8083b555550b026d0cfdaf88ab031aa6234de789233c92c | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:45Z" | |
hostIP: 172.20.67.65 | |
phase: Running | |
podIP: 172.20.95.245 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:44Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
generateName: istio-pilot-7dbfbcf744- | |
labels: | |
app: pilot | |
chart: pilot | |
heritage: Tiller | |
istio: pilot | |
pod-template-hash: 7dbfbcf744 | |
release: RELEASE-NAME | |
name: istio-pilot-7dbfbcf744-7d6vr | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-pilot-7dbfbcf744 | |
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54939" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-pilot-7dbfbcf744-7d6vr | |
uid: b4a70398-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- discovery | |
- --monitoringAddr=:15014 | |
- --log_output_level=default:info | |
- --domain | |
- cluster.local | |
- --secureGrpcAddr | |
- "" | |
- --keepaliveMaxServerConnectionAge | |
- 30m | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: PILOT_PUSH_THROTTLE | |
value: "100" | |
- name: PILOT_TRACE_SAMPLING | |
value: "100" | |
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND | |
value: "true" | |
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND | |
value: "false" | |
image: docker.io/istio/pilot:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: discovery | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
- containerPort: 15010 | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /ready | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 5 | |
resources: | |
requests: | |
cpu: 500m | |
memory: 2Gi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/istio/config | |
name: config-volume | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-pilot-service-account-token-c7xjz | |
readOnly: true | |
- args: | |
- proxy | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --serviceCluster | |
- istio-pilot | |
- --templateFile | |
- /etc/istio/proxy/envoy_pilot.yaml.tmpl | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --log_output_level=default:info | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: SDS_ENABLED | |
value: "false" | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 15003 | |
protocol: TCP | |
- containerPort: 15005 | |
protocol: TCP | |
- containerPort: 15007 | |
protocol: TCP | |
- containerPort: 15011 | |
protocol: TCP | |
resources: | |
limits: | |
cpu: "2" | |
memory: 1Gi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-pilot-service-account-token-c7xjz | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-44-18.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-pilot-service-account | |
serviceAccountName: istio-pilot-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- configMap: | |
defaultMode: 420 | |
name: istio | |
name: config-volume | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.istio-pilot-service-account | |
- name: istio-pilot-service-account-token-c7xjz | |
secret: | |
defaultMode: 420 | |
secretName: istio-pilot-service-account-token-c7xjz | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:35Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:50Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:50Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:35Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://3ac7fd29d14a27f9db3a4ca4f9d90992f619a5c57fe58875bc95f49e8596b0fe | |
image: istio/pilot:1.4.0 | |
imageID: docker-pullable://istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb | |
lastState: {} | |
name: discovery | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:43Z" | |
- containerID: docker://d5af99ea3a34bd13cfb4fc498b956c574a43377d850bee857dfdd17adc8e42e3 | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:43Z" | |
hostIP: 172.20.44.18 | |
phase: Running | |
podIP: 172.20.48.51 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:35Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
generateName: istio-policy-65b67fd4f8- | |
labels: | |
app: policy | |
chart: mixer | |
heritage: Tiller | |
istio: mixer | |
istio-mixer-type: policy | |
pod-template-hash: 65b67fd4f8 | |
release: RELEASE-NAME | |
security.istio.io/tlsMode: istio | |
name: istio-policy-65b67fd4f8-zsdp8 | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-policy-65b67fd4f8 | |
uid: 24e34d8a-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54840" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-policy-65b67fd4f8-zsdp8 | |
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- --monitoringPort=15014 | |
- --address | |
- unix:///sock/mixer.socket | |
- --log_output_level=default:info | |
- --configStoreURL=mcp://istio-galley.istio-system.svc:9901 | |
- --configDefaultNamespace=istio-system | |
- --useAdapterCRDs=false | |
- --useTemplateCRDs=false | |
- --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans | |
env: | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: GOMAXPROCS | |
value: "6" | |
image: docker.io/istio/mixer:1.4.0 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /version | |
port: 15014 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
name: mixer | |
ports: | |
- containerPort: 15014 | |
protocol: TCP | |
- containerPort: 42422 | |
protocol: TCP | |
resources: | |
requests: | |
cpu: 10m | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /sock | |
name: uds-socket | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-mixer-service-account-token-rg24f | |
readOnly: true | |
- args: | |
- proxy | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --serviceCluster | |
- istio-policy | |
- --templateFile | |
- /etc/istio/proxy/envoy_policy.yaml.tmpl | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --log_output_level=default:info | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: SDS_ENABLED | |
value: "false" | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 9091 | |
protocol: TCP | |
- containerPort: 15004 | |
protocol: TCP | |
- containerPort: 15090 | |
name: http-envoy-prom | |
protocol: TCP | |
resources: | |
limits: | |
cpu: "2" | |
memory: 1Gi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /sock | |
name: uds-socket | |
- mountPath: /var/run/secrets/istio.io/policy/adapter | |
name: policy-adapter-secret | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-mixer-service-account-token-rg24f | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-mixer-service-account | |
serviceAccountName: istio-mixer-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.istio-mixer-service-account | |
- emptyDir: {} | |
name: uds-socket | |
- name: policy-adapter-secret | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: policy-adapter-secret | |
- name: istio-mixer-service-account-token-rg24f | |
secret: | |
defaultMode: 420 | |
secretName: istio-mixer-service-account-token-rg24f | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:26Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:33Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:33Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:26Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://b9da5220f3a7bc9e9ac1946c248a66d762890f6098a9f04aa10b6c495b4bbe4b | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:32Z" | |
- containerID: docker://9105b5996bc65507276a54531a2589dae2ee74cbf56e1775299d07157bffd7bf | |
image: istio/mixer:1.4.0 | |
imageID: docker-pullable://istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4 | |
lastState: {} | |
name: mixer | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:32Z" | |
hostIP: 172.20.83.101 | |
phase: Running | |
podIP: 172.20.80.221 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:26Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
generateName: istio-sidecar-injector-85bc5dfb7c- | |
labels: | |
app: sidecarInjectorWebhook | |
chart: sidecarInjectorWebhook | |
heritage: Tiller | |
istio: sidecar-injector | |
pod-template-hash: 85bc5dfb7c | |
release: RELEASE-NAME | |
name: istio-sidecar-injector-85bc5dfb7c-zvx9k | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-sidecar-injector-85bc5dfb7c | |
uid: 2590ddf3-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54891" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-sidecar-injector-85bc5dfb7c-zvx9k | |
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- --caCertFile=/etc/istio/certs/root-cert.pem | |
- --tlsCertFile=/etc/istio/certs/cert-chain.pem | |
- --tlsKeyFile=/etc/istio/certs/key.pem | |
- --injectConfig=/etc/istio/inject/config | |
- --meshConfig=/etc/istio/config/mesh | |
- --healthCheckInterval=2s | |
- --healthCheckFile=/health | |
- --reconcileWebhookConfig=true | |
image: docker.io/istio/sidecar_injector:1.4.0 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
exec: | |
command: | |
- /usr/local/bin/sidecar-injector | |
- probe | |
- --probe-path=/health | |
- --interval=4s | |
failureThreshold: 3 | |
initialDelaySeconds: 4 | |
periodSeconds: 4 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
name: sidecar-injector-webhook | |
readinessProbe: | |
exec: | |
command: | |
- /usr/local/bin/sidecar-injector | |
- probe | |
- --probe-path=/health | |
- --interval=4s | |
failureThreshold: 3 | |
initialDelaySeconds: 4 | |
periodSeconds: 4 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
requests: | |
cpu: 10m | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/istio/config | |
name: config-volume | |
readOnly: true | |
- mountPath: /etc/istio/certs | |
name: certs | |
readOnly: true | |
- mountPath: /etc/istio/inject | |
name: inject-config | |
readOnly: true | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-sidecar-injector-service-account-token-mcc9d | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-sidecar-injector-service-account | |
serviceAccountName: istio-sidecar-injector-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- configMap: | |
defaultMode: 420 | |
name: istio | |
name: config-volume | |
- name: certs | |
secret: | |
defaultMode: 420 | |
secretName: istio.istio-sidecar-injector-service-account | |
- configMap: | |
defaultMode: 420 | |
items: | |
- key: config | |
path: config | |
- key: values | |
path: values | |
name: istio-sidecar-injector | |
name: inject-config | |
- name: istio-sidecar-injector-service-account-token-mcc9d | |
secret: | |
defaultMode: 420 | |
secretName: istio-sidecar-injector-service-account-token-mcc9d | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:26Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:39Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:39Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:26Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://e79a6aafc75f35275f689a54d06a85e47c639ddfb97b315b80948d0d264a0fde | |
image: istio/sidecar_injector:1.4.0 | |
imageID: docker-pullable://istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938 | |
lastState: {} | |
name: sidecar-injector-webhook | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:32Z" | |
hostIP: 172.20.40.226 | |
phase: Running | |
podIP: 172.20.62.179 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:26Z" | |
- apiVersion: v1 | |
kind: Pod | |
metadata: | |
annotations: | |
sidecar.istio.io/inject: "false" | |
creationTimestamp: "2019-12-03T12:23:26Z" | |
generateName: istio-telemetry-8bc7955f7- | |
labels: | |
app: telemetry | |
chart: mixer | |
heritage: Tiller | |
istio: mixer | |
istio-mixer-type: telemetry | |
pod-template-hash: 8bc7955f7 | |
release: RELEASE-NAME | |
security.istio.io/tlsMode: istio | |
name: istio-telemetry-8bc7955f7-vhv6k | |
namespace: istio-system | |
ownerReferences: | |
- apiVersion: apps/v1 | |
blockOwnerDeletion: true | |
controller: true | |
kind: ReplicaSet | |
name: istio-telemetry-8bc7955f7 | |
uid: 2512191f-15bb-11ea-b5af-027e0b84da98 | |
resourceVersion: "54954" | |
selfLink: /api/v1/namespaces/istio-system/pods/istio-telemetry-8bc7955f7-vhv6k | |
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98 | |
spec: | |
affinity: | |
nodeAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- ppc64le | |
weight: 2 | |
- preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- s390x | |
weight: 2 | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- ppc64le | |
- s390x | |
containers: | |
- args: | |
- --monitoringPort=15014 | |
- --address | |
- unix:///sock/mixer.socket | |
- --log_output_level=default:info | |
- --configStoreURL=mcp://istio-galley.istio-system.svc:9901 | |
- --configDefaultNamespace=istio-system | |
- --useAdapterCRDs=false | |
- --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans | |
- --averageLatencyThreshold | |
- 100ms | |
- --loadsheddingMode | |
- enforce | |
env: | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: GOMAXPROCS | |
value: "6" | |
image: docker.io/istio/mixer:1.4.0 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /version | |
port: 15014 | |
scheme: HTTP | |
initialDelaySeconds: 5 | |
periodSeconds: 5 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
name: mixer | |
ports: | |
- containerPort: 15014 | |
protocol: TCP | |
- containerPort: 42422 | |
protocol: TCP | |
resources: | |
limits: | |
cpu: 4800m | |
memory: 4G | |
requests: | |
cpu: "1" | |
memory: 1G | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /var/run/secrets/istio.io/telemetry/adapter | |
name: telemetry-adapter-secret | |
readOnly: true | |
- mountPath: /sock | |
name: uds-socket | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-mixer-service-account-token-rg24f | |
readOnly: true | |
- args: | |
- proxy | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --serviceCluster | |
- istio-telemetry | |
- --templateFile | |
- /etc/istio/proxy/envoy_telemetry.yaml.tmpl | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --log_output_level=default:info | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: SDS_ENABLED | |
value: "false" | |
image: docker.io/istio/proxyv2:1.4.0 | |
imagePullPolicy: IfNotPresent | |
name: istio-proxy | |
ports: | |
- containerPort: 9091 | |
protocol: TCP | |
- containerPort: 15004 | |
protocol: TCP | |
- containerPort: 15090 | |
name: http-envoy-prom | |
protocol: TCP | |
resources: | |
limits: | |
cpu: "2" | |
memory: 1Gi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
volumeMounts: | |
- mountPath: /etc/certs | |
name: istio-certs | |
readOnly: true | |
- mountPath: /sock | |
name: uds-socket | |
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
name: istio-mixer-service-account-token-rg24f | |
readOnly: true | |
dnsPolicy: ClusterFirst | |
enableServiceLinks: true | |
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal | |
priority: 0 | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
securityContext: {} | |
serviceAccount: istio-mixer-service-account | |
serviceAccountName: istio-mixer-service-account | |
terminationGracePeriodSeconds: 30 | |
tolerations: | |
- effect: NoExecute | |
key: node.kubernetes.io/not-ready | |
operator: Exists | |
tolerationSeconds: 300 | |
- effect: NoExecute | |
key: node.kubernetes.io/unreachable | |
operator: Exists | |
tolerationSeconds: 300 | |
volumes: | |
- name: istio-certs | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: istio.istio-mixer-service-account | |
- emptyDir: {} | |
name: uds-socket | |
- name: telemetry-adapter-secret | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: telemetry-adapter-secret | |
- name: istio-mixer-service-account-token-rg24f | |
secret: | |
defaultMode: 420 | |
secretName: istio-mixer-service-account-token-rg24f | |
status: | |
conditions: | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:44Z" | |
status: "True" | |
type: Initialized | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:52Z" | |
status: "True" | |
type: Ready | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:52Z" | |
status: "True" | |
type: ContainersReady | |
- lastProbeTime: null | |
lastTransitionTime: "2019-12-03T12:23:44Z" | |
status: "True" | |
type: PodScheduled | |
containerStatuses: | |
- containerID: docker://9ce10f0109da447773865317d77a1e1adf3e2ff12797e9bbbede9a943684a523 | |
image: istio/proxyv2:1.4.0 | |
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415 | |
lastState: {} | |
name: istio-proxy | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:51Z" | |
- containerID: docker://7b5d0d15672cfcf154cba33b8ead5e6eeab573450cb4452eb2289434b3208718 | |
image: istio/mixer:1.4.0 | |
imageID: docker-pullable://istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4 | |
lastState: {} | |
name: mixer | |
ready: true | |
restartCount: 0 | |
state: | |
running: | |
startedAt: "2019-12-03T12:23:50Z" | |
hostIP: 172.20.40.226 | |
phase: Running | |
podIP: 172.20.61.35 | |
qosClass: Burstable | |
startTime: "2019-12-03T12:23:44Z" | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: podtemplates | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: replicationcontrollers | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: resourcequotas | |
------- | |
apiVersion: v1 | |
items: [] | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: secrets | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pWTJ4MWMzUmxjaTFzYjJOaGJDMW5ZWFJsZDJGNUxYTmxjblpwWTJVdFlXTmpiM1Z1ZEMxMGIydGxiaTB5TWpaMGNTSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMbTVoYldVaU9pSmpiSFZ6ZEdWeUxXeHZZMkZzTFdkaGRHVjNZWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpYSjJhV05sTFdGalkyOTFiblF1ZFdsa0lqb2lNV1ppTkRGaU5XVXRNVFZpWWkweE1XVmhMV0kxWVdZdE1ESTNaVEJpT0RSa1lUazRJaXdpYzNWaUlqb2ljM2x6ZEdWdE9uTmxjblpwWTJWaFkyTnZkVzUwT21semRHbHZMWE41YzNSbGJUcGpiSFZ6ZEdWeUxXeHZZMkZzTFdkaGRHVjNZWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJbjAubzBJV2pqYUpJdWM0RjBsNmpKMU5PRnlqQWtZb2M4Z3EyMUI1bmlaM0tHRTFBM3V5UWFXN0FNUG80NmowZkl0NTZfYXRpaXFFSlZkNlZzQnhuaGVLdnEyOEU0Y3dhZm5WdHZGNVdiYVoxSHN2MDJRNGxyY0M3T2h4dk9URFhaVmRtb0pBdEN1LWEtMVFTdWVnTW5KMFRMMzFtQWRnUFd4NTNnX3BlbmkwWkgzeWlSUU15SG1oeWN2cmRVNm5jbng1eTRvTzhsTEVxS3g2RlgwZHJxOVJxbXJSUHR0RUtxVGwxYThLc296WERRSHhGRTNtaE5rMkZsZjVNaTdObm9sSEhHVzNPNGpNTEUxMVM5Z2NzVWN4Mkt6SEFyaG85Q213Z1lhNjZibFowV0c5R2ZMc3F0NXduZDRSRHZhd1MwZFZrX0YyRnRWdmxCbGtPQk5WaGg0SHF3 | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: cluster-local-gateway-service-account | |
kubernetes.io/service-account.uid: 1fb41b5e-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:22Z" | |
name: cluster-local-gateway-service-account-token-226tq | |
namespace: istio-system | |
resourceVersion: "43418" | |
selfLink: /api/v1/namespaces/istio-system/secrets/cluster-local-gateway-service-account-token-226tq | |
uid: 1fb52306-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pWkdWbVlYVnNkQzEwYjJ0bGJpMW9aelJzWXlJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKa1pXWmhkV3gwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWRXbGtJam9pWm1aaU5EazRNbVV0TVRWaVlTMHhNV1ZoTFdJMVlXWXRNREkzWlRCaU9EUmtZVGs0SWl3aWMzVmlJam9pYzNsemRHVnRPbk5sY25acFkyVmhZMk52ZFc1ME9tbHpkR2x2TFhONWMzUmxiVHBrWldaaGRXeDBJbjAuU3UzX25CVGp3MWFNbjhnY1o0TlVRNC0tQXFES1k2T09XOENyazdhM0EtVlBmRC1Cdlp2dVFiUEpLNlB6UjJzZF9fMmFSaGRzb3lWN0FwdXdxekp4ajVnUy1ObUVobkpIQmhtOHhDNjJpWWNFUldKYy1JaGozakJOb2hxa1lQaDEwU2t0eER5S2JyTV9RNHpYZmU5aklsMmFuaTV1eEZIOUtjd3pPNFJZanUwMWViaTAzdWpKMkpyZUt5eEhqMVZvTE91R2d2bW5jcVdYTVIxRGJtV2tGLTBZZUVoRG5fRXlDRXRjODcyd05oSG5ZSmdWMlRrdUxTVm90T3FFNTZial9uemRfYXJlcEV5M29pdFFreDJYbWVVR2Z5QUUzSEZnRzlZVW54RUllTFE1aVE4ZmFJb3h3UmV4MGQ3eFpIQzNTOG5Yd3ZuUklna2RyeU5rZFE3NHFn | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: default | |
kubernetes.io/service-account.uid: ffb4982e-15ba-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:52:28Z" | |
name: default-token-hg4lc | |
namespace: istio-system | |
resourceVersion: "43257" | |
selfLink: /api/v1/namespaces/istio-system/secrets/default-token-hg4lc | |
uid: ffb65fe3-15ba-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
ca-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb0Zxd2FmdVZ5c3lETFprV09vQksxOG10QnlQcTY2Z0ZVRW9CaUpiR1V1MG5zUFNLCjU5TDZMSWdOM0Z2czQ3bTlmT0JQYWM5UXc0R0YrZndMNW9hWkZ0RHJCajNrNk1QY1l6YUlHVStqMGVGWVZSY3YKckR6UGc2cWlTM0dmeEVIT2pxbEo5djBobVcrQjhYZStibjd4alJrK3pWRHRVcXZtRUxlYUo3WkFPai81VzFEMApPNzIzNEkzYXZUS2w0Y05uQUUvT3ZkRmErWTgxc29HUjhEOUwyUXJPWkZTd0p5dFRQS2N1TklNcmVRVFdndzI0Cmd4ekFodmpwMWdRZHU3QzZ5djNpT1puQ1d0RmxXR0MrWlNwUnFCQVJ2RUt4VFNZdy9UZ2RJeVlqbFVCOE5majkKR25WajJEYjVSU094eUNLUm1EaUpBMnpJaTVSbmpMdmxpOVIvc3dJREFRQUJBb0lCQVFDY1JVVS9ROHRMQTl1agpDRm05VVdHZXdoQTVzU3N6MVY2NFRDY0tjY1Y4ODFtRy9ncVF1ZTdNanhyUzhWTCs2dmhiUms2ZUUwZmwvOGdOClF6Qmx6QzVOS2ZTZzlKaXNycE9Nckl3ZC9wcnI0dXd1b0pYNUNKcEMrbnVIZ29mc3Z5VUpxcmxHVnBIejhkTjAKK3ZrK3ZiK3hmalRSNmxnZUJTQUVrcWxNb2pRZGpzZTJnQ0h2YmM0UWhZT3JJR2VSMnpFVVQxckhUTENlS0FUNApRRGVPSVNwQjJqd3czMjdTOS9VN09oMk82UVJheUxrUVVONTZOQ2ZuZUg4anEvYnA5WmhLZjQvaS9JL1paTDhYCjhvenBGVCtqWUMrbzJWM0JrV1YySXVOZGVTRmc1SkNKRmJuaWNaZzYwMURuYkxvdlJVc2p0ZXRYbjQzblhkN0kKc2M3LzFmdUJBb0dCQU1KRC8wdG96eThoYWV6RHZ6WlFnY2ZTTHVrdVV3akhKSW8yZmlmVUM0elFuTUtHVElYTgpMTHdUQUQzbXlYdHozaHN5NDU0djNQamZBSzM0eFl4djBqQXV5SXhZQzdFU1BPcVgvWTlvT3NkSHBjY01YeFcwCldkWnlzK1JnVmJkWmpCTmRtSlk0UFc0UHgxZURkMFpTVU1Zb3JzeW5JVEh2WmptRkFYR2V0WmFSQW9HQkFOTlAKNnBURXNna1E1UWYySWJ5TWxHT0Y3SUVhU3psWnJkb1hhc2ZNU2xudXJjVUZVSDNvQVJkQkVDRGxUc1FZSldybgpORW5tSmt0L1gxRG1JVnhwWGp4ZVVqL2p0N1hHWTV2WFNzY2NldW5CUFZiQmZVSWUzc04ybmppcDBRMThWNTdXCmhoRlVuZHNGcHZKd29zY0diSUVONUhSbDN4WWdHZlFYcWE3NExmd0RBb0dBU0tXZEJ0by9BR1VDYzZRUUVZT3gKeE1QNC93SnYwc3lHQVptM083VzBUQWlIVnNkYVBuOG54MzFqamNLTWZqb3FTUW1TelVrZzNZQ25oR2VQbUtFSQpmVFJCa3hvcDVTSG8zZUhRMUp3cHZ2UXdMbXVWODB2cWZLT1FXa3NjUXVDZDNYQVc2N1pFWXJCTDM1SXVQSUh6CjZ1YXoxNXg0Y1hBUlRsbEszTzU1QWNFQ2dZQU5jVE1CL2JVNW9HcUJaQ1huUWFZYTRxVVYzVjlWcVovR2xPREYKRHZqWDJiZ1NKWEZtWVFEWXd0bk16ZW1CemV0cmJvUEVBN0VCOG50VXdSNzBLdnZFcVZkZ0d4TlBxK3dnT01UWAovN2JOOGUzOSs5Y0ZBc08yK1crOU9RaEViRm1Da0REOUh6M2ZkZStWMHBaNFJLOVlVbExyR0tQbFcydHJQS29kCnFFbjhrd0tCZ0ZpVWJRK0tuLzErSzc5L3pGdjdoRFEvQkFsRTVkSkF3MU1pcDNNRjZVT2EzR1ZxYWNrakVWVVAKQVpPdHdOUnhuNGU0TGx2WFA4NSttZEF1eGNXQVhEcHU0bmc5R21hL1N3ekhaL0ZGdEs3SVB5RHlkOXh5Q0xYWgpkSXBJb2JLZUZiNkJSdWJ6Mm1rOXA3UGxkZUlqT1dZZ3JNT3NjN0FQc0R4bUNncU1jNnJhCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
cert-chain.pem: "" | |
key.pem: "" | |
root-cert.pem: "" | |
kind: Secret | |
metadata: | |
creationTimestamp: "2019-12-03T10:53:37Z" | |
name: istio-ca-secret | |
namespace: istio-system | |
resourceVersion: "43634" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-ca-secret | |
uid: 28bc7fd6-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/ca-root | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRZMmwwWVdSbGJDMXpaWEoyYVdObExXRmpZMjkxYm5RdGRHOXJaVzR0YTJ4ck4zTWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhWE4wYVc4dFkybDBZV1JsYkMxelpYSjJhV05sTFdGalkyOTFiblFpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl5TUdWaU0yUXhaaTB4TldKaUxURXhaV0V0WWpWaFppMHdNamRsTUdJNE5HUmhPVGdpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmFYTjBhVzh0YzNsemRHVnRPbWx6ZEdsdkxXTnBkR0ZrWld3dGMyVnlkbWxqWlMxaFkyTnZkVzUwSW4wLnJLekthSTlxMkFlYXVjYkdxSmUyTlJETEhjS1N5Q0tSTS1uRDdhTjl3VEh3cTl1ZlFuZUxsQ1NCVGIwOE9xSm83Q29IcGVPWDRFd3VjQ2Z2eFR0cE9YV040Rkk0WGdNU2ZqSXdoNzVpaTl6VlFBOVM4Rzl1ZTBhQVlYbFBWd01Zc2JDQm9UQV8wem9uam1UWFJTQ3ptUkpDZm1ieDhNYUtObmYwRThMSDFwZUdCMzhUQ1BpWTk3T09sTlIwU09ZNm9aRUlrR1F6X1VGRnFYNEFnWTJYblJFSDVoZTZoa1lHUENGblRRWDEyM0Q3b2lHVmNENUp4NXEtaVZtZkNxejhjN18ySVY0OEFTaXJiX3pvTk9GRzh3LV9NRWdfbEh1TkVzVHJianMyOWM5ZUM2QXduWEV4N1hiM3Z2bWo1OGJKV181Tk5McjlYeTQ3MVQ3Q0l5bE0wQQ== | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-citadel-service-account | |
kubernetes.io/service-account.uid: 20eb3d1f-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:24Z" | |
name: istio-citadel-service-account-token-klk7s | |
namespace: istio-system | |
resourceVersion: "43445" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-citadel-service-account-token-klk7s | |
uid: 20ed1fb0-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRaMkZzYkdWNUxYTmxjblpwWTJVdFlXTmpiM1Z1ZEMxMGIydGxiaTEzWmpocWNpSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMbTVoYldVaU9pSnBjM1JwYnkxbllXeHNaWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpYSjJhV05sTFdGalkyOTFiblF1ZFdsa0lqb2lNV1k0TkRNeVpUSXRNVFZpWWkweE1XVmhMV0kxWVdZdE1ESTNaVEJpT0RSa1lUazRJaXdpYzNWaUlqb2ljM2x6ZEdWdE9uTmxjblpwWTJWaFkyTnZkVzUwT21semRHbHZMWE41YzNSbGJUcHBjM1JwYnkxbllXeHNaWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJbjAuZ2FYQ2ViRlpRWGNJQ2RWNGNiNkhheEV4UVU3eGxSd0dfTl85U3ZnWkdBYmstcmVEUjRTelBqUW4xdWhMeXkzZzZOTnhQUzRnZGw1a3FpUVNuSVBwZkxGcHNBakMtelYySzZJUTVib3EyLXEzOXI4LVdWYVo2dG9fZHNRYnF5YTlEcXdnY1RxaUx2c2FXM2NuWEdkLVBHOURNaGZLSlJUR2UyRWM0Y29DLWlyTjZRbHdfRTFoczRwdlZBLUFCWWRFRzYyV19tSzBkUFllNEZjTkhPUEY4dUhSM1gyazY3TTFoOWNTUFl1S1dXNnJyaUhyR2FmOGZ2bHMyT19kbWpvRXVZbTI2ZHd2ZWsxV0hYUzE1WVFKMnBOTnZTZU9qNEc2UTlRNE9VUHR5TU1SbktRNzQ5a2VUb2ZpRHEtbnJ1QXFxMVdGcmc5VzRYZV9xelpTTDYtRXl3 | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-galley-service-account | |
kubernetes.io/service-account.uid: 1f8432e2-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:22Z" | |
name: istio-galley-service-account-token-wf8jr | |
namespace: istio-system | |
resourceVersion: "43415" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-galley-service-account-token-wf8jr | |
uid: 1f853dc1-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRhVzVuY21WemMyZGhkR1YzWVhrdGMyVnlkbWxqWlMxaFkyTnZkVzUwTFhSdmEyVnVMWEJyT1hSbklpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltbHpkR2x2TFdsdVozSmxjM05uWVhSbGQyRjVMWE5sY25acFkyVXRZV05qYjNWdWRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqRm1aR00xTmpKakxURTFZbUl0TVRGbFlTMWlOV0ZtTFRBeU4yVXdZamcwWkdFNU9DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBwYzNScGJ5MXplWE4wWlcwNmFYTjBhVzh0YVc1bmNtVnpjMmRoZEdWM1lYa3RjMlZ5ZG1salpTMWhZMk52ZFc1MEluMC5RekZqSFQ4NjlHWmVSTmdOeU1UNTdOYS1yczNhMXFJQy00YTg2TkwxZ3J6Nkc4ZUdwWDBSbFFqS3NOS0ZOM19NcUVGOVQzS2NzVWVVX2IxTE83SWhpZWxLWHd3SmxmN0cxQy1ycy1rMThmczBvcWxZTk9NNnBlN1BUdERobzBTNHlfY3BvbmNGNjMybVlidS14NGN3MGdPU29tT3NlcEZabUFRaF9nWVFRbzJIMlZVeG5mZGRUejh3WVpfbUJybjFqdTR6NVpLTVRDdV9UMThVMVFGY09ld3RqYUptRTNWZUM0RkpONTJ6WjQxM0ZCVDZoX0VkZ1BjUHd0amp5bklCOGlSU2o3MWppTXoyenpiUkZwMk9PSjZLMDdHNlBWa1RlNVNQSWprRGZLLW45bXJvUThNVG5naHRqSjgxZkFLOUlxRlVnN0VJWDJhanlLc3JFM293akE= | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-ingressgateway-service-account | |
kubernetes.io/service-account.uid: 1fdc562c-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:22Z" | |
name: istio-ingressgateway-service-account-token-pk9tg | |
namespace: istio-system | |
resourceVersion: "43421" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-ingressgateway-service-account-token-pk9tg | |
uid: 1fde6629-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRhVzVwZEMxelpYSjJhV05sTFdGalkyOTFiblF0ZEc5clpXNHRaRFYyYkhBaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNXVZVzFsSWpvaWFYTjBhVzh0YVc1cGRDMXpaWEoyYVdObExXRmpZMjkxYm5RaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJd01UaGtaamhoWlMweE5XSmlMVEV4WldFdFlqVmhaaTB3TWpkbE1HSTROR1JoT1RnaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZhWE4wYVc4dGMzbHpkR1Z0T21semRHbHZMV2x1YVhRdGMyVnlkbWxqWlMxaFkyTnZkVzUwSW4wLnV1emIyR1ZTLW9NUVM4aXgxaUJ3Ukl3TzFSV3luT2Z2OXhTcFlfd3g3LVp1VmpueFRGc1U4Qjd6WWpRQjZLZlo2ejNia3BUTHBMRDVDM2FLeXZkc091OXo0WERKTDdSTk84U2tQVVk0WXVKOW1IUU1ZeDFhMER0c3Y1VVBLTkdWTmNYQ3VqeE82dXF3cHRGYTdYRkZqQ0dqUlRNdi1EVnZyaldOS250YWVaRk92R1Vra3JFUDl4UUt2SE9zOVc5dm96dkNYV281WEkwMVo1eFMwd2JVLXU5VlhYeVdDaG1EdE1nX0tDSXhjdTVMaS1VNnZWZDltNE44RG9EZzRxTnBRZm1Fc0ItLU1YLVBqWWZMdFJBV2thTlVMWTZ0cl9nNWFEZ2d4TUg2R3lNVmRuMHdfQV9oSVc0MnNSRkVQc3ZTakRiNEhQTmpLT051MU9jWDV1bXVSZw== | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-init-service-account | |
kubernetes.io/service-account.uid: 018df8ae-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:52:31Z" | |
name: istio-init-service-account-token-d5vlp | |
namespace: istio-system | |
resourceVersion: "43268" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-init-service-account-token-d5vlp | |
uid: 018fb58c-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRiV2w0WlhJdGMyVnlkbWxqWlMxaFkyTnZkVzUwTFhSdmEyVnVMWEpuTWpSbUlpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltbHpkR2x2TFcxcGVHVnlMWE5sY25acFkyVXRZV05qYjNWdWRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqSXdNRFUxWlRWbUxURTFZbUl0TVRGbFlTMWlOV0ZtTFRBeU4yVXdZamcwWkdFNU9DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBwYzNScGJ5MXplWE4wWlcwNmFYTjBhVzh0YldsNFpYSXRjMlZ5ZG1salpTMWhZMk52ZFc1MEluMC5lcDlUUERZYWZvd3pQb3ljaVM0WEVhN09jeDBFdjJhSFJHUEI3QmJycnU4ZXhPVHB4d2F0andrY0R2QU5DRy1SWC1semRTQzNqS2RlN1lMbFVpdVl6ZWhwZHB1RjJpeWt6dE92SUVsemlWdXhpU0gtQ3dTZ0NzeEtFandrU1JKMXUtTGlzSnlJdkFTZnNfSmk1enY2Mk1lOW4zTzg1RzAtWi03cnEzUEZaMkd4RTdxRGVUdDZKeXlVMTBNUWRGTXNUREhZVVE4ZTlLelRkZnk4Q0p6SHJqekN4bVoxVEQtWTA3cmw0WGRJaGpCUW1EYlNuenREajgyeEJMWlNSYTI2LS1OODZhMDQwLThFRmg3Y2JSRjFyNU9fdWNZcTFrdHc0WWpmTFpjZEpkemJWWWNReDRtUy1RY0laR2ZXZWtidXg3MWROOVptUUhkdjdXbWVNQUV5QlE= | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-mixer-service-account | |
kubernetes.io/service-account.uid: 20055e5f-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:22Z" | |
name: istio-mixer-service-account-token-rg24f | |
namespace: istio-system | |
resourceVersion: "43424" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-mixer-service-account-token-rg24f | |
uid: 20068801-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRiWFZzZEdrdGRHOXJaVzR0Y1RZMU1uQWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhWE4wYVc4dGJYVnNkR2tpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl5TVROaFlqUTNNeTB4TldKaUxURXhaV0V0WWpWaFppMHdNamRsTUdJNE5HUmhPVGdpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmFYTjBhVzh0YzNsemRHVnRPbWx6ZEdsdkxXMTFiSFJwSW4wLk5pdFBhamRyWllpNzd2UFlSb0RuMFpLWUl2RURQZDR4Q3BzOHZwWURDeGN3UlpDZmJuWHYwQ0NhNi1jdTVWTlk3QlgwYm44ZjJtbm9ueVdma0lab3NsdEk2MExKVHloZ2h4bURLUGp3UHVld2M5T01rZWttMlprOGxaX3ZSQVY0M09aMDNhcTk0OHJLa1NzelRhNTdhMDZrd0swU2czYldxbEx0TGFsdGJiZEZmVnpCekNHRlJpTHRjMGx3QXd1QlBwVTVpUk5uSWtQWktLMW9TX1RhaFRkS0lSZktKdVk1SnVMUWZnb3FXZGVyYzd5THhkamFyZ3Jpa01lNlBYN0s2Wm45TjRpWDRNSlZxUnlxaVJteWlwelV5MGhrX3hka3BDWWY3X3JINTA3a3RiTm1rNjZWSzU3S1N3Y2dGTWk0MEExVkxNVWRQeDk0WGZKOVc1SVJwdw== | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-multi | |
kubernetes.io/service-account.uid: 213ab473-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:24Z" | |
name: istio-multi-token-q652p | |
namespace: istio-system | |
resourceVersion: "43453" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-multi-token-q652p | |
uid: 213be688-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRjR2xzYjNRdGMyVnlkbWxqWlMxaFkyTnZkVzUwTFhSdmEyVnVMV00zZUdwNklpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltbHpkR2x2TFhCcGJHOTBMWE5sY25acFkyVXRZV05qYjNWdWRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqSXdNbVF4TkRreExURTFZbUl0TVRGbFlTMWlOV0ZtTFRBeU4yVXdZamcwWkdFNU9DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBwYzNScGJ5MXplWE4wWlcwNmFYTjBhVzh0Y0dsc2IzUXRjMlZ5ZG1salpTMWhZMk52ZFc1MEluMC5sRGlOZ3VFTHluNEhQOE1WaXdGNXZiVjNaMVlsNzQxalhrcVd4bnRkYzluZFRwUTdkbnN6RW9rVlVGWU5MRlpDcHVkSEpMNUxpdl9aRkdtUlFhZzQtRkJzVmRVcG5OaGhOcFdxekJfdTdiVEdvZGtiUWxBUnpLbC03YnR2SDRCMlQzOGE5Y2FvN0dlWUZrc1VWT3ZET0d4TFdYOEZlV0l1b0xCZmlENHpqTkZ5Zi1ES2szNDQ0VE40a0lDZmsxMm5Pek51MTNiR0xUblQyVXNtOVFTbFhVcUNMbEpaajNRVWdWbUpTc0UySEVwWXB4RVRuWXREWXJtei01c0J3ZHF2VFFXc0ZmSERBaDl4SElnWmdXVUxiemJIdWlERENpTjFSLWlycTYxTWt1TV9YMXRvMlZ0ZE1HbFl5dUhLd3RfaDVETG9wOTdoNTBwRFFURnY4cnNwSnc= | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-pilot-service-account | |
kubernetes.io/service-account.uid: 202d1491-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:23Z" | |
name: istio-pilot-service-account-token-c7xjz | |
namespace: istio-system | |
resourceVersion: "43428" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-pilot-service-account-token-c7xjz | |
uid: 202e0527-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRjMlZqZFhKcGRIa3RjRzl6ZEMxcGJuTjBZV3hzTFdGalkyOTFiblF0ZEc5clpXNHRkamx0WTNJaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNXVZVzFsSWpvaWFYTjBhVzh0YzJWamRYSnBkSGt0Y0c5emRDMXBibk4wWVd4c0xXRmpZMjkxYm5RaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJeU1EVTRZMkl4TmkweE5XSmlMVEV4WldFdFlqVmhaaTB3TWpkbE1HSTROR1JoT1RnaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZhWE4wYVc4dGMzbHpkR1Z0T21semRHbHZMWE5sWTNWeWFYUjVMWEJ2YzNRdGFXNXpkR0ZzYkMxaFkyTnZkVzUwSW4wLnFwT09wTW1GYTg0b0ZPX2loMmg1Zk9DWWFieVlfSnpFelI0TVBaYzd5VHdBdEhrVThPVDVBMnMzSzRSdGdOTEhsMS1vTnUyUVFmWkNyOUN4M0c4aGlkUmYyaHRiSGZ4UzdjZUduY1pkZ2xUcW1SN3NtRmhwZGhBclY4cElYSlBndnJ5QTg3N21FM01TeklZX2pqel9vMGs5bHlLa3ozSV9zWVpObi1iSjl3b0F4UXdBYnZxZUZ3ZURNalZLOGNqc0tGMFk0WjJuWDFpdmF2OHlLcVNKS3owQkl6eXRXM2FWVUxTVmtvOFkyNmNmbWNlUVlrUUN5QW9ReVo0Y0R4ejVZOWQxckJFTk5Eajc5YzZuNnlpWWZaMXhsY2xLbmJlTHgxdzhWajlQbnptVFFsblQweWJ4RXdFUTFfcmtrTHFvWVB5b3J5bXIyeWo2OUlqTVItZS11QQ== | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-security-post-install-account | |
kubernetes.io/service-account.uid: 2058cb16-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:23Z" | |
name: istio-security-post-install-account-token-v9mcr | |
namespace: istio-system | |
resourceVersion: "43431" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-security-post-install-account-token-v9mcr | |
uid: 2059d214-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
namespace: aXN0aW8tc3lzdGVt | |
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRjMmxrWldOaGNpMXBibXBsWTNSdmNpMXpaWEoyYVdObExXRmpZMjkxYm5RdGRHOXJaVzR0YldOak9XUWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhWE4wYVc4dGMybGtaV05oY2kxcGJtcGxZM1J2Y2kxelpYSjJhV05sTFdGalkyOTFiblFpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl5TVRFek0yWXhaQzB4TldKaUxURXhaV0V0WWpWaFppMHdNamRsTUdJNE5HUmhPVGdpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmFYTjBhVzh0YzNsemRHVnRPbWx6ZEdsdkxYTnBaR1ZqWVhJdGFXNXFaV04wYjNJdGMyVnlkbWxqWlMxaFkyTnZkVzUwSW4wLkExZXVGQW1PTkJnTWJLLXdkbDI4bU41UXNrUlJmeXhKVTV6WkxGM2tON2JJV2E4UGZCbnYtYkd1TFFqMTMtWktmUTBuVVdsZ2hrMGJZSTlyc28tRG5Cb3otS2VwZHdNT3l4STVHcTJVYWVPVDRscHJOQ2Q3RnIwcHYtYVdDcnFPaGlRTkhTNzU4ZWdIbndtT2NCdDFRbXBxUzJfOFU2Z2JTeFVPYzNoQzRxZllLcnowTmQ3VElNM2VNNUtEYm1fWlRxcDhjRTFFeGRRd3N4UFdOVHEwbTlSdWxqQWpoMWVKcGpvRmtQQmhHWXBHQ2VQTmpZZ0lHMmdwamFZMjY3UEl4SF9td1NGbFVyRTR1M0dTTHpXWW1faGxUeUgwTVAyZU1OSVFRVFNWTUk3bVRlZ2o0RHViOC1rUXB3LTl3UW5kektaaklEWFJqZ0lTZFQwd1pNQ1JRQQ== | |
kind: Secret | |
metadata: | |
annotations: | |
kubernetes.io/service-account.name: istio-sidecar-injector-service-account | |
kubernetes.io/service-account.uid: 21133f1d-15bb-11ea-b5af-027e0b84da98 | |
creationTimestamp: "2019-12-03T10:53:24Z" | |
name: istio-sidecar-injector-service-account-token-mcc9d | |
namespace: istio-system | |
resourceVersion: "43449" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio-sidecar-injector-service-account-token-mcc9d | |
uid: 21144902-15bb-11ea-b5af-027e0b84da98 | |
type: kubernetes.io/service-account-token | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRakNDQWlxZ0F3SUJBZ0lRVkhENWp5bmFPaFNLaWJ2UTRZdG51akFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNek9Wb1hEVEl3TURNdwpNakV3TlRNek9Wb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMZkFYTlZDCnJEakxsTGdVbVFuU0dObUFvdkd5NEwwOUlmV3ZpQnY0SWl0eDFjY0w0d2RWaGlsb2M2aHVkaVV1VmZhMFlnTmkKMG5Wa3Y1Q0tUWXUraGpyU2pWYVBEK0UvR2tPM2d2R3VtYnRyTWNnOGQ2NDBzdnp0TnpsYkZpd0lid2pXaDFkdwpSSG1FT2tDTDhEUi9mU0JIMnZVWUg3ajB1RXZidmk4elpTUkNxc2JvY1VZb0tMOFFYckpWYUR0MFBWWFNXK2h5CjhuTUJVTitKQTM5VmdIS1dWMzR0aitVeldWdWxGNTgzUTdBUnJ0L2NZRVhIUnJGWUhGSDV3SzY1MWV4ZXJMMTMKWTBKbXE4clVHZU0zTE1LZTdSWWR3RWUrbnYxb0JvZGZHKzJ4dDArY0liUjNPaXFLbnhOZDZhOG8rZTd5RFpIQQpkbld1MlBLT2NkdjgzVGtDQXdFQUFhT0JuekNCbkRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1hRWURWUjBSQVFIL0JGTXcKVVlaUGMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2WTJ4MQpjM1JsY2kxc2IyTmhiQzFuWVhSbGQyRjVMWE5sY25acFkyVXRZV05qYjNWdWREQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBZGsyUjVZaC9IQmRKeDBwcnNweWtHL1M0M0ZuYlM3M3Vmbzl6ejBvRkRwU1JKZ0Y1Z3dWUWYrcVUKWU5WODZDVXNCN2MwRllwaHQrWnNTZGF1MG9uQVpleGphU04wNVlLUjVNRlREZDh4bFBqM0Jta2VBTGlWenM5YgoyV2VPVFZWdkRNc21YeTVWVG9qQ21vbEI5OFRVZlk1aFRlamRPQitIaVhCdXk5K3VIM09NdmZuT1NmRWdxRW9sCnRQZ0gzNWJ1cmdKOExDVDBJeDFMeURuZlIwdjJMbDdCSnNKdGlzKzJITVRwaDRYbEpycXF2S2RqQ1kxSEVHdzMKaFBjd1Q5UmowTHRDRW1XdEhEK2kweTVZVnlQejRxUzFzcE5OSTlZdzZTeGNZUVRoamR0cEdrNVNVOGs1enZySQpOWGEySEhDRkZHMEgza0FpbjJQaVJLUXQxbFpaWHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdDhCYzFVS3NPTXVVdUJTWkNkSVkyWUNpOGJMZ3ZUMGg5YStJRy9naUszSFZ4d3ZqCkIxV0dLV2h6cUc1MkpTNVY5clJpQTJMU2RXUy9rSXBOaTc2R090S05WbzhQNFQ4YVE3ZUM4YTZadTJzeHlEeDMKcmpTeS9PMDNPVnNXTEFodkNOYUhWM0JFZVlRNlFJdndOSDk5SUVmYTlSZ2Z1UFM0Uzl1K0x6TmxKRUtxeHVoeApSaWdvdnhCZXNsVm9PM1E5VmRKYjZITHljd0ZRMzRrRGYxV0FjcFpYZmkyUDVUTlpXNlVYbnpkRHNCR3UzOXhnClJjZEdzVmdjVWZuQXJyblY3RjZzdlhkalFtYXJ5dFFaNHpjc3dwN3RGaDNBUjc2ZS9XZ0doMThiN2JHM1Q1d2gKdEhjNktvcWZFMTNwcnlqNTd2SU5rY0IyZGE3WThvNXgyL3pkT1FJREFRQUJBb0lCQUNOQWYwN1duSzNFdU1KYwpDVVF1RDJCaTRsL1dQbkZ2c2YwdGNNSlU1MUZJWklmc1N1RFVVb25OSlNzeURlNXlKa0hQTjJLSTZmRmxvNjY2CktjaGVnK2Z6RHZTRk83bXQzbjhSVE1qTEEybEdWbVdnM0NFS3NTLyszbkpkZkRKMFo4RGRUMWZDRFJEM0FpbngKN3VKVGR4RGpXQ2xmT0c3R1hEa0pia0lsN1FoNGdqSnN1eUluaktNZ1liT244RzM0QXBXTlhlVUF4dTNkVU5aQwpNNFNIQlVMVzlCdFBJUGE5MFNWRGM1SmlpakdHRjEvZjZQbksvZ0wwWldxbXBiZ3drRjUzdThHZXh5dDB3andTClBuRTdNRXRyeFJGa1RKQkxvV2EwOFQzUDVzcjU1Rm5jMkpKOStJcFp3ZXcySzNTRC9SZDZrSTN5ZmNqZXJUMEkKSU55RllLVUNnWUVBeGRCSkRkMUZVOGlrZWJJNFYwUU15aGZpbElKWGZmdGVRYWVmRWZ3VGJtRThzMmkxZzdpcQpsS1Z5UFc2RXpCNm9HNEF5Z0FaOHdFcEpiYUZjK0RFZWF0L00xZ2lNVkZucmJzNUlvMnpwZ3pMdXBDNGFVYWh4CkNjRGxRc0FMbHluQTNlT3BOVW5sdUdkYm1Jd3JTTzl3T3hDOXN1MS9QZTBMWUpoQzJKZlJleGNDZ1lFQTdjMHIKUEw4UGgxcEt6NjUrUkxTeE5RY0EzNFRybG1BM2VqNjJzdmdQQjVXc0ttRlpsUEVxY0JHck92MThtYWEwVFk1aQo4T05tOC95dXhpcFBNeXB0SUVNZGJnWHNrYmt2SFVtcHNFSHhNU0lsQm53eHB4ZUMwQ0pXL1UyL1RFUVBLUW5kCms0Tkx5ak5lQTJuYkJWd0dWRThTc2s1WnMwaU5oTWRuSmtEdFhDOENnWUVBcG1iU0xZR0hnalYwZHBML1pobHUKa01xSzVkYkhkc2p2djFjY0x1cllCYkJ5ZVpHSnIrYTJTQmp0QXRSbmpiWDBRRDRWUFRFMzNDSWhwc0ZwRGJkMApHUDl1dGxXMmhuYWw0QzVUV0hhVDhMUDFuOUxRZlFTdklqOU1IRnlrNDJKU1JkWHZUMDU4bWlVSUhrazdXRDFqCk1heWhoMVRXQnVmUy9FelpYbzVIdjcwQ2dZRUF2WjFvU1pMTGJoRDRNQ3VoOFdUbkhESk9adXhVOGQ0Y3ZuUDkKT0MyRnhuVjVCMzRDY1RudnJkYlk0enUydThucVlTRVZFYUV4dVlFVlYxdnJOUkF5WFpSR2hqRmhGajFFTFNWTQprZ2V5cTR2ZlhCRnhnaHZFS2ZRSHl3alFiWjZqUEFUcTBqSFNJQlBmZGZkVk5pdlB2REFrNTFxRU9lbXpObG5OCmpQb2VpZThDZ1lCM1g4blp6S2NVaEErNmJBYTJwZGFqM1NISEN3c014Z25KNGhGS0hOSDd2WktXeHNQYkdRT1cKNnVyQllYQXUxdDdnTGY0dXJYVkNDTDYxbnlqdm5WbWgzOGxNSXlYVUZDbGdKbVdpMVBMQjFaRm9nZnVoZklhNAowcVRtbmdMMXBjalFYM1BJSEpncjVOcnA0R2tKUDdGWUtRa2l5czVGTVBySUpVaTBOSW96RHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: cluster-local-gateway-service-account | |
creationTimestamp: "2019-12-03T10:53:39Z" | |
name: istio.cluster-local-gateway-service-account | |
namespace: istio-system | |
resourceVersion: "43654" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.cluster-local-gateway-service-account | |
uid: 29fe6b7c-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJekNDQWd1Z0F3SUJBZ0lRSmpPNE5FWFRBMlJyRExYa21oOVAvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME5sb1hEVEl3TURNdwpNakV3TlRNME5sb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPNkFGWTQ0CjFOTnBrL0QrczVJVjdPNDczb0ZEUjEvWHJaUGJCNXpHV2F2NmdnWU40UC9McngycU83Q0hrem91ZTI5QUhPdjMKVkJZQmppVzFUVUo1ZXBZcHc3dlczMG93cngyR3grckFMZnJPZXFhcjh3Rm9YVFAza3FTeHhFQVZiZVJIcENNRwpkVUxnVUE5Zm94L21uQS9MTlE1Qk5uT1RCbUtLMTloY2Z2OHdYSWhPR0Y5M1duUDVId0svWDhtWTVUUnhBZk41CkJxRGhHZDljblZocFlrWEtLamZ3bkNSaldTRm8zS2grMkRjR0gxWHV4T3pqemJwZmtYQUJxTmFyUkNHeEJDOTEKbEp4QXp5UWs2YmdPRXZDRlBEemdvWmJ1TkM5WUxpUFRNS25icVIwN05vY05ic29qalEwZ25kZUJEL1B0SDVPdQpaODVLcGZiWDBaczNrTDhDQXdFQUFhT0JnREIrTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBL0JnTlZIUkVCQWY4RU5UQXoKaGpGemNHbG1abVU2THk5amJIVnpkR1Z5TG14dlkyRnNMMjV6TDJsemRHbHZMWE41YzNSbGJTOXpZUzlrWldaaApkV3gwTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCYlZMRlhaWGYwVGQvMjV4MmxYdmNka3MxK3FpWFBwcWhBCmZPVXpYZlNkZFg4cXhQZ01rMThURjAyS2tnajhiRjBmL3JRMFIwdTdsRzlOMURYUlVpWUhCZEFUeVNsTWpNZjgKU2x0YXdPNXJlMi9YazA1cWE2eVhXZTNyRTF4UnZtR1JOV1RQYmZsaDFiMkRYeXRuT1F5WVBvWDU1cHUyMi9VUApzdFFZK2t4MUZTaW5PSG5oVmc0eklVMXgyb0N2aERrZUNSMkRMVzJWeXhmeTh4MjRjTjBhYXBZV2tMM3NFc0plCjVBc0lyazBxUzV2bTlFWE55OFViVnczM2Y3cFE3NkNlOFVNYWkvNEYxNmhaOUgrRk80QXcrcTJGMTF6Wm9ocXUKa0FTYWhWeS8zN1NjeFVXS2d3SE1BSTIzeGZsUlRPdW1hR1d5NU5GRmljelp6dlEvOTBhYQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBN29BVmpqalUwMm1UOFA2emtoWHM3anZlZ1VOSFg5ZXRrOXNIbk1aWnEvcUNCZzNnCi84dXZIYW83c0llVE9pNTdiMEFjNi9kVUZnR09KYlZOUW5sNmxpbkR1OWJmU2pDdkhZYkg2c0F0K3M1NnBxdnoKQVdoZE0vZVNwTEhFUUJWdDVFZWtJd1oxUXVCUUQxK2pIK2FjRDhzMURrRTJjNU1HWW9yWDJGeCsvekJjaUU0WQpYM2RhYy9rZkFyOWZ5WmpsTkhFQjgza0dvT0VaMzF5ZFdHbGlSY29xTi9DY0pHTlpJV2pjcUg3WU53WWZWZTdFCjdPUE51bCtSY0FHbzFxdEVJYkVFTDNXVW5FRFBKQ1RwdUE0UzhJVThQT0NobHU0MEwxZ3VJOU13cWR1cEhUczIKaHcxdXlpT05EU0NkMTRFUDgrMGZrNjVuemtxbDl0ZlJtemVRdndJREFRQUJBb0lCQUUwbGsxTm80TGJ1RE5QRQpuN05lY2tCeGp6ekMxWUNVRkdxaVMra1RaQWcwUlFET1ZueUhsMEtDUVVLTjZEckd0Rmk5SlYzU3FCbGlNV2ZUCktJV2JJK01VNldLR1U3MzgxM2cyazg1RWtkcnlGVXg2akdWbEs5aldlVkhheXI5cjd4c0xiWFdDN2tWT3A3Y0IKV1pQRkZiQXFMQ1JMUmVER3F5Y1BBRmpWT3FNeWtwMlFuSHJrQ3hld3NmTXY0bXgwdVNnTG02dTdIQlhWUUg3awpLV1FTUlV6ZU9EM0dsMU9TUHg0ZzgwYkhBRU82NU5vN2tCREc1QXQwL2kxOGlSU3JBb1F2cW8veHlJWDIwQ2JPCjJxdXkvSjJuWXlxcldkcXN2d0laZ2hZeEN4ZngvTjdmaXpWZ0lic01yWEVGcmxNMEpUdHN1b09yOEhxcFhobjgKaysyM2Z5RUNnWUVBL3NPZ3plcCtrVE9SUFI3dUQzVUhiRHdUVktNdDNhYXJwS1c3WXlPTUN6UDAxdEx6Y2pXQgorcVpKOG13aTVxMk11REZFOU93ZlVzbmxuWjVvRG9KZjdKL1Y4L0J0STRXYktWM3ZJQmc2aFR1S09yM2hpUWRUCmZMbnVlT09NK3BBZkZDb3lvSVIranNSa1ZtMEFMSVVkMnF5a2VValdSeUUybUNVVXgxV2pBeEVDZ1lFQTc2aEMKWG5rU1JFd3V0Ly9pWk40WnV5K1hyb0ZOQW9vL2JjS3BLRzJCWFUreFRUWXNFTitWelF0dHV2eEsydnR5TEtVMQpNTW5TY1RuY3JhLzR3VlVhTUtzWDIzZHZuU0lCclh1OHNnSk1ibEJIUVpJa2o4TmtLVEZTYkZQVi9EaGZZWlJkClRHVTZNbFNmYVVhcWVzMkxueEhjSDNoNVlKQXJqb3V6VjZDYXRzOENnWUVBMVRkaTRKTnR4QlkxYXNMMUdHaW8KZ3JRd3RYZ3dUYjVORHVwSnp5b1Q3ZGhaQkdYZXEyb08wM2pTa0pwaUIwK2VZeFdSRWE2QWRLaFdqTGpqZTZrdgpvUGtRZGkxMUdmS2FybDlZWHpNSDN6TzZkM2t0UmFLbEE5RVV2WVlzR2hQK2ZzRG1TQ003VEQ4ZmZwbVJPTEZjCkVBVEhUbDVnUDMyVGxIZ01VTnZpSnhFQ2dZQVdvZEFxdGNwSTB0enltV0thM2ZLV0g4ZDJQbFcwY0xQT3ZMeFcKeWdpV2RFa3RIbm1JMm1SK0taOGlNbU1yVE9XYVc3dXJNTlFEeDFBVXd2Sjk1M2lDc2hXZHJ5akdNUWp4aGlicQp0SmJkTUEyYW5wOS9TQmQwWUdrRk8rR1FZUTU0MjViMytQTkcvNERTWTA4RUs5Y01uWllwRHFwL3VQMjBCM05YClNoNXlOd0tCZ1FDR1ZFbWdVWDRXYm5nSjZWYXVtazNMSTJiL2Q5dHdIeTFtWEdQSXVNMFg0TzJDb1N6Y3BoUHYKMmUyUjU0SUZjMEVhcDMvRnAwc3licVNmZHJhRkRzNXNLeWpod0tIb2ZYWjE0L0RldFZuc1NGM3hFYmI5VStVOApTVFdWK3hiekZzRnVveHN0bE1DNFdKWExZWE1KZmlFdDhuc21BNk1XeWNGTk9wSHYvNEk2UHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: default | |
creationTimestamp: "2019-12-03T10:53:46Z" | |
name: istio.default | |
namespace: istio-system | |
resourceVersion: "43685" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.default | |
uid: 2e0f7974-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPakNDQWlLZ0F3SUJBZ0lRVlUrU3ovV1c2N1dZY0RxUlUyUlA2VEFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME1Gb1hEVEl3TURNdwpNakV3TlRNME1Gb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOeDNTcFVWCmlWcjl1OFRnN2hHUFAzenM1aVdyZ1QrV0lXdW5JVHJ0dkloOWdENmtISjQ3MW9EbGd2YjRMaVhHQzRvNGFQbjQKb3lJYlNWWit2Szl1Ujd0RFZta3ltKzVWZFdCREUrdmRFYmFhd2VuTCt5cERDRGM5ZTE4ZnpreksydCtjdU11QwpXWjhGWGdwYVVObDlSbTV2L0ZaMU9wVmlsWTZGNzJ1Vkc4aW9mRTZ4dEd3bVZKa2ZwUkhQSjF3R3dVRlR3dE1mCmJSYjF3NzlmenluMk04b1RtejRuQ2NYYnFmSGFPeWEyY0d2WWtOQTU3L3JWTU5sTGZuOUhhQzRiUGlRYTJYRHQKT1ZBSmRLR0lzY1R4dGRtWnJqV1RvUWVaUTI4SnZaUjVjUk1Rbjl5TVVFNkpoWEJ4MUpIQUQrRWFPVEI3STFLOApXWXlZZFlqL0NlNmZ1ZGtDQXdFQUFhT0JsekNCbERBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1ZRWURWUjBSQVFIL0JFc3cKU1laSGMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2YVhOMAphVzh0WTJsMFlXUmxiQzF6WlhKMmFXTmxMV0ZqWTI5MWJuUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSkNsClpTZ3RkM2pGYUphK0E5RDFQSjM3Tzk5UHE5VkpDMWNLdHROa0xsR3VoMm9CMzNvZUNxWU9JUjJWZDNPMGloWngKUnMzY3FjclpxcDA3MG5XR3o5N3RiOGJ3bDkzN011b3FheXV2MTExb3luT0pWR3BxSDZHamZMQVJUcmlDWGJLMAp5UVJXcWxJL0tNSnRGcmhDNnFRS1NiTHp6ZGo3bVBqUWFxa0U1NVcybWtHN0pHaW5kYUlaL3FGMytHZ1g2WFVtCnlMNGwwM3dOcElWK0t4WE5uNFV3WFFkRGxYM2g0bTEzcW45TSs3dm1pOWlaZjlmd0pxS3lWL0M4WUxZQkNFbVIKWm5ZdVhsM2xRenpFQUNMNjNsMU9oM3A3aVNRcjhaNy9GYXBoSG51c0dOZ0pXbzkyUWFSd1RMNS9jd2Jyd2ZReQpPL25XeHdTQ2lGL0E3SGNqemQ4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBM0hkS2xSV0pXdjI3eE9EdUVZOC9mT3ptSmF1QlA1WWhhNmNoT3UyOGlIMkFQcVFjCm5qdldnT1dDOXZndUpjWUxpamhvK2ZpaklodEpWbjY4cjI1SHUwTldhVEtiN2xWMVlFTVQ2OTBSdHByQjZjdjcKS2tNSU56MTdYeC9PVE1yYTM1eTR5NEpabndWZUNscFEyWDFHYm0vOFZuVTZsV0tWam9YdmE1VWJ5S2g4VHJHMApiQ1pVbVIrbEVjOG5YQWJCUVZQQzB4OXRGdlhEdjEvUEtmWXp5aE9iUGljSnhkdXA4ZG83SnJad2E5aVEwRG52Cit0VXcyVXQrZjBkb0xocytKQnJaY08wNVVBbDBvWWl4eFBHMTJabXVOWk9oQjVsRGJ3bTlsSGx4RXhDZjNJeFEKVG9tRmNISFVrY0FQNFJvNU1Ic2pVcnhaakpoMWlQOEo3cCs1MlFJREFRQUJBb0lCQURKclpiY3FzYnNKaEVQRwpYU3ZPNHVvakU0OVI1Y0V4Q0h1aVFVdEV5M1U3bm5TMCs0YUVrTTN4cnoza0RFbS9QU3hqTWo3WXloWW12MkwwCm9ScE4wa0hWYUpHdWJWTFlZSHVmVzVMNWYrK08vUUlIRUczZDNxY2pmRytJeXBsdFd4a0FzcEo0UVI3SkQzUzIKcXY3U1U2VTJIek4ybytzK0hJMzN1NFdUR0VPUE9BLy9pcE4vSTdINDErQWwzdllvTFB0OHNqZ3UrRXd6OURnMAp2cUZFME9MTnpCSE5teVo4QU9YcGlndEJDUU9uVDZRbTgvQVFzSFV2OS9HZGk0TUNYaXVUQnhWV3FOLzlJNTNlCjR6THFNc2JNM3lPWnVIVmN6VUdoeU83T3JjRUsrbnJBdnZoSUU3QVlKL3FRWFNvemc4M2thL3d2LzdlK2xlaW0KTGJSMlVnRUNnWUVBNlVBTGRkTHVzMWxuK3dSUm5BT21Wbjc4TCtjdTA0Q0lMeFU0OGxhdmR2SzV0QUpmM2JJQgpVMGh0QkpROG5ZY0FjTlhNSEc2d29xVWM0OEM4Yzk4WjNUWG1TdkQySXFjNnV3SGIwWjFwOEc4S1FNQnJkMktUCnd5dzJUMVlrYVY5ZGxFS3NMZndiTVljeTV6R0N6VzlBeW95YkhTRXpXVzFMcmRoRXltcFJpdkVDZ1lFQThmZ0sKczROQndWZEhjdmdCOTF4YW45bS9aS2N3TXVvdmlhbUZPL1puSjByV012QzdpcEI4UlVhR0pyVkVaRmFYKzdWeQp6L0Z6M2h1VVAwMm1pWEhSTVNRRnBJKzN0NExKVlo1RUh1a3lpNnJzeWlsZnRQZXJOQzJHcVhmTUNVY3hUN0FYCjJ0Y2dsQ0ZYSEp1YXk4dUxLNFpKd09lL2wwRGY2bnFkbE00WGpXa0NnWUFBckRPY1FtQjMyZkVuMHlwZEZkR2IKL0QvRDc1bTkrR2ZzSXRhSU5HSExLUVlLRTl1czZ2OS8rdng5ZitQdzNGdk85MzdnTWgyR1NvMmJ4b21FbUFjZQpFVEs1MHBvVEhZSlkyYmVGa2p1ayt0ei90TTVhaU1rK1RkbFdQenhacFhIQ3BMS1VhMTYwdE53YnVKUFUvZFlrCi8yVFBIN0pqTnFKNlBONXQ2d0tUTVFLQmdRRExSTE5Bc0lBNXVtZGtWcUhZT2paTFdQSW16U2g1YlRBNE5qZWQKOHRZZk5RZ1NUUmRQUlNlUVRybDlwUU5xUXpCMEhLN3hyd1hHVFdiUmN4cjNGYTFGMmR2L3JWZ0ppbzQySmJsVwpPbExpNzlqeHo2WDk4WjFhUFBDR1J3UVp1enZhbExURmU3bDdsektGN3RZd1k3SnJBdW5NYXlNUkhrZTh3L3JECk9ncWhHUUtCZ1FDOGkyT0ZXYTJxendYSEk5Q1IvUzg2MGdHSzNmOFE0MENDeFVXSGtZNDU0cXhta2hCSlJnaFgKTm53ZlRQbG1EaStrZ1VGeEpzVDVWOEx4czlxT3A3WHR3Nk9hUWJmRlBXSjRVa29GM0VlYmNKTytFcTFmT1pHVQpNNHh4TTlzMXJPd2JWZldvNzRZL2p5b2VpczI5K2gwdDdpT3dNaS9oSzNmcENzYnJTS2haTEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-citadel-service-account | |
creationTimestamp: "2019-12-03T10:53:40Z" | |
name: istio.istio-citadel-service-account | |
namespace: istio-system | |
resourceVersion: "43659" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-citadel-service-account | |
uid: 2a4ca5ed-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURkakNDQWw2Z0F3SUJBZ0lRSUlldzQ1elZuOER0ZHVuZUtKc1JBekFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME5Wb1hEVEl3TURNdwpNakV3TlRNME5Wb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNQmN6cHliCjZvZGFHSllDQW9vejlETUk1L1NVNDhSUFRHQUxEZkdtL0ZxeWVjd0FFaGkwSFhrSUFTSXRvOTJLTWVlT0s0RUsKR1BVRENyR1JQeHRaYXJCdjZoZDg2QzQzOEkxeWdSSFlSaEhBbnBIelpIcVQrOE0zSlVtY1d4M3lCVElGWXVJagpVSFpuUXdMRnY1dXNqWlphWjN4Q3h4MnVYcmt5Q3FKSVgzb25uWXE2dk9zZ1Z4OWNTRWMzaVlNMUFoWFlBVHFKCkVMVE1NM21rVDFxZnptYjV2NE55V05WdStuWHBjWVNsS090TmdEeWJKVlNpV1pnSTBqK0c0aTJYUDR2d1RDSXEKdG8wVTFQaEpWMC9ldHorU1JOeTRyRTI1ZWRQZlV4T3Rwd3htMklGVjBHRWVmK04xemlsR05FMS9FRXpoVng0ZAplZFBKejVBbExZMDdaNzBDQXdFQUFhT0IwekNCMERBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd2daQUdBMVVkRVFFQi93U0IKaFRDQmdvWkdjM0JwWm1abE9pOHZZMngxYzNSbGNpNXNiMk5oYkM5dWN5OXBjM1JwYnkxemVYTjBaVzB2YzJFdgphWE4wYVc4dFoyRnNiR1Y1TFhObGNuWnBZMlV0WVdOamIzVnVkSUlkYVhOMGFXOHRaMkZzYkdWNUxtbHpkR2x2CkxYTjVjM1JsYlM1emRtT0NHV2x6ZEdsdkxXZGhiR3hsZVM1cGMzUnBieTF6ZVhOMFpXMHdEUVlKS29aSWh2Y04KQVFFTEJRQURnZ0VCQURENUxmeUtXZXEyU3J3YTl2SnVjQzhRdUNwRmsxeDNpTHRuL0FuMEZtTjliSWxBOGRvdwpVM29HekdRdFRyeEUzSDRhYjJWRFZKMitMYjRoY3VKUkY2RUEzbVczM2I5L2JYdHB3NzQ1aXZkNmd0VEdqTzlJCjI3TmxLYmhKMzNjMyt3eE5Wd0dHNVJmdXBVd0ZmeW44V0tMWkFsbmVoaTlibVd2c3FzK1QvaFpaL0dmTjc5dlIKamc3ellRMWRuMXJQY3p1eC85KzRFcGFYNEtWdnZqWHlVYzNDaEtXL2lLcUYrMWNma2FuU1BuY2FoNjlrR1JoYwpKOHZSN0NzQjBBNXNIL1MySmJ5cWQ5UjFyb3hIektDcG5VSmFQTE9ZNkkzRHh1TjN1eHltVURTVEZNWnVzNlJXCmJFaXZkYmxiSkdqb1AwZnBNdC9wMHF3K2hUeFlaWHZ4S3hNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd0Z6T25KdnFoMW9ZbGdJQ2lqUDBNd2puOUpUanhFOU1ZQXNOOGFiOFdySjV6QUFTCkdMUWRlUWdCSWkyajNZb3g1NDRyZ1FvWTlRTUtzWkUvRzFscXNHL3FGM3pvTGpmd2pYS0JFZGhHRWNDZWtmTmsKZXBQN3d6Y2xTWnhiSGZJRk1nVmk0aU5RZG1kREFzVy9tNnlObGxwbmZFTEhIYTVldVRJS29raGZlaWVkaXJxOAo2eUJYSDF4SVJ6ZUpnelVDRmRnQk9va1F0TXd6ZWFSUFdwL09adm0vZzNKWTFXNzZkZWx4aEtVbzYwMkFQSnNsClZLSlptQWpTUDRiaUxaYy9pL0JNSWlxMmpSVFUrRWxYVDk2M1A1SkUzTGlzVGJsNTA5OVRFNjJuREdiWWdWWFEKWVI1LzQzWE9LVVkwVFg4UVRPRlhIaDE1MDhuUGtDVXRqVHRudlFJREFRQUJBb0lCQVFDSjc0S3dSaFZNYlV5SAo5SFVCeVBOb3pSQVhEOVNyWmZsc1BVRUljU2N2bWg5QUt5VE8xZ2owU3NzVlNRamh5VUN6dS94eUVWMklBMkJkCnA3dEt6emx6dnl4ckgwUVdNRUtzQ3RtR2hFRHFaZWJPM1dyRmd1dmJOZVhrL050Umc4UTU5Q2JONVdqREhwU3MKbmtRaFN3QlVPZ3RPelV1ZWV2U3RjN2F3VzVrcks1SUpDQ24wYS9kaWtZZ3BZUEFoNlF6ck9yazBZaWNDU3Y0SQoybHRuS2xLOWFEREZpalpFcUxkODAzM3UwSjdwVm1DVmkxdHlIUWFxZitsN0cveDlLSEx2eFU1cHJlcTdrSVNFCmYrbHI5MEpxamhVQXFyckRjS1BqMGw0MSsyamZrMmZ4Qll6RVlhTHJRNi9EdUlxb1BNdDlhekVWZGFXK29KZG8KWHhTNWI3STVBb0dCQU04ckRYZ2MxODE0SVI4Z1NWdmVLVjJINVNydnliOUcwdWVycFp1MTJZRFBYcmp1eFYwSgpGQmVUZEZnV3I3VW1reEdxRmVWYjFXeUl5S0ZObmRmMXA5UXI1dVZUSHlSMXNZQm1iTTJVZ3Axa1pFRG5reTBqCkIwSHNyWGt6S0RqSEkydUJ6VjZEQSsyc0R3QUdLem45OFl1anR6Rlhpc2puVy80b0dibzF1Z2lQQW9HQkFPMjAKV2d3ZHFqRFN4Z0MwY0l6MTVCRk9rd05ielREVVRMcHh2cWpUMTdFcHhKYlZCdlNpcitqOUFOTGNZemlONkkvVApCN2tkeVZaWi9NTVlqc3g3TEpLVng4MC95UElKSHFCQWVUS2dmL2NjN2F3RkdTVVl5YnZEUzFXV2czUS9IZmlyCmV4UG96N2NpZXRpdnpVWEQ3T1VEM0tOQ3hhbUx6MnBRQjR0TzJqanpBb0dCQUsvQnBydXdQS1ZrdFRUaS8xbWgKTVJiWW8rTzVheitMcG9KRmJVcWRETm5yRkVGdzBLQU5nNjQ4dXdmQXQzRElPUjFUWHlBbXVQcExVV3NIbmxJSgpaMGpwdGduNGF3TlRsak9Jc2VYM2lKaGZBMjdOQ0YvU3grVjJGZll0SUlLSzc5SFZYWlpCTUtRQ3hQY1FSTHYrClpWNUNscmlWdkhpVlQ4WmYzdlBMZ1BpaEFvR0FFY3BpeHU5ZGNvUUQ3NytSZ090U1kzMDNBWlJZV2lRNWplYS8KZDFGTG5tWGE0ZE1Wenk5eDdRVXFqNTJSQzRXTGQyQTYvcjdjOThxS1lXdXdIRnZIclR6cWxGRUcwQjZnblN2VwpKbFRlM3ZiYVR2cWV0Q2tUeUNySXM2SXRPb0VTMUM2NWFuY05QTTZtMVJyclNTSnQwNElqZkZDZURKOTdLYUROCnY3NXFGTU1DZ1lCaTN4ZS9tekM1MWpRVXR1enp4N2c0cG1kVzkwOHZuekhKcWp5a3E0L3JxbjNMU1ltNUtScmIKK2RUei9kNlB3NThjREtON245VlhpOGtidUs1alRkSWhPWjBxK3VRZTZ6R1UxMnJWaDNTa05kdzBjL2xTZ1FaUAprMnZnL0hJVllaR1dhK0RYQ1YrSjd3MzI0RnlhMzd4TUVHSHI0QUthRXNVTXZTaVVTRi9zUkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-galley-service-account | |
creationTimestamp: "2019-12-03T10:53:45Z" | |
name: istio.istio-galley-service-account | |
namespace: istio-system | |
resourceVersion: "43678" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-galley-service-account | |
uid: 2d5020a7-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRakNDQWlxZ0F3SUJBZ0lSQUxtV0NBT2J3alFRbm8zMmJjUmFDdVV3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5EWmFGdzB5TURBegpNREl4TURVek5EWmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFhWQ09CCmRpaGNEYUhxcGRhUVRuc0hISnJqZFR4U1FiMUZQNndqenNuTGYxdk9nbmE2OWlTU1graThMcEhMS05rbGgxUkkKbTltUnkrRFBsK1BVdmpUMHNiU0ZkQ0hSTGZWZE4xOXVxVU1HL09NU2FzUUhGRUM5NEo0TjYxMEFlUGt6N09xdAphSlRRekMrb1R3bVNJd3EvNlZOSDM3Sk04bnBJZG9SVTdkN011dEVxSkJRMDJRSnp6TjhBejZiTi84WHhvY1lNCkpmTTQ2OW9BOXp6eEFGOG5pN2YrUEF5SmhNRDQ3RmJNd2I0SmFFeVpIUnlvVUY0bDZDc1hOWkR6VTlESFJBbXAKc3ZDbWJZZkk2MXg0L1N5NVJpUEtsY0hZd3BHRFY2eEhnZzZwM0xRaVNvQ3ViVTFHYjFPOTQzMFVWYXkxUWlTdwpORkd2NEZodUtpVHU5ZTl6QWdNQkFBR2pnWjR3Z1pzd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1Gd0dBMVVkRVFFQi93UlMKTUZDR1RuTndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFdsdVozSmxjM05uWVhSbGQyRjVMWE5sY25acFkyVXRZV05qYjNWdWREQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBTkpIQklPNkZ0TlA5L0p1VWUwM2VYZnFkTkxEY1pORm5mUTFLZWpQQXo5cm83QUI4NjI5YmZqYmwKY3JmdVk5NzFBSmsrQ1pxSXhvRytIUThWc2J3ZWJvYllmZzVlV2NmMnE2WWZycTdoMWhWeHFXWDBJYzBXRS9VMwp3Q1plYU9VOW5OekFXdXFQWDRUWVJoUDVDSmxzU2V0S2VvSUx6czRxSHVYQm9laC8yZ25DSnVZVThQZkNqMHorCmJ2cDRRTTJuV3VYTCtEenVzWnFtTGY4L0pxenhyWno2UDc3ZzVyWFBPenlZWHF5akRZWFBISnlZeXd6U3NoeVEKVzBQQk14TFJGSFJSdUthN0hpcnZFaDNySVJFenlZT0hyWFJYQXpuWnhlWlJLeUY2MzlsbUdFSU14NWt6Wi8wdQo2dFRqZlRvRW03T2w5MUpxcEZrNnhLZlJvY1RvcGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMTFRamdYWW9YQTJoNnFYV2tFNTdCeHlhNDNVOFVrRzlSVCtzSTg3SnkzOWJ6b0oyCnV2WWtrbC9vdkM2Unl5alpKWWRVU0p2Wmtjdmd6NWZqMUw0MDlMRzBoWFFoMFMzMVhUZGZicWxEQnZ6akVtckUKQnhSQXZlQ2VEZXRkQUhqNU0renFyV2lVME13dnFFOEpraU1LditsVFI5K3lUUEo2U0hhRVZPM2V6THJSS2lRVQpOTmtDYzh6ZkFNK216Zi9GOGFIR0RDWHpPT3ZhQVBjODhRQmZKNHUzL2p3TWlZVEErT3hXek1HK0NXaE1tUjBjCnFGQmVKZWdyRnpXUTgxUFF4MFFKcWJMd3BtMkh5T3RjZVAwc3VVWWp5cFhCMk1LUmcxZXNSNElPcWR5MElrcUEKcm0xTlJtOVR2ZU45RkZXc3RVSWtzRFJScitCWWJpb2s3dlh2Y3dJREFRQUJBb0lCQVFEUGJVSDJ5SGdBbFRGUQo5UWhJWXhHb3ZDbUl5N3FjRXEvZE1ZVUZ5WUlqQWtEU0ltTjFuditEOGRna3owZXF5V0xGQUNSMC9ZME5JYlVpCnhWSzM4YkxadFFZTk9ONEt2NWNKZ1BueGhDUUphenJpMXU2WFV5ODZ1bElIWHA5c2dSeXVwSjg5Qk8yMlpidlQKQ3JCUmttZ2Nqd3VteFJyaGZRUEhJa1EvL0JVUWFYR1Z1M2VxcDQ5VVZyY2o1RU5TTFJqUGVVWnpkQ0pTTEliaApRdmt3NHlNUFFIYS9pZlROb1JUY2ZuOWR2MDFzL1l2TFNLU0ZzNWlyWkhGcHFRZkZHWEhEWjZaeGVNVkF5NmxtCmVXaXJHdWovTFc4TnlNcTJ6ZG83VmhhZ0U3VGJDdlpVT3FnMlFhbWJwbGNuakdSbmZhd2pnUjJIME9EZDRsdnAKVG82Q0tBMGhBb0dCQVBZQ0k2UkZ3VmJxdWZoWHFyenBIWVRpL0JTOG9iekxML2F5S0RldzdPNUhyaE50b3lrSwpXZEpGMzNZR1FOU1BKZWU4WkhMMEREdEVyOUtNR3pWMDkxOFJ2ZmYyQVlUZjRURUZxV0tyTzZEZWtkN1lkRHFUCm5hbDFNYlVpeTVUSERpTm5xdUJlVmY3c3k0dHlBdlY0U2ZpeStSMHdNcGNGNHpPMjZQZCtuTk1uQW9HQkFPQVQKQWorS2lCMTdNb3hlcGZKaUtrNnlKd1hnN3pGQzV0Rmt5Nk1GeTlSMG10K09rUjR1clM5Y3NwMUlkcVhyajJNWApRZXJOT20xVlpqcWI1WjdVa0wzMHJiZ3lETWJ4RnVuZWkyZzZNRGIveGZDblc0TklHQW94aWZ4d1JiSGR2enRkCjB6UTRIRHpMZU1tL24rejhKQVMyL0sxNXIvcElwK1p1dFhXVkc4RFZBb0dBZG9VMVVyRmdvbFZYMzNPdENISnYKREZTbkNmNlBGWHYyMGEybmZwMDRxTnZUMi94WVBTK0ZjcTdES0FOL1BHank1Q0I1YklCelhDS05hcXloZHpHdwo5QmFDSlhKWjdRQkhaK3pJWEljT3BVUlZscjFGMGVySWJKblBwdXJxbGZVSXRMbi9NelYvek4rY2VNUW05TWhOCkt3cGV4bGN3S0Y1bnhjUjduTEZkTU1VQ2dZQlNXQ24zVjkxMW1CU1hhU0RxMWhCZUl6SWNBdkZqMVFZbDVUakEKakJ5LzBxb25oYWptd3BoNlUwS0FjbVRIeksxQTZRY2NWcGNtSHNBV3didThocms2VlhTUndETFoyVGRtY3BZZwprMkdzbElvVlNpdGpMMWRHUjdaQndyQ2FFTGQ2Qlp6Y0Q5S3d0TVdLdnBUeTdpWCtaWkN0MzQ1QUYvczd2MnVICjdtZm9rUUtCZ1FEVUVXZkJRWmNydThvU2FnVEpTUEpLazZuZ0NyN0tjMDJXalNRMkVRSU1PZ3NNWlBQNnZ5TTgKbllSbktkV2tnZk1mSHViRThJeUNtaWxWS01jck03RWUzQlpTeHRwdDdaRjVOQU9pSFJ5UDQrUTVEM0k2aktIUwpOamhvQWJURUk1MDk3c3BIQ1RaMmJiM3hUSjNTNjMzNjV6engzcGhEN1kvdXU1RUlQVVZCUWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-ingressgateway-service-account | |
creationTimestamp: "2019-12-03T10:53:46Z" | |
name: istio.istio-ingressgateway-service-account | |
namespace: istio-system | |
resourceVersion: "43686" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-ingressgateway-service-account | |
uid: 2e2aaed3-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPRENDQWlDZ0F3SUJBZ0lSQUlSWFk0M205V2duejAvMFlpVzJZaUF3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5EUmFGdzB5TURBegpNREl4TURVek5EUmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzNoNkQyClJTNG1ZbEFFKzMxeE8xTkFCQVFvVnlSTW5TbnhXcEVqSFU0Wll5cVR0OU9tSWZVUm14cE5HemlUVFI2QVhUVWUKcVRTRjVSamF5YmFmOXNhQklad05MOCsxSEZVMGhmcTJ6eHgrUC9jNWI2MGxmVW5qdTE4emt3MzIvTVIzRytkTwpHNmd4YW5HNG93blJVbGhmVDJLWTFuOUdnT0NQcFNDUWZJLzAvSnhWTUx5S2VIbnMyVVRQd29aQ1I2YmRGcGlvCllMaXF0QzdHcndnMzFtSDRhVFRYMGFCWG80TmpZZ0lreGhLWTZxSXU5cko1UFNRRDZWM0RZZnJpRy8vaktxUGcKaXV0TGF3TmU1S2pRRmwzenRCTUNqT0trYTREU2ppV2xxNFVtME5uejdTRndrMWpRYjdMeWo4V1ZxME5HRzlDZgphMk52dkJMZ29vdGNrN3FaQWdNQkFBR2pnWlF3Z1pFd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1GSUdBMVVkRVFFQi93UkkKTUVhR1JITndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFdsdWFYUXRjMlZ5ZG1salpTMWhZMk52ZFc1ME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVJSSC8vCnphNFViTktob054cUd2QU9vdGZGbUo2TFFOcEkySVJTelhxY0Jvc052ODRySDBXV0MzMVd0TmFmZ0hvMTFIOEoKMnJXQStMcjNqSmNjd3hvR1V2L00wQjd3bnJWNHJTY1RGTE1NUGw3dkxzRGxyUzhGWjU5RmNzZERYMkN1YXhNOAo1RjRDWlBORGJFTnNPQll5WkFYVlNDdGRaQS9aZFMyMi9rakthREt5Z1pHdlBVWHMzOTdoSXQ2UjFkWHZpU0w0Ck9ZcGxnVUtGV04zY0FlUEcvM21qK0V3SkY5MklaQjlxT1FKN0pLbXpTbEJsYmtxUDA2T1JXMVBRN3VkaG1rWlUKbWZ0SXRmTFNGVEZxSldreENaVTFGRXNCL2tGOHRhL2dRL1NHVE5IbExER1BlS3dhZlBYQWJuVGluLytETFRTdwprS2dBQjVGU2JEQnd2U0NDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdDRlZzlrVXVKbUpRQlB0OWNUdFRRQVFFS0Zja1RKMHA4VnFSSXgxT0dXTXFrN2ZUCnBpSDFFWnNhVFJzNGswMGVnRjAxSHFrMGhlVVkyc20ybi9iR2dTR2NEUy9QdFJ4Vk5JWDZ0czhjZmovM09XK3QKSlgxSjQ3dGZNNU1OOXZ6RWR4dm5UaHVvTVdweHVLTUowVkpZWDA5aW1OWi9Sb0RnajZVZ2tIeVA5UHljVlRDOAppbmg1N05sRXo4S0dRa2VtM1JhWXFHQzRxclF1eHE4SU45WmgrR2swMTlHZ1Y2T0RZMklDSk1ZU21PcWlMdmF5CmVUMGtBK2xkdzJINjRodi80eXFqNElyclMyc0RYdVNvMEJaZDg3UVRBb3ppcEd1QTBvNGxwYXVGSnREWjgrMGgKY0pOWTBHK3k4by9GbGF0RFJodlFuMnRqYjd3UzRLS0xYSk82bVFJREFRQUJBb0lCQVFDUTZCeVY5YjlmZlNaVApHTUpOd2hxVUk5ZW9oazFaMUltR1VBemlYY1FKVlh3TGtBd2pVeEp0YVRwV0FSVWxjTEdSaG9abmhBKzlYRXJJCmpKV09MY2xEc2ViRm5xZHdCMFBiS2FIdjd3MC9QWUFVc0hGVWRWeisyelZxd2tRM2JCSXZQUy9mUXdVRXAxZk4KQWFYQnlUT1BaVjJpOFZFaXVLVVZwYnBWZXBRclNHWktXTDN4SkRxL1dzWlluZThlVTFZd3BvdzFHOTY5bUs3YgpKSldpVFl5WEVhRUx4bDBCblMxV3FxYy9WdERDbW4yb24xQ3plZndBZkxLWCtVays3bnRLU3Mya2VKanViR2pRCnhyaUQ4NjFHenhOanVDZHVZdG9FbU93eER1SitSVEh5U2xMQVlHdHZxZXd6Qk5IbmI1MUtRNWV2S3JFUHV6K2YKNGxHY0RoRFJBb0dCQU56S0hrY2VqaWRXUm5uejBaUzZ5eW8xVEFBT0k2bDZNOHQ2S1BxMTRGVmE5TUVTek1jKwptVXJ1ZTNJT2ZqejRIbjhoUkM5ajZXMGtOZHQ2eHhvUW1tdkU0SjhOY1ZabjFxOFk4TE9RNVdpc25PdXNIWGlFCitwNS9BRjdadTdqd0FqckRialpzWW5VUHFaV0VPR1NFMEcycWFwbnhsNlR6MFlmUlF4U3pjQml0QW9HQkFOVE0KVzJWV25Ib1BZb05JdU13bFYvdWhBVVBQMEJjTEpGNi9qQXpQaGt0ZE1WMmlHb0l4WjVlRlFHcTBlZk5WdGQ0ZgpKdEtHRkJIR0hYU3MxQ21PMmg2NEYyMTlOOGg1aXB0Qy9lYVVZT1dOZXJ1U0gwV1pVVFdRS0xRWFFTMit3YTJ6CjJLU0xBOVhPV2tEMzBWNzZEMU8zWnlIbGZONGhUSmtCaFVpUng0c2RBb0dBVkdiYmpqcHJBelNpK21tdmU1aXcKbzdEK0hhTktGTGFIYUVpSnM5V2xMVnY0NW5ubVdHQmd2MWxOVFh1bTNHM0pVcllIMThuczZQRUh1YUJFem56OApXeWhHNmVaOHBoaEo1R08zV0IyUzVTSGZWdVJUMjhlUit0YjM4RXB4emEvS1dtWnRFbGI2aUY5MVo1ZkU2d0F1Cm9VMmROTDQ3Unk2QnNkYllPdWloZUgwQ2dZQSswcVlZNE4wSlhBbGxZTTdOMWlpSGJSMEdmQStlL2ZjYTBjbnkKN2tGamRudmdmTDcrdUw4d2lISmdEakFDbXNjNmNFL3h6d3VWdzd0bWVxK1lKVWhYMFZsNVJZSjJlUXRta3Z5SwpXanZSQ1ZlMmtJa1M3eFIrajdTMGxqanozR0VwZXZMMmdPUDg5eExHSTJONGVyS1RzSTJPQUVaQS9ldXpNRE85CkhPeWdNUUtCZ0JhVG02RXBVdU1UT255dmRlS3BrVFVTSUwvbWlFSnNZcyt0clQxMXZNZDZFMk42TlRSQXU5SnYKN0FQSFJQL0NpNUpXTTU3YnRRWURWREZsYzY2UzhnNVhBRDAxYVduYmNZYzQ3bm13bWxwZGlDQlZVRXlPbzVidwpyYzJnSHFheVZpaWFsbGFTT1FkRE53U3RNSEJPd1RndDNEV2hJeXVSdmQvSXdmaVE5UXBlCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-init-service-account | |
creationTimestamp: "2019-12-03T10:53:44Z" | |
name: istio.istio-init-service-account | |
namespace: istio-system | |
resourceVersion: "43675" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-init-service-account | |
uid: 2cc9c7d6-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPRENDQWlDZ0F3SUJBZ0lRZlhRMWFCRTFoSzF5MGkyU3ZyZjRWREFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME1sb1hEVEl3TURNdwpNakV3TlRNME1sb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKdnhEOS9HCm44bmZjRnN5Z3BtbXBRSFFPWUNKRy9KcmJ4cEhPWUVyQWN4dzlhYnZtTGtBK2dtdFVNdURrZnZqQUN2aHdyTmUKZWd5QnQ0bEpxUEFjUTBvb1JrWU1vb2tZMHU4R29KQjlpUE85U3VDQThINnR5c1JIWE0zV0RHQ3FBRkRJVjhWQgp5eW9qdkpEelA0ejNpK3BTRlpUK203QmNaai82TnZLSHpvZlpRR0hHcGl6TFpnVHg1MjNMRFZzR3Q1aFAycnZECldNYktrbSs3Y0ZsVHZjeG9RdUlLeUMvL0o1bkxuNm1tRERDSHpibm5kWDNWWmplbUFGYVVpMTZsQ0JvTE9hRFcKTGx4ZGNqNlR0MzNnOGpBVXZTMGwyOEFOTkEwMFBDOTBxZHFzcFZOanZSS1g5dndNNmlybjM0RFhWQkl3NUwwegpOb2owOW54a3NRUTZOMmtDQXdFQUFhT0JsVENCa2pBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1V3WURWUjBSQVFIL0JFa3cKUjRaRmMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2YVhOMAphVzh0YldsNFpYSXRjMlZ5ZG1salpTMWhZMk52ZFc1ME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVhSNFhhCkRkK3lsS3NkNENKRm14dys5TGlZdmh2bER1WVUxeUVBUFJNRU5KMFhXbnJRcWtqY1Bsd2pLSXlVeWtxVmgvdEUKenJCdkNDU1YxTXArZ1FCbFFBR056RmswblNhZVQ1L2JUR3JiZXcrK2lsY1cwbXR3ZXRWUStqVVRzU2I1RTFTNQo3RklncjNsOUcwV2dSK1R0b0hNcENYK3JWTkN3NUVtSHhvUGUwVDBpT0E5eXFVdmZtSmx0WmhzWXV6djNCQWJrCmZtaEM4d1lxRUJXb1VFUTloeDRleUVuUXl1bWNUN2pGd1UwNUdxcURaWmlaazVBV3dYbko0R1JvTkhUYlRSOWgKRVRBWDExbFpsVFVxUGROSVRDTTVORmpZa3hKQllobThBZGZVdkJyWHhRbFVKb3FWTXBiY0k1MzNCaUtrSU0vaQpKSzZJbXFEVDluYStJK2FiCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbS9FUDM4YWZ5ZDl3V3pLQ21hYWxBZEE1Z0lrYjhtdHZHa2M1Z1NzQnpIRDFwdStZCnVRRDZDYTFReTRPUisrTUFLK0hDczE1NkRJRzNpVW1vOEJ4RFNpaEdSZ3lpaVJqUzd3YWdrSDJJODcxSzRJRHcKZnEzS3hFZGN6ZFlNWUtvQVVNaFh4VUhMS2lPOGtQTS9qUGVMNmxJVmxQNmJzRnhtUC9vMjhvZk9oOWxBWWNhbQpMTXRtQlBIbmJjc05Xd2EzbUUvYXU4Tll4c3FTYjd0d1dWTzl6R2hDNGdySUwvOG5tY3VmcWFZTU1JZk51ZWQxCmZkVm1ONllBVnBTTFhxVUlHZ3M1b05ZdVhGMXlQcE8zZmVEeU1CUzlMU1hid0EwMERUUThMM1NwMnF5bFUyTzkKRXBmMi9BenFLdWZmZ05kVUVqRGt2VE0yaVBUMmZHU3hCRG8zYVFJREFRQUJBb0lCQUhpNTByRkt3MC8xSkxYbAp6OGdHaEg1MzV0eUV5VmNQSjI5dnJxdzZVR1VuR25jSHpQT0ZOdzRnMklrR0xoR1V0d0JDQW9yODNINHNPcHdWCm82MW9KQXdZUy9kVk5zdnVwUGFaNmRxUzVXRFZyazlLWTJXZlJIaGFTeFdyM2Q5RUhZUnM1YzUzMWtLa2NnckIKMXZSYWZUNkdGK0ZHajkra1dTQzBwSzkweGtiU2pCcXk2UTNUVnhmQS9TTjMybnNXVGxqaGtaVGxSYjVYR1NtRgpBTGE4OGJkU3J3QnBTVlk4QWQxRFpPeFRjRlpUVXhGTjN4b3ZwbExaY3ZrTGlKTlNLdUk3Vm42L1lKaEpKNUpqClBKdWxoT2RzWVp4S2tRQTFJeWpvcyt3amNac1o5a29XbWxaeUVreTdxOURoUVN0cStvOTRsL0JHSkNadVc2ajYKbk9JTU5RRUNnWUVBd3pZYjhBRUdOcHkvMlp1MjZHSXJoeFpsMUtTajZrSEVQc1Rqa1JIUHFoOE5XZ0ZHY2RwKwpNaTNwenJLZjk4MzZ5a0ErSEhidTdvL3hhK1hGdXhZakdWTlFWcjhaYzVqWkU2R2srV2pKSmtzd1ZCTGtCa3lVCjc1UlFIeDR6clcwc1VLdWJqZHJmRWlvdmkwV2RMZ0NtczBxc3ppRW5rSnZDR1o0MUxaYVFFTWtDZ1lFQXpJQngKZ3JUNERqeVF5VU5zZCtoSmxlc3BUSFdYd2JHV3A0cnhwM2RIa1VHbUxjQVZ2KzBmaEZ1Tm1wTVJhem40ZHBrZwpXTW9kNlVacXNBSHBtazVMMG9kaTEyaFlXYUNFVGdGUHJ5WGVlR1k4Um1LZ0xqVzNOYmFxVmtBVFR5eGNBQXpRCjc3dTc1YkxlblR0TFRIQkFCRzdyUlBNQzg5QWlJRDdhZUZSbjRhRUNnWUE2eXQ4Yko1UFJldUFsRDhyRXJseGgKc1JNMk9lZk1NOGFCQ1Jkb3A2NmRsQUNYYk83a2QyT3VoVGwzc1VDUWg0N1N2d3AxMURRZDBXaHFrS2MrczJvYQp4SWJidVc1VzdGL2trN2gyRFdNWGoybWN5SnU0Y2ZRaE84L3RyMUR0R0laU1BYejUra05ZMnkrNmlGclFjZzNDCnplakJwQ2FnWE9qV2dsbU53MXpjVVFLQmdRQ2h3VjhIb2hrck9hRFVjVzVVa2ZuU2lZWExJcUI4NXZsaFlMZXcKWE5yUS9IcHphYUpLZzBjUXJGSWZXQURKTGJ0b0k4ckFNRzdrVzN4NzU2ZGRGRjFKRXltTmRNMmRaeWYvZzI0QgovaFF3YTcxMWR3RjRTNmkwNWQxcUI1aStZVG9NR0JjVDZRekFyWEVFTVNob044bUxPQ2tFQ3F2bEtsWXo1ME5yCk5taE13UUtCZ1FDWXdxdlF1YzJnRjk1K3NlWkk4OU80YkszRHdkbldOMklhUmJPZ0tTcXltWE80bll2ZjNoRHQKSkF6R0VSQnlwODFRb1RnTWU3ekZTaS9lNERWaFEzaXVHVjV0OUVCcG12ZFc3Y09iemdkS3U1b0xwam9MeWdlcwpSM2xyck9XeDM1dUpkVEhLNTl5bjhDWUVDdmxPZUtsRmJIbVdNc2ZoSjNXRllDWUxobERQRmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-mixer-service-account | |
creationTimestamp: "2019-12-03T10:53:42Z" | |
name: istio.istio-mixer-service-account | |
namespace: istio-system | |
resourceVersion: "43669" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-mixer-service-account | |
uid: 2bfe8e6d-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lSQUxDNkdMSXNhZThLa0Z3Ry9UV1BCTVV3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5ERmFGdzB5TURBegpNREl4TURVek5ERmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzN1V3laCjU1ZmRYSkNhVFlLd3N2ZDZ2MUREaEhxRlFnVzZ5Y1owMXBwb3RvU3ZZVmhxWXRzdTBpd3B5TnJUeHNidGU1d2oKZEdEVXMzRVlGaENpdnRSOFJaRlo5L291WXZ0ZEkzZzQxUy9SVjkyQ1dyek1FaGNlcytPTHpOWDdwQi9qM3h5VApuMVpDMVBvQ2ZMNHB0NXR5TFFqZnlnL1FKSzVjdVA0N0hsZTZGYjZNL0x1UlJvUjV5OHNFa2RPQmV4NkpRZkVZCmxQclMwdzRaVGh4YlZtNTdybWVuaEUwY1BVcUcxTTNGc1NXekpxa0hsakV1WlcrdTZGY3JVVmUycm1ZR01DNTkKalk4UmRhNVNOSG92TTFHMXZZdktKSnRoUFVLdkcyVzN4YUVzSGVIanhlTGlTaFgvZVFtdVJTNExyMjJ3RkxNQwpIQVBtenUzTDRiRXdYcThGQWdNQkFBR2pnWVV3Z1lJd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1FTUdBMVVkRVFFQi93UTUKTURlR05YTndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFcxMWJIUnBNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJvemRGdEJUdDdqRlZJT1k3cXNFc0pHUXgzCkc2Sm1xWEhiN21IMFArVnVYZ2RtZXdWbWNpVCs0SktTOWZ4YjN4b0VNMHpsY3lGS1BqTTZ6UHFTcld4T2JzSkgKVVJnbFFsejdWOFpxRzJzNGpuKyt5MU1CcHpNcHF0TG5MZVlkUnhJRVVVNEFPN05KbjRDdXB2Q29TVFlRNE1qSAp2K0lWT2FUa05IYk5TdUlYdGhYcDN5Nit5azB6ckZhOHlPdWRPbFY2TzdpcFJWalF4RlVqSGZsRjdnQXh5MnozClBmTVNkeVh4bUdDeE81T2xZcU1FWTdMQ1pWZnRyRFprSUhsOE8zSC9sRitCaGk3c0lRRm9JWTZMQnNlSk9vZmEKMDBWczFRNWdvQitocXN1bDljZ01VUXRUeWdKZE9HbStiUUV0QXNyUWVPcDlKU0RtbXdVV084SjBHK1RXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdDdsc21lZVgzVnlRbWsyQ3NMTDNlcjlRdzRSNmhVSUZ1c25HZE5hYWFMYUVyMkZZCmFtTGJMdElzS2NqYTA4Ykc3WHVjSTNSZzFMTnhHQllRb3I3VWZFV1JXZmY2TG1MN1hTTjRPTlV2MFZmZGdscTgKekJJWEhyUGppOHpWKzZRZjQ5OGNrNTlXUXRUNkFueStLYmViY2kwSTM4b1AwQ1N1WExqK094NVh1aFcralB5NwprVWFFZWN2TEJKSFRnWHNlaVVIeEdKVDYwdE1PR1U0Y1cxWnVlNjVucDRSTkhEMUtodFROeGJFbHN5YXBCNVl4CkxtVnZydWhYSzFGWHRxNW1CakF1ZlkyUEVYV3VValI2THpOUnRiMkx5aVNiWVQxQ3J4dGx0OFdoTEIzaDQ4WGkKNGtvVi8za0pya1V1QzY5dHNCU3pBaHdENXM3dHkrR3hNRjZ2QlFJREFRQUJBb0lCQUZRRnhSa054WEpESnc2cQpiQjZMZW9yMGUrY3U2eW1PYkRoa2x4SlFJd1hJa3gzeUV4RjBiSEVaUllGR2ptMVQ5eDRjN2VkNURkKzR3UHdXCit6eXlzVkswTGlsTE0ydUxjUkhEYXZQeTY0OTk4NXZ1QzNINHhBSVNtdm9Rajd3cDd6dXppY29wa0xXMzJTN1MKQmRYbVZuejlBNVgxUHc0ZCtIQUhXcDJHM3ZBR3cwbGQxMXJGQm0zODdLMEI1MjR4Q3paVzRZOXd3a3RHdklXVQpNN0U4ZE1vSmJlUURGMXRFc2N5eEdWYXBabjdraE1QeU8rall6NGI0UjlHbTBzV2pQcVhjT3owTjJYQzdsZUMzCitqMS8zSkxvMjFnQWcxL1htOEZkaHgyWG5jYlEvOFdSVjVOcHFSeVpDS2M5SWRHR0VBWUYyblN3YTlmVXlnMXAKbThhY2V3RUNnWUVBNEJrWms1T0hPdjJ0TkE4R2s0Tmd2Yzk1UzdMeU9QQ0swN0V6eEdQTDN2SEM1eXBJTUU4WQpEelNFeVFHUUJJa2I2cFRET2JJWkRZUzJvYUE1dlo3NkpEWDNzTFQ2WjVwKzJRdmNCSGpDOVlIVzhyS1R6VTZCClVFc2xXSkt0R1dFN2taMERNS3hFZStRUlVBdHh3M25FajM5NThTeUxITEFQMVZYb0I1dkZBQlVDZ1lFQTBlRDMKblhJdDFlRFBWbmtPMmNUNWlIY1RURVkzMXUzc2RrdXIxNm9Ob3FabEQvaUhXWWJtdkFLVWtpVFQ2QURZM1pwdQpITHZGYlhteXd2UXBicnVsVXc2dkxBUGdXS1A4Tlh0QWFwaXB2WEtNTFhiYWlmSFhmTWtVU0pEVVlFK1htemFGCnhSQlR1NzJSdEJsVWFrWWoxNkVnOUQyS1ZzTGFSbVR1QUg2eXZ6RUNnWUVBc3lMZFV4N0hKdHpKcTZlbk5odjcKSlQvSVVqN0ZhY2ErOHVIZjQ4bHltdERmWURKb2FsV1BnZmdWZlNpR20xbU91MElYblBORkc0MVBBSHc0SzkvOQpUUnptMXBhVTVHU1hxYURWUzYzTkNydXp1MllNeUQxTkdZWTRZRWsvbmQ0ZjVCS0REbEZtblRKK3RHR3htdlNuCnI1M1RPSHJHNlRQRU5HRHJqY2x5L05FQ2dZQmZJMmViaTRLVGpWRHZsZmpSWnFUbTQzTndBL1NVRFU0L1laWUkKTVNIMU5SQmk2UG9SNzBEd3dRcXdKTm1hTmFnWTdFUTE2amhZbys0UXliVnVhTWxNbVQ5MjZGcnVVNGVraHJadwptN3QyRVZMUjJTcS9sVTFsVjVGR1E4REIxOUtWbldXT0t4U0o2aWorUnUwcEw1cFh5TWF6Y0tJaEtqcmY1aWl0Ck9NRzJRUUtCZ0ZhVExUekxsRGRvSERqVFI5ZlFmU2JzU2dZZ2tpWndqS0dlb2o4SHBWVndKVmxsYXE4eTNzQ0YKRGtiQk1oUW5aYzFwOTVrTEphWDl3b1crZVc1VkYxUjhGc280TVc3Y2w0YTZCMUR4T2xyV1c1YUZZdGFWejVqZwprT3A1SnZSVUQzaGNlZ214d2dOQXJaOUpNKzdLT1NNcEVEb0NlQVhoUG9RZHJvWnR3ck1nCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-multi | |
creationTimestamp: "2019-12-03T10:53:41Z" | |
name: istio.istio-multi | |
namespace: istio-system | |
resourceVersion: "43665" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-multi | |
uid: 2b113d09-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWp1Z0F3SUJBZ0lSQUpQVHhOUzhFaUNsWVpKaTlLMkVvMHd3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5ESmFGdzB5TURBegpNREl4TURVek5ESmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzRPbE1hCi9PU2dSMVozN1NyS1pmNzd3TkxrQUJXWXYwcXlmYlpTbk9oak1aWHhMc2xZK3E4YUlibXMyc2tBZ3FiUzF0aVcKaXZ4ajZlTkFtTHJWNHdoWWdLb3ZUSG53K3NTL1VLSjg4My9qWTlHNTJBTmxyRUhyTWFCWWNLb2k3cWJ5eWUzTApkb0ZVRTVoZkY2S0t3ZE1zZnVGb2ZHWFdpZU56TDFEeGxSNzdsOFgrOUo4Q2dwQTFZR1dhR05nSWRGeVQ2UE1LCnpRNURsQThpc2MwQ0xXUjhIMUNkandsM2UvWWtiVU5sUnFUbjRDVUwzZEZpK0tmcWN6dW52cGtpM2ovN1gxRmwKaGFtTU9yQXNYUHBXUUkrNEZudTJmdTZ2ekFod0JUTUZBQWpOdmRhVk9vZDBQOHppelc3anZXRFlUVVM4VWwvVwpGQTJMbWFzNUhWSm9WR3FUQWdNQkFBR2pnYTh3Z2F3d0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1HMEdBMVVkRVFFQi93UmoKTUdHR1JYTndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFhCcGJHOTBMWE5sY25acFkyVXRZV05qYjNWdWRJSVlhWE4wYVc4dGNHbHNiM1F1YVhOMGFXOHRjM2x6CmRHVnRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJmZUVhQjc4UldaVjBKdGhpKzQveDl4Mk4wdVlTVUZ1QVgKSTBJNkFkN1ptZUxGOUJEMHNtMysxNnNSMEJwNERPaEVDLzRWcmh5YmJ4YnIxYm91bEVPS3NhcHpBaTVlM09Jcgp4RnA1Ti9wUUh3QVpwejduVXJvN3MyeVVza1NDZy9lNEJIYmR5MUQ4MHdPOTFWdExZTkJmdTZuQ1lQa3FZOUllCk9CUEdueFFiY0szWUdHUERuOHBXcWJ1MVJGOEV5V2xOK3ptZkpwZEtxWmxJTE9acFFTNDk0YzhYaHJmaGlmRDAKc3NXdWY3NzBiY0FMaGV0bld1cmJEUWlwd0JKVzZYaGxsWHRXWkw5OWtDemtOZktyTyt6ZlAwLzFsTWNIL0V6SQpwTGMyVEF3c3lyOWR0TFh1by9IOFRHdzdCcTZtTmdLOGFDeXhSaDIxUi8zVmZWYVM3WFR4Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdURwVEd2emtvRWRXZCswcXltWCsrOERTNUFBVm1MOUtzbjIyVXB6b1l6R1Y4UzdKCldQcXZHaUc1ck5ySkFJS20wdGJZbG9yOFkrbmpRSmk2MWVNSVdJQ3FMMHg1OFByRXYxQ2lmUE4vNDJQUnVkZ0QKWmF4QjZ6R2dXSENxSXU2bThzbnR5M2FCVkJPWVh4ZWlpc0hUTEg3aGFIeGwxb25qY3k5UThaVWUrNWZGL3ZTZgpBb0tRTldCbG1oallDSFJjaytqekNzME9RNVFQSXJITkFpMWtmQjlRblk4SmQzdjJKRzFEWlVhazUrQWxDOTNSCll2aW42bk03cDc2Wkl0NC8rMTlSWllXcGpEcXdMRno2VmtDUHVCWjd0bjd1cjh3SWNBVXpCUUFJemIzV2xUcUgKZEQvTTRzMXU0NzFnMkUxRXZGSmYxaFFOaTVtck9SMVNhRlJxa3dJREFRQUJBb0lCQUhXTmNkMzBwSVhKUDFtQwowaDBYL0IzMEtoMG1HS0hBM2c4S3ZEMzJ0U29tUjhELzA2YWRQd0h6cHlDdThqY0xKeHU5ejdJdnVXQ2ZxMHhhCnFFMDJjdXJXSHNIVGtMTzlyN0ZMNklMR2RVSkpQVmZTaUVobUpDSEpKc0dJRW1mNzFEZHp0Zkp3Q1pIMmR2R20KaVNiMUNxU0h5Wmo4VjVjUG9UeXNZbi9rWVVLenZYVkxxNXFJWkhCMWErbTczRXVNZlkvTTNudGIxTUg1RHFTbQpUMzQ0MnRTb3JsZ29xTFRjREFGR3FqaG9JVXlYS0NjZnRESEw4YkR5TmtYblVXVFBCZ2NMaXVqNU1wMngzK25iCjhxejBZMENkSlRycmdpNzJLVm5saEgvRE5NVlV1NXlyL01CSEZML1Ywcm9QK1ZVYTQySmp5d0NiWTI1VjF6bm4KUVN5MmhzRUNnWUVBeG9WQWhkUkgzdnFKcmk0ZWVjdHJMQVlkaW9mQkM3ZEM5QWJ3SWl1R21pR3h2V1pncnRmRwpicXdiQ0dpR2dVRVY2USttVkdBcWR0cUtwTFJ5Q04zZ1FxVkdXSjdzalU1bkNjSnVPSExsYzVXVFN4WnQvcyt1CnZXbWdxcWZSNTgvNVZSNVNNMXpmT2NRWHpndEtzVkZBSnhzdnZ6c1FLckdsRm8rNkh5UVQySEVDZ1lFQTdaR3IKWUI1TTZyNm5TR1B2ZFg0VXVuLytVODZEbmNYV2kxdmgzZkNScHROUzJvRW1mUVRXQjh4eFFqUlZneHdrTlIxbwo2MjBhV1h3ZUV2MG9XZnNjdEJoWUE1VnFTQVRYcE5MaWttQ3Z1VU1kVXlDTGxnRksweWtTeEpnbGw0U0N2V3k1CkxxTUE1YjcyS1JlYnF5QWhlVWJVL3E2d0tpV3NnWGNqR1VrNWxVTUNnWUFXR1BrUXJJdC9mNFhaMUpwaDFrbk0Kc2JXU0dRQmRESDR3YWFGTFBHc1VOeEh3MGplSzNzdmd2OW1XZXdRVjJTZldOSDdBUDZBYWNNTWtDRTMxUExWYwoxY2JaMEg3bVQ4YmFhRUVhbVhkL0FUUlBGR1VVQ3d3WlcydWQ4MlpERm54YmhDK0VOaDlHNzlQeWhJRkE4WmxoCmdQNDBuQjkxa1NhZU4wdHhjZk9ma1FLQmdHRW4rOEE1WkJkMGxSRWozYUJkU2JqajgyenV2aURkOGRuWVg4elcKUDVyTVBjd2ltVXp6bDF4bEhjU0hocGt4L3hUQnpGRExzOFQ0MzR2QWdLb2I2aWMwOVhteHQxOXdxNGc2dm5KQwpuRnJWdWI1dlJ1YTM3SlBpN2t2OE5STjhHOFBBSFJPWGtoeGpObVNqeFFQOUJmT0ZKa0pweXAzUi9uU0w5b3kyCng1ZmxBb0dCQUw2MzQ1dXRGVjBaVlJEQ08xaUsrL2o5eEgwalRhdGE1dFNmVG40a1Fha2tLUWJ3bDBPeVhDeTAKaEhkQnlYRFp1V2VsZS9KN3RxMnhINHJySFF0NmZySExKY2g3TGxGcklvK0ZVVThnUWlnWStRbyt5ZFE3RzNOcApVdG9QVVpTbUF2cVd0VS82RlNMdUN3Mmw4Y3Z6UldyV1krenhWUU5XNzVPRkhhcXU4MXpKCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-pilot-service-account | |
creationTimestamp: "2019-12-03T10:53:42Z" | |
name: istio.istio-pilot-service-account | |
namespace: istio-system | |
resourceVersion: "43668" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-pilot-service-account | |
uid: 2bbea611-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lRSnp2N2Mrbm0yUnZYeE0yWGV3ZGlqakFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME9Gb1hEVEl3TURNdwpNakV3TlRNME9Gb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMSzVJM1FEClVNaGp0VlMzSXF2ak44dUNPZjZHUFd2VkFaTmQxdW9sVUtoeS8vL1dvOVRwQnY4aG9YNzBIcnpNbm9xVDkyTDgKY3QvSjVBTjBHUVVMTldsQWxiakVXS2hQK25uT1ZXQXRIWmxIVC9HWENxQlNxSmlTd25ZT0dteEhPSDMyb082aAoxdW0xRzZJQzNQQ0pBUXM0Wm9KY0w1YVIvVERxWittcFlCWUVNNzUzd3ovQnAwRHMrMWlPaXpkeWhNdnpPMDd3CkZjaUtoZ3lHY2NUMEJuQjZoeklrZVB6emlOaVA0RjlXOG1QQm1uRUszK0RnMytGUmo0VmxXZ0tXazhwVW9MSWkKdkZEUUxVUXBkOFZFQ2x1NndPcHZTV0VsUUJ5NTdJdnpGV3JJWGpqRzdSdURPUEtUc3daRytidnhTYU5Fb29yWgpCNkJhZVdwUEQ1Rk5RV0VDQXdFQUFhT0JuVENCbWpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1d3WURWUjBSQVFIL0JGRXcKVDRaTmMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2YVhOMAphVzh0YzJWamRYSnBkSGt0Y0c5emRDMXBibk4wWVd4c0xXRmpZMjkxYm5Rd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBR3ExTjYweUVjOVpRdTQxNXp2MWp3Ti9pMFJBLzAxaGRoeHBMQnUvanBIRXVhTUd1MmJzWktHN1Y0cUIKOHZYNWZZU3kyNG9nRUgxUlVUTVR4YUFHVU1QRGpNL2w2bGdIMGJzcWFKaHNYQUZGMmRaY0JCRjI0U2wrRUlpWQpmRG8yTVg1ck5QV1ZkTjkzNlBiL1NsVy9nRGc1M01zc3U3b3VidVV4YTJldWthYTdoZ2d6dEIzb3NSV3JFU0tpCmVPK3laemZuS2t5cmJJQ1pDd28vbXhiSHVuN2NFSkhVdnNKemZ4Q3EzUzJlZnRxS1pTSkxId1RvSEppcHVyNG4KV251MTJWYitSaXZNV3Z0emQyTUl4bk93eHJ0MTVRTStNSG5ZNWh4bW9iakh5NkFYbDVSNUlRd3ZiOVJQdzFYYwpWY2k4YTBJejNWR2JHRWJ1UGFHZHgxWnFnaGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBc3JramRBTlF5R08xVkxjaXErTTN5NEk1L29ZOWE5VUJrMTNXNmlWUXFITC8vOWFqCjFPa0cveUdoZnZRZXZNeWVpcFAzWXZ4eTM4bmtBM1FaQlFzMWFVQ1Z1TVJZcUUvNmVjNVZZQzBkbVVkUDhaY0sKb0ZLb21KTENkZzRhYkVjNGZmYWc3cUhXNmJVYm9nTGM4SWtCQ3pobWdsd3ZscEg5TU9wbjZhbGdGZ1F6dm5mRApQOEduUU96N1dJNkxOM0tFeS9NN1R2QVZ5SXFHRElaeHhQUUdjSHFITWlSNC9QT0kySS9nWDFieVk4R2FjUXJmCjRPRGY0VkdQaFdWYUFwYVR5bFNnc2lLOFVOQXRSQ2wzeFVRS1c3ckE2bTlKWVNWQUhMbnNpL01WYXNoZU9NYnQKRzRNNDhwT3pCa2I1dS9GSm8wU2lpdGtIb0ZwNWFrOFBrVTFCWVFJREFRQUJBb0lCQUZzNUNuS051cTc5emJGVwo1SmlObW80Q2cyMTV3V0lIMEEwVENiNXJtM2JQZEFGMjRocXJjb25JOWJCaUZFcFR1dHlLMSt1clpVcjZ0cXBZCm1PaXRKdTc1S3pLcTdZSERpTnFoU1l5VW1wWUJBem9SMlRlcDJTby9Sb2lSZkVVbU9SeDZSUHhvbU5TalAxNTcKVGFCc25aN0hnL01uOEpaUEg4Zlc3WUVqbGNyR01aREljR1J2SFNhZ2IrUWcwOGR6Q3dOaWlGMHZWcjNuTTM3dworaTczSWJpcEtEQzA0SmZrZHo5VjBsalZtZ3pNK3ZWQ2NuWXhOQ2txalhqbDhhTVFVeW11QjZ4UTdNczBhNVFpCk9DRVhBM3oyL2NlNS9tT3cxTVEyZEVZMXZWTjZHdEJJZE41bjVRRGdPaXdaQWtlUDZGZkQyMnE1N3dSMkNkdFoKK2ZFdVlwRUNnWUVBeVpFMzFwWE1wc0ZRbmg1dlY1UFFRMzFaNDZTdGxIbUhhcVA3ZkNqd0R5M29OUlFtamZBSgpBWER2cXRWR1VIaU5TcGlmeGJpQ2JCaXhmMTZ5a0h2bU5TTkxOeHVXMzBGYkFSMXRlSjhUQUhLd0xsSGVpSnRVCkVpaVVTTFFaVEhtRFRwbER6UHNWcWIzNURzT0pRWXdOWmVTV3k1VjN3b3RsWEVRWVprd2ZxaVVDZ1lFQTR2eXAKTHFvSmo2Qm9NSmNyUld3d2RaYkZKbW1oOGpBMWxVWCtYWTkwWENpWkovRk9PZTU0MjZwcHN3a2MwU0oxYXUxdQpMRlFobTd5eVNhRVkxK1FHYVJkVDJhKzBiR3BFTWV6UmNEWkc2L3pBY0t3a3ZPY1pKdjh1VW9wWlRYSFFUQlliCncxdTF0V2M5K3B0YWhyaXhpcGNPMnUwTERhUC92YzR1dVFxMDc0MENnWUJFbTZRNDZ3WWNvR0l6WDhLZ09aVEMKMUJEYmxqcnE5YTZ0RXFIUDhoTTc1M0ZKVjlHRHNIY3dRV09pYnpPZXdsbTlVVlBZdGVQV3JWVUZPSk5vOEhNOApGUVpOL0pzTzVLejRKUzhVeG5odVI1dEdPT0dZOTkzV3pHOGtqQUNzY2hQS2xncG80L0hNcy9mcEdZOUhlMGM0CkxtVlJhRSs2TFQ1VCtHMmhyRGwrN1FLQmdFTFQvbjkxb25EOTJnOE1Rcm9pdXpXem1RSFJNZFBiSzd0eUt3eWkKc3JCN1ozUWlFRlR3Qi9jc2VnZ3pFNS9qRkV6UjhKRHVpQ0tROExESzFFU2pwdHVEK2JUcWpTVXFPRCsycUlidwpBL3R3bzd2SWd0eDI4YW5Ra1hQTnRiTWVZaVEwa2lIM08wMVlReUFvWXdPdEZ1Qmx6d0xYclZ4cnYxekRlbkFTClhlajFBb0dBWmEyNmVWckxrN0pCUFpjbldUblVJQ2tBVGc5dzkzUkpjaXRZcjl2MEtxMk9ObFRMYTJtbjBLeVMKSzduY3MwNlc2clUzeDNNQlVSWjZ1TDczTnhHYW5mV1JNWUp1UE5NditRYjlzWVpEcGlRdDdMa2o3emxMdk5mYwozMzNNYmtkRnlkeFhYdUp6SlFUSzFJY01zL291MmtvVjFsVFkvQ0NGMjB1ZEhtdlU2Y1k9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-security-post-install-account | |
creationTimestamp: "2019-12-03T10:53:48Z" | |
name: istio.istio-security-post-install-account | |
namespace: istio-system | |
resourceVersion: "43722" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-security-post-install-account | |
uid: 2f7f76bb-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
- apiVersion: v1 | |
data: | |
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lRWWNqQmM2UEFZajdqcHU2WXhGbmxPekFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNek9Gb1hEVEl3TURNdwpNakV3TlRNek9Gb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMb0JyOGtFCnFIRGxzTFl5ZEVDeDBVcEpaR1hKbFVwVjhqOTdneHpYQTlEQkV2K05uWjBQaEpMZHkzMGJIK3N5T1dEUHpsSEYKR1NUS0tNUUQ2d0dNMitBclpBU1NWNVp0WnMxb2JocmdPWW9PZXJjUlBvSng2Ym9xMlplS0RpeWdUQkp4c0hreQp6WmVwU3FLNFRtNUttUVV4aVArQTBxSm51blVlaTZsQ0FCczgvdStFeGxmZ3BHRlc5cHJEQmg3Tjl2ekZ6K0lxCnAxWndSMDRqSmtCNXkrUzg0alkwWVZZdDYzMENtZXAzczRvL0Rxek1leGRpdkdtMTcxcWNRSHE3UUxETURuY1MKQi9nbUpjSnNwQTZ3WHZSSlM5TFdBVnBFeTA1a2hJRGhZZWVkUFBhZ3VIbk5sTi9zRG1KODQxN3dhYU9xd1J3VwpvZTZpVmZtd2N5N21zSDhDQXdFQUFhT0I4VENCN2pBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd2dhNEdBMVVkRVFFQi93U0IKb3pDQm9JWlFjM0JwWm1abE9pOHZZMngxYzNSbGNpNXNiMk5oYkM5dWN5OXBjM1JwYnkxemVYTjBaVzB2YzJFdgphWE4wYVc4dGMybGtaV05oY2kxcGJtcGxZM1J2Y2kxelpYSjJhV05sTFdGalkyOTFiblNDSjJsemRHbHZMWE5wClpHVmpZWEl0YVc1cVpXTjBiM0l1YVhOMGFXOHRjM2x6ZEdWdExuTjJZNElqYVhOMGFXOHRjMmxrWldOaGNpMXAKYm1wbFkzUnZjaTVwYzNScGJ5MXplWE4wWlcwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFILzJLbTlVRndlSQo5eFZmaDZKbDdxeGJ4MTdQdXBCYTg4Nml1eHpBY3ZmVUhRZTFvTWpaRmpaK2RwR3Z5ZHNaWWhSdWdQSmFZTlFNCkp3MHdZNlU0LzN6bzFLYk9VQXBYRG5CL1RKRDdwM3djYTB5eXRKNXJzb0l6ZS91elhCbzA3ZUZOKzdWYTNSOEgKWGVCUStrenppc05WV0VRdk9td25PdTNwTkxNZFNNQkxqU09KOW1NaURIak9Sd2lRVXp3aXVScytTNFM2enlHWgpEZVRncWV6NnVMZ0FNbENWTWx0NDZ0Nmg0VVhUREdVYlF1MXpiYWx0OE1lS29DNkJ0RU9XMVpXQUpFc2t1aDN6CnJ1MHZhRU1hZ2ExcjZ1L283QkIvWndzTTBrOFdscTNyL3FEdVNoZjcxSm5JS0Yvdkhjd0RzMXBtcG1LVGZBRkUKN1E0dFhZRlY2Tm89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdWdHdnlRU29jT1d3dGpKMFFMSFJTa2xrWmNtVlNsWHlQM3VESE5jRDBNRVMvNDJkCm5RK0VrdDNMZlJzZjZ6STVZTS9PVWNVWkpNb294QVByQVl6YjRDdGtCSkpYbG0xbXpXaHVHdUE1aWc1NnR4RSsKZ25IcHVpclpsNG9PTEtCTUVuR3dlVExObDZsS29yaE9ia3FaQlRHSS80RFNvbWU2ZFI2THFVSUFHenorNzRURwpWK0NrWVZiMm1zTUdIczMyL01YUDRpcW5WbkJIVGlNbVFIbkw1THppTmpSaFZpM3JmUUtaNm5lemlqOE9yTXg3CkYySzhhYlh2V3B4QWVydEFzTXdPZHhJSCtDWWx3bXlrRHJCZTlFbEwwdFlCV2tUTFRtU0VnT0ZoNTUwODlxQzQKZWMyVTMrd09ZbnpqWHZCcG82ckJIQmFoN3FKVitiQnpMdWF3ZndJREFRQUJBb0lCQVFDY2k5RGJXTzArMzBHRApoaUVyVmJ5MFRlS09mRU1HWmlGVTVtbXB1eGk5OTlFNmZZQ2FjRFgrdVdhS3EycUlzeU54WkZQYnBBdU9XQXBKCk5wYnlIZy9yc2ZraWs5dmRnY1BVdXNCNEpDQ3BIWmlRUEpZa2lTVFNCMEJNZHVlSkRYd1l4ZEJsb0tsQnJEeGgKaU1hUnNuem96eERqSVJPbGxiRnE0c05lTjJzSmdESnppSUdxcnRlS1JTMy90cXNkVUpaeERhb0x1UEpYa2ZBdwpqWjNLQkp0RWZscDdnb2d0S0lwMEw2VG9BOElGVFNTbmFrM1JIUEh4YjZVNjR5VTBDd3Y1RFRyUW5rRjJPMi9JCllLZjJ6WFUrWWNORWZJaEtUYmdEUTZZTk96QXZnTjI5WllrVUZ6UkxtaHZwNk1tZ3M1MytDMW0zZW1LbVBSU0wKN3MyQjFWL0JBb0dCQU1ZWk1VY054ODRQQXI2TjdtMXBWVzlVV3RGbEFsdnhiOWdBU0NMNHczWEFjMWlSM2pWYwpxRUo3a2tOVEk1UHhUc0NCb21XZ0tnRG51TUxPc0FidU1XT0VlMkFUMlg4UGpwNGh3cVBwaVlWTWRJeERkK2hwCkVNUVQ0WnduZ3h5dDM0VitjbjJiNEdkL3VmNUF1UlNlcURVcHU2WDhTdHptTUNPN1N2RGdaYVdoQW9HQkFQQmYKdDlBelJmM0lDSmVvSEhqeHBGaEtYSkJZTUlPU0JWNmR5eUR5OFJnUExpNlZ3T3NkTCtqTkw4Z3lubUVlU3FxOQp4MHdqWkVEdDZqbWpIM05Mak1pRHBSVno4cDloSkFwVHpvbzNpTEtrUDNqTlkrQjdTVkl2Z2lkOVp2UE0wYUxRCmdOQ2lUWldmOUxCU1QwQzlOQ2Z2NVViY0pOcW5aZGVWMFlBck1HSWZBb0dBSHlZYzhvQS9ONjV5andZQVJLSDQKZGgzOGZjcDFPWUhZUlUyZUNpbTFpbEZ0a2JLMkR3djN4U1JyRmp6L2JpYldiRHkyRFdiRzFBZWJyTDRWUGJHOApnRnAzajk3dkp5U0tGMkZWbXJLQkZqMjBZYzNHRC94ZFQ0ZVV4Um9OYXJnSVdwUk1hbVhWUGxEK0xQVitaTGloCjJHSXNpR2dJV1gyMGVobmNLYzRQRGFFQ2dZQTBJeDdVaXZxSWRFWGcxemJ0eU1QejNwVTdQZFd3QkJFa0Y2ZkMKaXM5ZWY1UnR5RStpNzU2L3FSblBHNk9jdnh4RThvcnk2YzVLQXhERjFhcnhzQlptTzUrb0NwRTZuckJaaVJvSQpnc2trcmxtU0UwS3hveXdoSm1yZHMrYUx4UVpIZ1dBZllNVGhTbU9oaHdqbnF1SlFNMG1RMkJrcVVCclg2d2dZCis4VXYwd0tCZ0dtMzZ6ZGFseWxRa001WUJaZCsyVkxEbVB1ZU0zUGtjcDN4SHFsb21OL2JoR1RCUkk3RXRad3AKN2VXdHo5aVdDcUNhVVN5cHFicm9GUHZTektxdk15bCtxNmRxUFpkSlVXUHd2aTI0TDU5UkVTZlpWbVBSTzBtYgpYeE9XV0taVHZIb1o0MkQ1N01nZE03WVpVMEpjbnpuN0Zyb1JkZ1NOQldweDJjaU1JR2dxCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | |
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | |
kind: Secret | |
metadata: | |
annotations: | |
istio.io/service-account.name: istio-sidecar-injector-service-account | |
creationTimestamp: "2019-12-03T10:53:38Z" | |
name: istio.istio-sidecar-injector-service-account | |
namespace: istio-system | |
resourceVersion: "43652" | |
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-sidecar-injector-service-account | |
uid: 298457ce-15bb-11ea-b5af-027e0b84da98 | |
type: istio.io/key-and-cert | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
------- | |
resource: serviceaccounts | |
------- | |
apiVersion: v1 | |
items: | |
- apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app":"cluster-local-gateway","chart":"gateways","heritage":"Tiller","release":"RELEASE-NAME"},"name":"cluster-local-gateway-service-account","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:22Z" | |
labels: | |
app: cluster-local-gateway | |
chart: gateways | |
heritage: Tiller | |
release: RELEASE-NAME | |
name: cluster-local-gateway-service-account | |
namespace: istio-system | |
resourceVersion: "43419" | |
selfLink: /api/v1/namespaces/istio-system/serviceaccounts/cluster-local-gateway-service-account | |
uid: 1fb41b5e-15bb-11ea-b5af-027e0b84da98 | |
secrets: | |
- name: cluster-local-gateway-service-account-token-226tq | |
- apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
creationTimestamp: "2019-12-03T10:52:28Z" | |
name: default | |
namespace: istio-system | |
resourceVersion: "43258" | |
selfLink: /api/v1/namespaces/istio-system/serviceaccounts/default | |
uid: ffb4982e-15ba-11ea-b5af-027e0b84da98 | |
secrets: | |
- name: default-token-hg4lc | |
- apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app":"security","chart":"security","heritage":"Tiller","release":"RELEASE-NAME"},"name":"istio-citadel-service-account","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:24Z" | |
labels: | |
app: security | |
chart: security | |
heritage: Tiller | |
release: RELEASE-NAME | |
name: istio-citadel-service-account | |
namespace: istio-system | |
resourceVersion: "43446" | |
selfLink: /api/v1/namespaces/istio-system/serviceaccounts/istio-citadel-service-account | |
uid: 20eb3d1f-15bb-11ea-b5af-027e0b84da98 | |
secrets: | |
- name: istio-citadel-service-account-token-klk7s | |
- apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: | | |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app":"galley","chart":"galley","heritage":"Tiller","release":"RELEASE-NAME"},"name":"istio-galley-service-account","namespace":"istio-system"}} | |
creationTimestamp: "2019-12-03T10:53:22Z" | |
labels: | |
app: galley | |
chart: galley | |
heritage: Tiller | |
release: RELEASE-NAME | |
name: istio-galley-service-account | |
namespace: istio-system | |
resourceVersion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment