Skip to content

Instantly share code, notes, and snippets.

@nak3

nak3/dump-istio.yaml

Created December 3, 2019 13:28
Show Gist options
  • Save nak3/be9eec22e91b0d958b9e23f7b7402d30 to your computer and use it in GitHub Desktop.
Save nak3/be9eec22e91b0d958b9e23f7b7402d30 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dump-istio.yaml
This file has been truncated, but you can view the full file.
-------
resource: NAME
-------
-------
resource: bindings
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: componentstatuses
-------
apiVersion: v1
items:
- apiVersion: v1
conditions:
- message: ok
status: "True"
type: Healthy
kind: ComponentStatus
metadata:
creationTimestamp: null
name: scheduler
selfLink: /api/v1/componentstatuses/scheduler
- apiVersion: v1
conditions:
- message: ok
status: "True"
type: Healthy
kind: ComponentStatus
metadata:
creationTimestamp: null
name: controller-manager
selfLink: /api/v1/componentstatuses/controller-manager
- apiVersion: v1
conditions:
- message: '{"health":"true"}'
status: "True"
type: Healthy
kind: ComponentStatus
metadata:
creationTimestamp: null
name: etcd-0
selfLink: /api/v1/componentstatuses/etcd-0
- apiVersion: v1
conditions:
- message: '{"health":"true"}'
status: "True"
type: Healthy
kind: ComponentStatus
metadata:
creationTimestamp: null
name: etcd-1
selfLink: /api/v1/componentstatuses/etcd-1
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: configmaps
-------
apiVersion: v1
items:
- apiVersion: v1
data:
mesh: |-
# Set the following variable to true to disable policy checks by Mixer.
# Note that metrics will still be reported to Mixer.
disablePolicyChecks: true
disableMixerHttpReports: false
# reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server
reportBatchMaxEntries: 100
# reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server
reportBatchMaxTime: 1s
# Set enableTracing to false to disable request tracing.
enableTracing: true
# Set accessLogFile to empty string to disable access log.
accessLogFile: "/dev/stdout"
# If accessLogEncoding is TEXT, value will be used directly as the log format
# example: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\n"
# If AccessLogEncoding is JSON, value will be parsed as map[string]string
# example: '{"start_time": "%START_TIME%", "req_method": "%REQ(:METHOD)%"}'
# Leave empty to use default log format
accessLogFormat: ""
# Set accessLogEncoding to JSON or TEXT to configure sidecar access log
accessLogEncoding: 'JSON'
enableEnvoyAccessLogService: false
mixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091
mixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091
# policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached.
# Default is false which means the traffic is denied when the client is unable to connect to Mixer.
policyCheckFailOpen: false
# Let Pilot give ingresses the public IP of the Istio ingressgateway
ingressService: istio-ingressgateway
# Default connect timeout for dynamic clusters generated by Pilot and returned via XDS
connectTimeout: 10s
# Automatic protocol detection uses a set of heuristics to
# determine whether the connection is using TLS or not (on the
# server side), as well as the application protocol being used
# (e.g., http vs tcp). These heuristics rely on the client sending
# the first bits of data. For server first protocols like MySQL,
# MongoDB, etc., Envoy will timeout on the protocol detection after
# the specified period, defaulting to non mTLS plain TCP
# traffic. Set this field to tweak the period that Envoy will wait
# for the client to send the first bits of data. (MUST BE >=1ms)
protocolDetectionTimeout: 100ms
# DNS refresh rate for Envoy clusters of type STRICT_DNS
dnsRefreshRate: 300s
# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get
# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.
sdsUdsPath: ""
# The trust domain corresponds to the trust root of a system.
# Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
trustDomain: ""
# The trust domain aliases represent the aliases of trust_domain.
# For example, if we have
# trustDomain: td1
# trustDomainAliases: [“td2”, "td3"]
# Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account",
# or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh.
trustDomainAliases:
# If true, automatically configure client side mTLS settings to match the corresponding service's
# server side mTLS authentication policy, when destination rule for that service does not specify
# TLS settings.
enableAutoMtls: false
# Set the default behavior of the sidecar for handling outbound traffic from the application:
# ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no
# services or ServiceEntries for the destination port
# REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well
# as those defined through ServiceEntries
outboundTrafficPolicy:
mode: ALLOW_ANY
localityLbSetting:
enabled: true
# The namespace to treat as the administrative root namespace for istio
# configuration.
rootNamespace: istio-system
# Configures DNS certificates provisioned through Chiron linked into Pilot.
certificates:
[]
configSources:
- address: istio-galley.istio-system.svc:9901
defaultConfig:
#
# TCP connection timeout between Envoy & the application, and between Envoys. Used for static clusters
# defined in Envoy's configuration file
connectTimeout: 10s
#
### ADVANCED SETTINGS #############
# Where should envoy's configuration be stored in the istio-proxy container
configPath: "/etc/istio/proxy"
binaryPath: "/usr/local/bin/envoy"
# The pseudo service name used for Envoy.
serviceCluster: istio-proxy
# These settings that determine how long an old Envoy
# process should be kept alive after an occasional reload.
drainDuration: 45s
parentShutdownDuration: 1m0s
#
# The mode used to redirect inbound connections to Envoy. This setting
# has no effect on outbound traffic: iptables REDIRECT is always used for
# outbound connections.
# If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy.
# The "REDIRECT" mode loses source addresses during redirection.
# If "TPROXY", use iptables TPROXY to redirect to Envoy.
# The "TPROXY" mode preserves both the source and destination IP
# addresses and ports, so that they can be used for advanced filtering
# and manipulation.
# The "TPROXY" mode also configures the sidecar to run with the
# CAP_NET_ADMIN capability, which is required to use TPROXY.
#interceptionMode: REDIRECT
#
# Port where Envoy listens (on local host) for admin commands
# You can exec into the istio-proxy container in a pod and
# curl the admin port (curl http://localhost:15000/) to obtain
# diagnostic information from Envoy. See
# https://lyft.github.io/envoy/docs/operations/admin.html
# for more details
proxyAdminPort: 15000
#
# Set concurrency to a specific number to control the number of Proxy worker threads.
# If set to 0 (default), then start worker thread for each CPU thread/core.
concurrency: 2
#
tracing:
zipkin:
# Address of the Zipkin collector
address: zipkin.istio-system:9411
#
# Mutual TLS authentication between sidecars and istio control plane.
controlPlaneAuthPolicy: NONE
#
# Address where istio Pilot service is running
discoveryAddress: istio-pilot.istio-system:15010
meshNetworks: 'networks: {}'
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"mesh":"# Set the following variable to true to disable policy checks by Mixer.\n# Note that metrics will still be reported to Mixer.\ndisablePolicyChecks: true\n\ndisableMixerHttpReports: false\n# reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server\nreportBatchMaxEntries: 100\n# reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server\nreportBatchMaxTime: 1s\n\n# Set enableTracing to false to disable request tracing.\nenableTracing: true\n\n# Set accessLogFile to empty string to disable access log.\naccessLogFile: \"/dev/stdout\"\n\n# If accessLogEncoding is TEXT, value will be used directly as the log format\n# example: \"[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\\n\"\n# If AccessLogEncoding is JSON, value will be parsed as map[string]string\n# example: '{\"start_time\": \"%START_TIME%\", \"req_method\": \"%REQ(:METHOD)%\"}'\n# Leave empty to use default log format\naccessLogFormat: \"\"\n\n# Set accessLogEncoding to JSON or TEXT to configure sidecar access log\naccessLogEncoding: 'JSON'\n\nenableEnvoyAccessLogService: false\nmixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091\nmixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091\n# policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached.\n# Default is false which means the traffic is denied when the client is unable to connect to Mixer.\npolicyCheckFailOpen: false\n# Let Pilot give ingresses the public IP of the Istio ingressgateway\ningressService: istio-ingressgateway\n\n# Default connect timeout for dynamic clusters generated by Pilot and returned via XDS\nconnectTimeout: 10s\n\n# Automatic protocol detection uses a set of heuristics to\n# determine whether the connection is using TLS or not (on the\n# server side), as well as the application protocol being used\n# (e.g., http vs tcp). These heuristics rely on the client sending\n# the first bits of data. For server first protocols like MySQL,\n# MongoDB, etc., Envoy will timeout on the protocol detection after\n# the specified period, defaulting to non mTLS plain TCP\n# traffic. Set this field to tweak the period that Envoy will wait\n# for the client to send the first bits of data. (MUST BE \u003e=1ms)\nprotocolDetectionTimeout: 100ms\n\n# DNS refresh rate for Envoy clusters of type STRICT_DNS\ndnsRefreshRate: 300s\n\n# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get\n# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.\nsdsUdsPath: \"\"\n\n# The trust domain corresponds to the trust root of a system.\n# Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain\ntrustDomain: \"\"\n\n# The trust domain aliases represent the aliases of trust_domain.\n# For example, if we have\n# trustDomain: td1\n# trustDomainAliases: [“td2”, \"td3\"]\n# Any service with the identity \"td1/ns/foo/sa/a-service-account\", \"td2/ns/foo/sa/a-service-account\",\n# or \"td3/ns/foo/sa/a-service-account\" will be treated the same in the Istio mesh.\ntrustDomainAliases:\n\n# If true, automatically configure client side mTLS settings to match the corresponding service's\n# server side mTLS authentication policy, when destination rule for that service does not specify\n# TLS settings.\nenableAutoMtls: false\n\n# Set the default behavior of the sidecar for handling outbound traffic from the application:\n# ALLOW_ANY - outbound traffic to unknown destinations will be allowed, in case there are no\n# services or ServiceEntries for the destination port\n# REGISTRY_ONLY - restrict outbound traffic to services defined in the service registry as well\n# as those defined through ServiceEntries\noutboundTrafficPolicy:\n mode: ALLOW_ANY\nlocalityLbSetting:\n enabled: true\n# The namespace to treat as the administrative root namespace for istio\n# configuration.\nrootNamespace: istio-system\n\n# Configures DNS certificates provisioned through Chiron linked into Pilot.\ncertificates:\n []\nconfigSources:\n- address: istio-galley.istio-system.svc:9901\n\ndefaultConfig:\n #\n # TCP connection timeout between Envoy \u0026 the application, and between Envoys. Used for static clusters\n # defined in Envoy's configuration file\n connectTimeout: 10s\n #\n ### ADVANCED SETTINGS #############\n # Where should envoy's configuration be stored in the istio-proxy container\n configPath: \"/etc/istio/proxy\"\n binaryPath: \"/usr/local/bin/envoy\"\n # The pseudo service name used for Envoy.\n serviceCluster: istio-proxy\n # These settings that determine how long an old Envoy\n # process should be kept alive after an occasional reload.\n drainDuration: 45s\n parentShutdownDuration: 1m0s\n #\n # The mode used to redirect inbound connections to Envoy. This setting\n # has no effect on outbound traffic: iptables REDIRECT is always used for\n # outbound connections.\n # If \"REDIRECT\", use iptables REDIRECT to NAT and redirect to Envoy.\n # The \"REDIRECT\" mode loses source addresses during redirection.\n # If \"TPROXY\", use iptables TPROXY to redirect to Envoy.\n # The \"TPROXY\" mode preserves both the source and destination IP\n # addresses and ports, so that they can be used for advanced filtering\n # and manipulation.\n # The \"TPROXY\" mode also configures the sidecar to run with the\n # CAP_NET_ADMIN capability, which is required to use TPROXY.\n #interceptionMode: REDIRECT\n #\n # Port where Envoy listens (on local host) for admin commands\n # You can exec into the istio-proxy container in a pod and\n # curl the admin port (curl http://localhost:15000/) to obtain\n # diagnostic information from Envoy. See\n # https://lyft.github.io/envoy/docs/operations/admin.html\n # for more details\n proxyAdminPort: 15000\n #\n # Set concurrency to a specific number to control the number of Proxy worker threads.\n # If set to 0 (default), then start worker thread for each CPU thread/core.\n concurrency: 2\n #\n tracing:\n zipkin:\n # Address of the Zipkin collector\n address: zipkin.istio-system:9411\n #\n # Mutual TLS authentication between sidecars and istio control plane.\n controlPlaneAuthPolicy: NONE\n #\n # Address where istio Pilot service is running\n discoveryAddress: istio-pilot.istio-system:15010","meshNetworks":"networks: {}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"istio","chart":"istio","heritage":"Tiller","release":"RELEASE-NAME"},"name":"istio","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:20Z"
labels:
app: istio
chart: istio
heritage: Tiller
release: RELEASE-NAME
name: istio
namespace: istio-system
resourceVersion: "43410"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio
uid: 1ee6e059-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
crd-10.yaml: |-
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: mixer
chart: istio
heritage: Tiller
istio: core
package: istio.io.mixer
release: istio
name: attributemanifests.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- policy-istio-io
kind: attributemanifest
plural: attributemanifests
singular: attributemanifest
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Describes the rules used to configure Mixer''s policy and
telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'
properties:
attributes:
additionalProperties:
properties:
description:
description: A human-readable description of the attribute's purpose.
format: string
type: string
valueType:
description: The type of data carried by this attribute.
enum:
- VALUE_TYPE_UNSPECIFIED
- STRING
- INT64
- DOUBLE
- BOOL
- TIMESTAMP
- IP_ADDRESS
- EMAIL_ADDRESS
- URI
- DNS_NAME
- DURATION
- STRING_MAP
type: string
type: object
description: The set of attributes this Istio component will be responsible
for producing at runtime.
type: object
name:
description: Name of the component producing these attributes.
format: string
type: string
revision:
description: The revision of this document.
format: string
type: string
type: object
type: object
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
heritage: Tiller
istio: rbac
release: istio
name: clusterrbacconfigs.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ClusterRbacConfig
plural: clusterrbacconfigs
singular: clusterrbacconfig
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration for Role Based Access Control. See more details
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'
properties:
enforcementMode:
enum:
- ENFORCED
- PERMISSIVE
type: string
exclusion:
description: A list of services or namespaces that should not be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
inclusion:
description: A list of services or namespaces that should be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
mode:
description: Istio RBAC mode.
enum:
- "OFF"
- "ON"
- ON_WITH_INCLUSION
- ON_WITH_EXCLUSION
type: string
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: destinationrules.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.host
description: The name of a service from the service registry
name: Host
type: string
- JSONPath: .metadata.creationTimestamp
description: |-
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
name: Age
type: date
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: DestinationRule
listKind: DestinationRuleList
plural: destinationrules
shortNames:
- dr
singular: destinationrule
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting load balancing, outlier detection,
etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html'
properties:
exportTo:
description: A list of namespaces to which this destination rule is
exported.
items:
format: string
type: string
type: array
host:
description: The name of a service from the service registry.
format: string
type: string
subsets:
items:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
name:
description: Name of the subset.
format: string
type: string
trafficPolicy:
description: Traffic policies that apply to this subset.
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should
be upgraded to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP requests
to a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection
pool connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on the socket
to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive
probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
oneOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutiveErrors:
format: int32
type: integer
interval:
description: Time interval between ejection sweep analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
items:
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should
be upgraded to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP
requests to a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a
backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection
pool connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP
upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on
the socket to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive
probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
oneOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutiveErrors:
format: int32
type: integer
interval:
description: Time interval between ejection sweep
analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
port:
properties:
number:
type: integer
type: object
tls:
description: TLS related settings for connections to
the upstream service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server
during TLS handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: array
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during
TLS handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: object
type: array
trafficPolicy:
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should be upgraded
to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP requests to
a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection pool
connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per connection to
a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections to
a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on the socket
to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
oneOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutiveErrors:
format: int32
type: integer
interval:
description: Time interval between ejection sweep analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
items:
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should
be upgraded to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP requests
to a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection
pool connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on the socket
to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive
probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
oneOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutiveErrors:
format: int32
type: integer
interval:
description: Time interval between ejection sweep analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
port:
properties:
number:
type: integer
type: object
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during
TLS handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: array
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during TLS
handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: object
type: object
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: envoyfilters.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: EnvoyFilter
plural: envoyfilters
singular: envoyfilter
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Customizing Envoy configuration generated by Istio. See more
details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html'
properties:
configPatches:
description: One or more patches with match conditions.
items:
properties:
applyTo:
enum:
- INVALID
- LISTENER
- FILTER_CHAIN
- NETWORK_FILTER
- HTTP_FILTER
- ROUTE_CONFIGURATION
- VIRTUAL_HOST
- HTTP_ROUTE
- CLUSTER
type: string
match:
description: Match on listener/route configuration/cluster.
oneOf:
- required:
- listener
- required:
- routeConfiguration
- required:
- cluster
properties:
cluster:
description: Match on envoy cluster attributes.
properties:
name:
description: The exact name of the cluster to match.
format: string
type: string
portNumber:
description: The service port for which this cluster was
generated.
type: integer
service:
description: The fully qualified service name for this
cluster.
format: string
type: string
subset:
description: The subset associated with the service.
format: string
type: string
type: object
context:
description: The specific config generation context to match
on.
enum:
- ANY
- SIDECAR_INBOUND
- SIDECAR_OUTBOUND
- GATEWAY
type: string
listener:
description: Match on envoy listener attributes.
properties:
filterChain:
description: Match a specific filter chain in a listener.
properties:
applicationProtocols:
description: Applies only to sidecars.
format: string
type: string
filter:
description: The name of a specific filter to apply
the patch to.
properties:
name:
description: The filter name to match on.
format: string
type: string
subFilter:
properties:
name:
description: The filter name to match on.
format: string
type: string
type: object
type: object
name:
description: The name assigned to the filter chain.
format: string
type: string
sni:
description: The SNI value used by a filter chain's
match condition.
format: string
type: string
transportProtocol:
description: Applies only to SIDECAR_INBOUND context.
format: string
type: string
type: object
name:
description: Match a specific listener by its name.
format: string
type: string
portName:
format: string
type: string
portNumber:
type: integer
type: object
proxy:
description: Match on properties associated with a proxy.
properties:
metadata:
additionalProperties:
format: string
type: string
type: object
proxyVersion:
format: string
type: string
type: object
routeConfiguration:
description: Match on envoy HTTP route configuration attributes.
properties:
gateway:
format: string
type: string
name:
description: Route configuration name to match on.
format: string
type: string
portName:
description: Applicable only for GATEWAY context.
format: string
type: string
portNumber:
type: integer
vhost:
properties:
name:
format: string
type: string
route:
description: Match a specific route within the virtual
host.
properties:
action:
description: Match a route with specific action
type.
enum:
- ANY
- ROUTE
- REDIRECT
- DIRECT_RESPONSE
type: string
name:
format: string
type: string
type: object
type: object
type: object
type: object
patch:
description: The patch to apply along with the operation.
properties:
operation:
description: Determines how the patch should be applied.
enum:
- INVALID
- MERGE
- ADD
- REMOVE
- INSERT_BEFORE
- INSERT_AFTER
type: string
value:
description: The JSON config of the object being patched.
type: object
type: object
type: object
type: array
filters:
items:
properties:
filterConfig:
type: object
filterName:
description: The name of the filter to instantiate.
format: string
type: string
filterType:
description: The type of filter to instantiate.
enum:
- INVALID
- HTTP
- NETWORK
type: string
insertPosition:
description: Insert position in the filter chain.
properties:
index:
description: Position of this filter in the filter chain.
enum:
- FIRST
- LAST
- BEFORE
- AFTER
type: string
relativeTo:
format: string
type: string
type: object
listenerMatch:
properties:
address:
description: One or more IP addresses to which the listener
is bound.
items:
format: string
type: string
type: array
listenerProtocol:
description: Selects a class of listeners for the same protocol.
enum:
- ALL
- HTTP
- TCP
type: string
listenerType:
description: Inbound vs outbound sidecar listener or gateway
listener.
enum:
- ANY
- SIDECAR_INBOUND
- SIDECAR_OUTBOUND
- GATEWAY
type: string
portNamePrefix:
format: string
type: string
portNumber:
type: integer
type: object
type: object
type: array
workloadLabels:
additionalProperties:
format: string
type: string
description: Deprecated.
type: object
workloadSelector:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
type: object
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: gateways.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: Gateway
plural: gateways
shortNames:
- gw
singular: gateway
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting edge load balancer. See more details
at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html'
properties:
selector:
additionalProperties:
format: string
type: string
type: object
servers:
description: A list of server specifications.
items:
properties:
bind:
format: string
type: string
defaultEndpoint:
format: string
type: string
hosts:
description: One or more hosts exposed by this gateway.
items:
format: string
type: string
type: array
port:
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
tls:
description: Set of TLS related options that govern the server's
behavior.
properties:
caCertificates:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
cipherSuites:
description: 'Optional: If specified, only support the specified
cipher list.'
items:
format: string
type: string
type: array
credentialName:
format: string
type: string
httpsRedirect:
type: boolean
maxProtocolVersion:
description: 'Optional: Maximum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
minProtocolVersion:
description: 'Optional: Minimum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
mode:
enum:
- PASSTHROUGH
- SIMPLE
- MUTUAL
- AUTO_PASSTHROUGH
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
serverCertificate:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
verifyCertificateHash:
items:
format: string
type: string
type: array
verifyCertificateSpki:
items:
format: string
type: string
type: array
type: object
type: object
type: array
type: object
type: object
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: httpapispecbindings.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: HTTPAPISpecBinding
plural: httpapispecbindings
singular: httpapispecbinding
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
api_specs:
items:
properties:
name:
description: The short name of the HTTPAPISpec.
format: string
type: string
namespace:
description: Optional namespace of the HTTPAPISpec.
format: string
type: string
type: object
type: array
apiSpecs:
items:
properties:
name:
description: The short name of the HTTPAPISpec.
format: string
type: string
namespace:
description: Optional namespace of the HTTPAPISpec.
format: string
type: string
type: object
type: array
services:
description: One or more services to map the listed HTTPAPISpec onto.
items:
properties:
domain:
description: Domain suffix used to construct the service FQDN
in implementations that support such specification.
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: Optional one or more labels that uniquely identify
the service version.
type: object
name:
description: The short name of the service such as "foo".
format: string
type: string
namespace:
description: Optional namespace of the service.
format: string
type: string
service:
description: The service FQDN.
format: string
type: string
type: object
type: array
type: object
type: object
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: httpapispecs.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: HTTPAPISpec
plural: httpapispecs
singular: httpapispec
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
api_keys:
items:
oneOf:
- required:
- query
- required:
- header
- required:
- cookie
properties:
cookie:
format: string
type: string
header:
description: API key is sent in a request header.
format: string
type: string
query:
description: API Key is sent as a query parameter.
format: string
type: string
type: object
type: array
apiKeys:
items:
oneOf:
- required:
- query
- required:
- header
- required:
- cookie
properties:
cookie:
format: string
type: string
header:
description: API key is sent in a request header.
format: string
type: string
query:
description: API Key is sent as a query parameter.
format: string
type: string
type: object
type: array
attributes:
properties:
attributes:
additionalProperties:
oneOf:
- required:
- stringValue
- required:
- int64Value
- required:
- doubleValue
- required:
- boolValue
- required:
- bytesValue
- required:
- timestampValue
- required:
- durationValue
- required:
- stringMapValue
properties:
boolValue:
type: boolean
bytesValue:
format: binary
type: string
doubleValue:
format: double
type: number
durationValue:
type: string
int64Value:
format: int64
type: integer
stringMapValue:
properties:
entries:
additionalProperties:
format: string
type: string
description: Holds a set of name/value pairs.
type: object
type: object
stringValue:
format: string
type: string
timestampValue:
format: dateTime
type: string
type: object
description: A map of attribute name to its value.
type: object
type: object
patterns:
description: List of HTTP patterns to match.
items:
oneOf:
- required:
- uriTemplate
- required:
- regex
properties:
attributes:
properties:
attributes:
additionalProperties:
oneOf:
- required:
- stringValue
- required:
- int64Value
- required:
- doubleValue
- required:
- boolValue
- required:
- bytesValue
- required:
- timestampValue
- required:
- durationValue
- required:
- stringMapValue
properties:
boolValue:
type: boolean
bytesValue:
format: binary
type: string
doubleValue:
format: double
type: number
durationValue:
type: string
int64Value:
format: int64
type: integer
stringMapValue:
properties:
entries:
additionalProperties:
format: string
type: string
description: Holds a set of name/value pairs.
type: object
type: object
stringValue:
format: string
type: string
timestampValue:
format: dateTime
type: string
type: object
description: A map of attribute name to its value.
type: object
type: object
httpMethod:
format: string
type: string
regex:
format: string
type: string
uriTemplate:
format: string
type: string
type: object
type: array
type: object
type: object
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-citadel
chart: istio
heritage: Tiller
release: istio
name: meshpolicies.authentication.istio.io
spec:
group: authentication.istio.io
names:
categories:
- istio-io
- authentication-istio-io
kind: MeshPolicy
listKind: MeshPolicyList
plural: meshpolicies
singular: meshpolicy
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Authentication policy for Istio services. See more details
at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html'
properties:
originIsOptional:
type: boolean
origins:
description: List of authentication methods that can be used for origin
authentication.
items:
properties:
jwt:
description: Jwt params for the method.
properties:
audiences:
items:
format: string
type: string
type: array
issuer:
description: Identifies the issuer that issued the JWT.
format: string
type: string
jwks:
description: JSON Web Key Set of public keys to validate signature
of the JWT.
format: string
type: string
jwks_uri:
format: string
type: string
jwksUri:
format: string
type: string
jwt_headers:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtHeaders:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtParams:
description: JWT is sent in a query parameter.
items:
format: string
type: string
type: array
trigger_rules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
triggerRules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
type: object
type: object
type: array
peerIsOptional:
type: boolean
peers:
description: List of authentication methods that can be used for peer
authentication.
items:
oneOf:
- required:
- mtls
- required:
- jwt
properties:
jwt:
properties:
audiences:
items:
format: string
type: string
type: array
issuer:
description: Identifies the issuer that issued the JWT.
format: string
type: string
jwks:
description: JSON Web Key Set of public keys to validate signature
of the JWT.
format: string
type: string
jwks_uri:
format: string
type: string
jwksUri:
format: string
type: string
jwt_headers:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtHeaders:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtParams:
description: JWT is sent in a query parameter.
items:
format: string
type: string
type: array
trigger_rules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
triggerRules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
type: object
mtls:
description: Set if mTLS is used.
properties:
allowTls:
description: WILL BE DEPRECATED, if set, will translates to
`TLS_PERMISSIVE` mode.
type: boolean
mode:
description: Defines the mode of mTLS authentication.
enum:
- STRICT
- PERMISSIVE
type: string
type: object
type: object
type: array
principalBinding:
description: Define whether peer or origin identity should be use for
principal.
enum:
- USE_PEER
- USE_ORIGIN
type: string
targets:
description: List rules to select workloads that the policy should be
applied on.
items:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
name:
description: The name must be a short name from the service registry.
format: string
type: string
ports:
description: Specifies the ports.
items:
oneOf:
- required:
- number
- required:
- name
properties:
name:
format: string
type: string
number:
type: integer
type: object
type: array
type: object
type: array
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-citadel
chart: istio
heritage: Tiller
release: istio
name: policies.authentication.istio.io
spec:
group: authentication.istio.io
names:
categories:
- istio-io
- authentication-istio-io
kind: Policy
plural: policies
singular: policy
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Authentication policy for Istio services. See more details
at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html'
properties:
originIsOptional:
type: boolean
origins:
description: List of authentication methods that can be used for origin
authentication.
items:
properties:
jwt:
description: Jwt params for the method.
properties:
audiences:
items:
format: string
type: string
type: array
issuer:
description: Identifies the issuer that issued the JWT.
format: string
type: string
jwks:
description: JSON Web Key Set of public keys to validate signature
of the JWT.
format: string
type: string
jwks_uri:
format: string
type: string
jwksUri:
format: string
type: string
jwt_headers:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtHeaders:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtParams:
description: JWT is sent in a query parameter.
items:
format: string
type: string
type: array
trigger_rules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
triggerRules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
type: object
type: object
type: array
peerIsOptional:
type: boolean
peers:
description: List of authentication methods that can be used for peer
authentication.
items:
oneOf:
- required:
- mtls
- required:
- jwt
properties:
jwt:
properties:
audiences:
items:
format: string
type: string
type: array
issuer:
description: Identifies the issuer that issued the JWT.
format: string
type: string
jwks:
description: JSON Web Key Set of public keys to validate signature
of the JWT.
format: string
type: string
jwks_uri:
format: string
type: string
jwksUri:
format: string
type: string
jwt_headers:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtHeaders:
description: JWT is sent in a request header.
items:
format: string
type: string
type: array
jwtParams:
description: JWT is sent in a query parameter.
items:
format: string
type: string
type: array
trigger_rules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
triggerRules:
items:
properties:
excluded_paths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
excludedPaths:
description: List of paths to be excluded from the request.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
included_paths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
includedPaths:
description: List of paths that the request must include.
items:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- suffix
- required:
- regex
properties:
exact:
description: exact string match.
format: string
type: string
prefix:
description: prefix-based match.
format: string
type: string
regex:
description: ECMAscript style regex-based match
as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).
format: string
type: string
suffix:
description: suffix-based match.
format: string
type: string
type: object
type: array
type: object
type: array
type: object
mtls:
description: Set if mTLS is used.
properties:
allowTls:
description: WILL BE DEPRECATED, if set, will translates to
`TLS_PERMISSIVE` mode.
type: boolean
mode:
description: Defines the mode of mTLS authentication.
enum:
- STRICT
- PERMISSIVE
type: string
type: object
type: object
type: array
principalBinding:
description: Define whether peer or origin identity should be use for
principal.
enum:
- USE_PEER
- USE_ORIGIN
type: string
targets:
description: List rules to select workloads that the policy should be
applied on.
items:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
name:
description: The name must be a short name from the service registry.
format: string
type: string
ports:
description: Specifies the ports.
items:
oneOf:
- required:
- number
- required:
- name
properties:
name:
format: string
type: string
number:
type: integer
type: object
type: array
type: object
type: array
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: quotaspecbindings.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: QuotaSpecBinding
plural: quotaspecbindings
singular: quotaspecbinding
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
quotaSpecs:
items:
properties:
name:
description: The short name of the QuotaSpec.
format: string
type: string
namespace:
description: Optional namespace of the QuotaSpec.
format: string
type: string
type: object
type: array
services:
description: One or more services to map the listed QuotaSpec onto.
items:
properties:
domain:
description: Domain suffix used to construct the service FQDN
in implementations that support such specification.
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: Optional one or more labels that uniquely identify
the service version.
type: object
name:
description: The short name of the service such as "foo".
format: string
type: string
namespace:
description: Optional namespace of the service.
format: string
type: string
service:
description: The service FQDN.
format: string
type: string
type: object
type: array
type: object
type: object
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: quotaspecs.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: QuotaSpec
plural: quotaspecs
singular: quotaspec
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: Determines the quotas used for individual requests.
properties:
rules:
description: A list of Quota rules.
items:
properties:
match:
description: If empty, match all request.
items:
properties:
clause:
additionalProperties:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
description: Map of attribute names to StringMatch type.
type: object
type: object
type: array
quotas:
description: The list of quotas to charge.
items:
properties:
charge:
format: int32
type: integer
quota:
format: string
type: string
type: object
type: array
type: object
type: array
type: object
type: object
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: rbacconfigs.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: RbacConfig
plural: rbacconfigs
singular: rbacconfig
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration for Role Based Access Control. See more details
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'
properties:
enforcementMode:
enum:
- ENFORCED
- PERMISSIVE
type: string
exclusion:
description: A list of services or namespaces that should not be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
inclusion:
description: A list of services or namespaces that should be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
mode:
description: Istio RBAC mode.
enum:
- "OFF"
- "ON"
- ON_WITH_INCLUSION
- ON_WITH_EXCLUSION
type: string
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: mixer
chart: istio
heritage: Tiller
istio: core
package: istio.io.mixer
release: istio
name: rules.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- policy-istio-io
kind: rule
plural: rules
singular: rule
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Describes the rules used to configure Mixer''s policy and
telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'
properties:
actions:
description: The actions that will be executed when match evaluates
to `true`.
items:
properties:
handler:
description: Fully qualified name of the handler to invoke.
format: string
type: string
instances:
items:
format: string
type: string
type: array
name:
description: A handle to refer to the results of the action.
format: string
type: string
type: object
type: array
match:
description: Match is an attribute based predicate.
format: string
type: string
requestHeaderOperations:
items:
properties:
name:
description: Header name literal value.
format: string
type: string
operation:
description: Header operation type.
enum:
- REPLACE
- REMOVE
- APPEND
type: string
values:
description: Header value expressions.
items:
format: string
type: string
type: array
type: object
type: array
responseHeaderOperations:
items:
properties:
name:
description: Header name literal value.
format: string
type: string
operation:
description: Header operation type.
enum:
- REPLACE
- REMOVE
- APPEND
type: string
values:
description: Header value expressions.
items:
format: string
type: string
type: array
type: object
type: array
sampling:
properties:
random:
description: Provides filtering of actions based on random selection
per request.
properties:
attributeExpression:
description: Specifies an attribute expression to use to override
the numerator in the `percent_sampled` field.
format: string
type: string
percentSampled:
description: The default sampling rate, expressed as a percentage.
properties:
denominator:
description: Specifies the denominator.
enum:
- HUNDRED
- TEN_THOUSAND
type: string
numerator:
description: Specifies the numerator.
type: integer
type: object
useIndependentRandomness:
description: By default sampling will be based on the value
of the request header `x-request-id`.
type: boolean
type: object
rateLimit:
properties:
maxUnsampledEntries:
description: Number of entries to allow during the `sampling_duration`
before sampling is enforced.
format: int64
type: integer
samplingDuration:
description: Window in which to enforce the sampling rate.
type: string
samplingRate:
description: The rate at which to sample entries once the unsampled
limit has been reached.
format: int64
type: integer
type: object
type: object
type: object
type: object
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: serviceentries.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.hosts
description: The hosts associated with the ServiceEntry
name: Hosts
type: string
- JSONPath: .spec.location
description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL
or MESH_INTERNAL)
name: Location
type: string
- JSONPath: .spec.resolution
description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
name: Resolution
type: string
- JSONPath: .metadata.creationTimestamp
description: |-
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
name: Age
type: date
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: ServiceEntry
listKind: ServiceEntryList
plural: serviceentries
shortNames:
- se
singular: serviceentry
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting service registry. See more details
at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html'
properties:
addresses:
description: The virtual IP addresses associated with the service.
items:
format: string
type: string
type: array
endpoints:
description: One or more endpoints associated with the service.
items:
properties:
address:
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: One or more labels associated with the endpoint.
type: object
locality:
description: The locality associated with the endpoint.
format: string
type: string
network:
format: string
type: string
ports:
additionalProperties:
type: integer
description: Set of ports associated with the endpoint.
type: object
weight:
description: The load balancing weight associated with the endpoint.
type: integer
type: object
type: array
exportTo:
description: A list of namespaces to which this service is exported.
items:
format: string
type: string
type: array
hosts:
description: The hosts associated with the ServiceEntry.
items:
format: string
type: string
type: array
location:
enum:
- MESH_EXTERNAL
- MESH_INTERNAL
type: string
ports:
description: The ports associated with the external service.
items:
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
type: array
resolution:
description: Service discovery mode for the hosts.
enum:
- NONE
- STATIC
- DNS
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: servicerolebindings.rbac.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.roleRef.name
description: The name of the ServiceRole object being referenced
name: Reference
type: string
- JSONPath: .metadata.creationTimestamp
description: |-
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
name: Age
type: date
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ServiceRoleBinding
plural: servicerolebindings
singular: servicerolebinding
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration for Role Based Access Control. See more details
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'
properties:
actions:
items:
properties:
constraints:
description: Optional.
items:
properties:
key:
description: Key of the constraint.
format: string
type: string
values:
description: List of valid values for the constraint.
items:
format: string
type: string
type: array
type: object
type: array
hosts:
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
items:
format: string
type: string
type: array
notMethods:
items:
format: string
type: string
type: array
notPaths:
items:
format: string
type: string
type: array
notPorts:
items:
format: int32
type: integer
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
items:
format: int32
type: integer
type: array
services:
description: A list of service names.
items:
format: string
type: string
type: array
type: object
type: array
mode:
enum:
- ENFORCED
- PERMISSIVE
type: string
role:
format: string
type: string
roleRef:
description: Reference to the ServiceRole object.
properties:
kind:
description: The type of the role being referenced.
format: string
type: string
name:
description: The name of the ServiceRole object being referenced.
format: string
type: string
type: object
subjects:
description: List of subjects that are assigned the ServiceRole object.
items:
properties:
group:
format: string
type: string
groups:
items:
format: string
type: string
type: array
ips:
items:
format: string
type: string
type: array
names:
items:
format: string
type: string
type: array
namespaces:
items:
format: string
type: string
type: array
notGroups:
items:
format: string
type: string
type: array
notIps:
items:
format: string
type: string
type: array
notNames:
items:
format: string
type: string
type: array
notNamespaces:
items:
format: string
type: string
type: array
properties:
additionalProperties:
format: string
type: string
description: Optional.
type: object
user:
description: Optional.
format: string
type: string
type: object
type: array
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: serviceroles.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ServiceRole
plural: serviceroles
singular: servicerole
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration for Role Based Access Control. See more details
at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'
properties:
rules:
description: The set of access rules (permissions) that the role has.
items:
properties:
constraints:
description: Optional.
items:
properties:
key:
description: Key of the constraint.
format: string
type: string
values:
description: List of valid values for the constraint.
items:
format: string
type: string
type: array
type: object
type: array
hosts:
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
items:
format: string
type: string
type: array
notMethods:
items:
format: string
type: string
type: array
notPaths:
items:
format: string
type: string
type: array
notPorts:
items:
format: int32
type: integer
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
items:
format: int32
type: integer
type: array
services:
description: A list of service names.
items:
format: string
type: string
type: array
type: object
type: array
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: virtualservices.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.gateways
description: The names of gateways and sidecars that should apply these routes
name: Gateways
type: string
- JSONPath: .spec.hosts
description: The destination hosts to which traffic is being sent
name: Hosts
type: string
- JSONPath: .metadata.creationTimestamp
description: |-
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
name: Age
type: date
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: VirtualService
listKind: VirtualServiceList
plural: virtualservices
shortNames:
- vs
singular: virtualservice
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting label/content routing, sni routing,
etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html'
properties:
exportTo:
description: A list of namespaces to which this virtual service is exported.
items:
format: string
type: string
type: array
gateways:
description: The names of gateways and sidecars that should apply these
routes.
items:
format: string
type: string
type: array
hosts:
description: The destination hosts to which traffic is being sent.
items:
format: string
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic.
items:
properties:
appendHeaders:
additionalProperties:
format: string
type: string
type: object
appendRequestHeaders:
additionalProperties:
format: string
type: string
type: object
appendResponseHeaders:
additionalProperties:
format: string
type: string
type: object
corsPolicy:
description: Cross-Origin Resource Sharing policy (CORS).
properties:
allowCredentials:
nullable: true
type: boolean
allowHeaders:
items:
format: string
type: string
type: array
allowMethods:
description: List of HTTP methods allowed to access the resource.
items:
format: string
type: string
type: array
allowOrigin:
description: The list of origins that are allowed to perform
CORS requests.
items:
format: string
type: string
type: array
exposeHeaders:
items:
format: string
type: string
type: array
maxAge:
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP traffic at
the client side.
properties:
abort:
oneOf:
- properties:
percent: {}
required:
- httpStatus
- properties:
percent: {}
required:
- grpcStatus
- properties:
percent: {}
required:
- http2Error
properties:
grpcStatus:
format: string
type: string
http2Error:
format: string
type: string
httpStatus:
description: HTTP status code to use to abort the Http
request.
format: int32
type: integer
percent:
description: Percentage of requests to be aborted with
the error code provided (0-100).
format: int32
type: integer
percentage:
description: Percentage of requests to be aborted with
the error code provided.
properties:
value:
format: double
type: number
type: object
type: object
delay:
oneOf:
- properties:
percent: {}
required:
- fixedDelay
- properties:
percent: {}
required:
- exponentialDelay
properties:
exponentialDelay:
type: string
fixedDelay:
description: Add a fixed delay before forwarding the request.
type: string
percent:
description: Percentage of requests on which the delay
will be injected (0-100).
format: int32
type: integer
percentage:
description: Percentage of requests on which the delay
will be injected.
properties:
value:
format: double
type: number
type: object
type: object
type: object
headers:
properties:
request:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
response:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
match:
items:
properties:
authority:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
gateways:
items:
format: string
type: string
type: array
headers:
additionalProperties:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
type: object
ignoreUriCase:
description: Flag to specify whether the URI matching should
be case-insensitive.
type: boolean
method:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
name:
description: The name assigned to a match.
format: string
type: string
port:
description: Specifies the ports on the host that is being
addressed.
type: integer
queryParams:
additionalProperties:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
description: Query parameters for matching.
type: object
scheme:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
sourceLabels:
additionalProperties:
format: string
type: string
type: object
uri:
oneOf:
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
format: string
type: string
type: object
type: object
type: array
mirror:
properties:
host:
description: The name of a service from the service registry.
format: string
type: string
port:
description: Specifies the port on the host that is being
addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
mirror_percent:
description: Percentage of the traffic to be mirrored by the `mirror`
field.
nullable: true
type: integer
mirrorPercent:
description: Percentage of the traffic to be mirrored by the `mirror`
field.
nullable: true
type: integer
name:
description: The name assigned to the route for debugging purposes.
format: string
type: string
redirect:
description: A http rule can either redirect or forward (default)
traffic.
properties:
authority:
format: string
type: string
redirectCode:
type: integer
uri:
format: string
type: string
type: object
removeRequestHeaders:
items:
format: string
type: string
type: array
removeResponseHeaders:
items:
format: string
type: string
type: array
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: Number of retries for a given request.
format: int32
type: integer
perTryTimeout:
description: Timeout per retry attempt for a given request.
type: string
retryOn:
description: Specifies the conditions under which retry takes
place.
format: string
type: string
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers.
properties:
authority:
description: rewrite the Authority/Host header with this value.
format: string
type: string
uri:
format: string
type: string
type: object
route:
description: A http rule can either redirect or forward (default)
traffic.
items:
properties:
appendRequestHeaders:
additionalProperties:
format: string
type: string
description: Use of `append_request_headers` is deprecated.
type: object
appendResponseHeaders:
additionalProperties:
format: string
type: string
description: Use of `append_response_headers` is deprecated.
type: object
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
headers:
properties:
request:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
response:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
removeRequestHeaders:
description: Use of `remove_request_headers` is deprecated.
items:
format: string
type: string
type: array
removeResponseHeaders:
description: Use of `remove_response_header` is deprecated.
items:
format: string
type: string
type: array
weight:
format: int32
type: integer
type: object
type: array
timeout:
description: Timeout for HTTP requests.
type: string
websocketUpgrade:
description: Deprecated.
type: boolean
type: object
type: array
tcp:
description: An ordered list of route rules for opaque TCP traffic.
items:
properties:
match:
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination with
optional subnet.
items:
format: string
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied to.
items:
format: string
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed.
type: integer
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceSubnet:
description: IPv4 or IPv6 ip address of source with optional
subnet.
format: string
type: string
type: object
type: array
route:
description: The destination to which the connection should be
forwarded to.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
weight:
format: int32
type: integer
type: object
type: array
type: object
type: array
tls:
items:
properties:
match:
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination with
optional subnet.
items:
format: string
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied to.
items:
format: string
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed.
type: integer
sniHosts:
description: SNI (server name indicator) to match on.
items:
format: string
type: string
type: array
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceSubnet:
description: IPv4 or IPv6 ip address of source with optional
subnet.
format: string
type: string
type: object
type: array
route:
description: The destination to which the connection should be
forwarded to.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
weight:
format: int32
type: integer
type: object
type: array
type: object
type: array
type: object
type: object
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: adapters.config.istio.io
labels:
app: mixer
package: adapter
istio: mixer-adapter
chart: istio
heritage: Tiller
release: istio
annotations:
"helm.sh/resource-policy": keep
spec:
group: config.istio.io
names:
kind: adapter
plural: adapters
singular: adapter
categories:
- istio-io
- policy-istio-io
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha2
served: true
storage: true
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: instances.config.istio.io
labels:
app: mixer
package: instance
istio: mixer-instance
chart: istio
heritage: Tiller
release: istio
annotations:
"helm.sh/resource-policy": keep
spec:
group: config.istio.io
names:
kind: instance
plural: instances
singular: instance
categories:
- istio-io
- policy-istio-io
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha2
served: true
storage: true
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: templates.config.istio.io
labels:
app: mixer
package: template
istio: mixer-template
chart: istio
heritage: Tiller
release: istio
annotations:
"helm.sh/resource-policy": keep
spec:
group: config.istio.io
names:
kind: template
plural: templates
singular: template
categories:
- istio-io
- policy-istio-io
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha2
served: true
storage: true
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: handlers.config.istio.io
labels:
app: mixer
package: handler
istio: mixer-handler
chart: istio
heritage: Tiller
release: istio
annotations:
"helm.sh/resource-policy": keep
spec:
group: config.istio.io
names:
kind: handler
plural: handlers
singular: handler
categories:
- istio-io
- policy-istio-io
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha2
served: true
storage: true
---
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"crd-10.yaml":"apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: core\n package: istio.io.mixer\n release: istio\n name: attributemanifests.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - policy-istio-io\n kind: attributemanifest\n plural: attributemanifests\n singular: attributemanifest\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Describes the rules used to configure Mixer''s policy and\n telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'\n properties:\n attributes:\n additionalProperties:\n properties:\n description:\n description: A human-readable description of the attribute's purpose.\n format: string\n type: string\n valueType:\n description: The type of data carried by this attribute.\n enum:\n - VALUE_TYPE_UNSPECIFIED\n - STRING\n - INT64\n - DOUBLE\n - BOOL\n - TIMESTAMP\n - IP_ADDRESS\n - EMAIL_ADDRESS\n - URI\n - DNS_NAME\n - DURATION\n - STRING_MAP\n type: string\n type: object\n description: The set of attributes this Istio component will be responsible\n for producing at runtime.\n type: object\n name:\n description: Name of the component producing these attributes.\n format: string\n type: string\n revision:\n description: The revision of this document.\n format: string\n type: string\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n heritage: Tiller\n istio: rbac\n release: istio\n name: clusterrbacconfigs.rbac.istio.io\nspec:\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: ClusterRbacConfig\n plural: clusterrbacconfigs\n singular: clusterrbacconfig\n scope: Cluster\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n enforcementMode:\n enum:\n - ENFORCED\n - PERMISSIVE\n type: string\n exclusion:\n description: A list of services or namespaces that should not be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n inclusion:\n description: A list of services or namespaces that should be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n mode:\n description: Istio RBAC mode.\n enum:\n - \"OFF\"\n - \"ON\"\n - ON_WITH_INCLUSION\n - ON_WITH_EXCLUSION\n type: string\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: destinationrules.networking.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.host\n description: The name of a service from the service registry\n name: Host\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: DestinationRule\n listKind: DestinationRuleList\n plural: destinationrules\n shortNames:\n - dr\n singular: destinationrule\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting load balancing, outlier detection,\n etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html'\n properties:\n exportTo:\n description: A list of namespaces to which this destination rule is\n exported.\n items:\n format: string\n type: string\n type: array\n host:\n description: The name of a service from the service registry.\n format: string\n type: string\n subsets:\n items:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n name:\n description: Name of the subset.\n format: string\n type: string\n trafficPolicy:\n description: Traffic policies that apply to this subset.\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should\n be upgraded to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP requests\n to a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection\n pool connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per connection\n to a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP upstream\n connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections\n to a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on the socket\n to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive\n probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n portLevelSettings:\n description: Traffic policies specific to individual ports.\n items:\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should\n be upgraded to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP\n requests to a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a\n backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection\n pool connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per\n connection to a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP\n upstream connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections\n to a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on\n the socket to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive\n probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer\n algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep\n analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n port:\n properties:\n number:\n type: integer\n type: object\n tls:\n description: TLS related settings for connections to\n the upstream service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server\n during TLS handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n tls:\n description: TLS related settings for connections to the upstream\n service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server during\n TLS handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: object\n type: array\n trafficPolicy:\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should be upgraded\n to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP requests to\n a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection pool\n connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per connection to\n a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP upstream connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections to\n a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on the socket\n to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n portLevelSettings:\n description: Traffic policies specific to individual ports.\n items:\n properties:\n connectionPool:\n properties:\n http:\n description: HTTP connection pool settings.\n properties:\n h2UpgradePolicy:\n description: Specify if http1.1 connection should\n be upgraded to http2 for the associated destination.\n enum:\n - DEFAULT\n - DO_NOT_UPGRADE\n - UPGRADE\n type: string\n http1MaxPendingRequests:\n description: Maximum number of pending HTTP requests\n to a destination.\n format: int32\n type: integer\n http2MaxRequests:\n description: Maximum number of requests to a backend.\n format: int32\n type: integer\n idleTimeout:\n description: The idle timeout for upstream connection\n pool connections.\n type: string\n maxRequestsPerConnection:\n description: Maximum number of requests per connection\n to a backend.\n format: int32\n type: integer\n maxRetries:\n format: int32\n type: integer\n type: object\n tcp:\n description: Settings common to both HTTP and TCP upstream\n connections.\n properties:\n connectTimeout:\n description: TCP connection timeout.\n type: string\n maxConnections:\n description: Maximum number of HTTP1 /TCP connections\n to a destination host.\n format: int32\n type: integer\n tcpKeepalive:\n description: If set then set SO_KEEPALIVE on the socket\n to enable TCP Keepalives.\n properties:\n interval:\n description: The time duration between keep-alive\n probes.\n type: string\n probes:\n type: integer\n time:\n type: string\n type: object\n type: object\n type: object\n loadBalancer:\n description: Settings controlling the load balancer algorithms.\n oneOf:\n - required:\n - simple\n - properties:\n consistentHash:\n oneOf:\n - required:\n - httpHeaderName\n - required:\n - httpCookie\n - required:\n - useSourceIp\n required:\n - consistentHash\n properties:\n consistentHash:\n properties:\n httpCookie:\n description: Hash based on HTTP cookie.\n properties:\n name:\n description: Name of the cookie.\n format: string\n type: string\n path:\n description: Path to set for the cookie.\n format: string\n type: string\n ttl:\n description: Lifetime of the cookie.\n type: string\n type: object\n httpHeaderName:\n description: Hash based on a specific HTTP header.\n format: string\n type: string\n minimumRingSize:\n type: integer\n useSourceIp:\n description: Hash based on the source IP address.\n type: boolean\n type: object\n simple:\n enum:\n - ROUND_ROBIN\n - LEAST_CONN\n - RANDOM\n - PASSTHROUGH\n type: string\n type: object\n outlierDetection:\n properties:\n baseEjectionTime:\n description: Minimum ejection duration.\n type: string\n consecutiveErrors:\n format: int32\n type: integer\n interval:\n description: Time interval between ejection sweep analysis.\n type: string\n maxEjectionPercent:\n format: int32\n type: integer\n minHealthPercent:\n format: int32\n type: integer\n type: object\n port:\n properties:\n number:\n type: integer\n type: object\n tls:\n description: TLS related settings for connections to the upstream\n service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server during\n TLS handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n tls:\n description: TLS related settings for connections to the upstream\n service.\n properties:\n caCertificates:\n format: string\n type: string\n clientCertificate:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n mode:\n enum:\n - DISABLE\n - SIMPLE\n - MUTUAL\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n sni:\n description: SNI string to present to the server during TLS\n handshake.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: envoyfilters.networking.istio.io\nspec:\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: EnvoyFilter\n plural: envoyfilters\n singular: envoyfilter\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Customizing Envoy configuration generated by Istio. See more\n details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html'\n properties:\n configPatches:\n description: One or more patches with match conditions.\n items:\n properties:\n applyTo:\n enum:\n - INVALID\n - LISTENER\n - FILTER_CHAIN\n - NETWORK_FILTER\n - HTTP_FILTER\n - ROUTE_CONFIGURATION\n - VIRTUAL_HOST\n - HTTP_ROUTE\n - CLUSTER\n type: string\n match:\n description: Match on listener/route configuration/cluster.\n oneOf:\n - required:\n - listener\n - required:\n - routeConfiguration\n - required:\n - cluster\n properties:\n cluster:\n description: Match on envoy cluster attributes.\n properties:\n name:\n description: The exact name of the cluster to match.\n format: string\n type: string\n portNumber:\n description: The service port for which this cluster was\n generated.\n type: integer\n service:\n description: The fully qualified service name for this\n cluster.\n format: string\n type: string\n subset:\n description: The subset associated with the service.\n format: string\n type: string\n type: object\n context:\n description: The specific config generation context to match\n on.\n enum:\n - ANY\n - SIDECAR_INBOUND\n - SIDECAR_OUTBOUND\n - GATEWAY\n type: string\n listener:\n description: Match on envoy listener attributes.\n properties:\n filterChain:\n description: Match a specific filter chain in a listener.\n properties:\n applicationProtocols:\n description: Applies only to sidecars.\n format: string\n type: string\n filter:\n description: The name of a specific filter to apply\n the patch to.\n properties:\n name:\n description: The filter name to match on.\n format: string\n type: string\n subFilter:\n properties:\n name:\n description: The filter name to match on.\n format: string\n type: string\n type: object\n type: object\n name:\n description: The name assigned to the filter chain.\n format: string\n type: string\n sni:\n description: The SNI value used by a filter chain's\n match condition.\n format: string\n type: string\n transportProtocol:\n description: Applies only to SIDECAR_INBOUND context.\n format: string\n type: string\n type: object\n name:\n description: Match a specific listener by its name.\n format: string\n type: string\n portName:\n format: string\n type: string\n portNumber:\n type: integer\n type: object\n proxy:\n description: Match on properties associated with a proxy.\n properties:\n metadata:\n additionalProperties:\n format: string\n type: string\n type: object\n proxyVersion:\n format: string\n type: string\n type: object\n routeConfiguration:\n description: Match on envoy HTTP route configuration attributes.\n properties:\n gateway:\n format: string\n type: string\n name:\n description: Route configuration name to match on.\n format: string\n type: string\n portName:\n description: Applicable only for GATEWAY context.\n format: string\n type: string\n portNumber:\n type: integer\n vhost:\n properties:\n name:\n format: string\n type: string\n route:\n description: Match a specific route within the virtual\n host.\n properties:\n action:\n description: Match a route with specific action\n type.\n enum:\n - ANY\n - ROUTE\n - REDIRECT\n - DIRECT_RESPONSE\n type: string\n name:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n patch:\n description: The patch to apply along with the operation.\n properties:\n operation:\n description: Determines how the patch should be applied.\n enum:\n - INVALID\n - MERGE\n - ADD\n - REMOVE\n - INSERT_BEFORE\n - INSERT_AFTER\n type: string\n value:\n description: The JSON config of the object being patched.\n type: object\n type: object\n type: object\n type: array\n filters:\n items:\n properties:\n filterConfig:\n type: object\n filterName:\n description: The name of the filter to instantiate.\n format: string\n type: string\n filterType:\n description: The type of filter to instantiate.\n enum:\n - INVALID\n - HTTP\n - NETWORK\n type: string\n insertPosition:\n description: Insert position in the filter chain.\n properties:\n index:\n description: Position of this filter in the filter chain.\n enum:\n - FIRST\n - LAST\n - BEFORE\n - AFTER\n type: string\n relativeTo:\n format: string\n type: string\n type: object\n listenerMatch:\n properties:\n address:\n description: One or more IP addresses to which the listener\n is bound.\n items:\n format: string\n type: string\n type: array\n listenerProtocol:\n description: Selects a class of listeners for the same protocol.\n enum:\n - ALL\n - HTTP\n - TCP\n type: string\n listenerType:\n description: Inbound vs outbound sidecar listener or gateway\n listener.\n enum:\n - ANY\n - SIDECAR_INBOUND\n - SIDECAR_OUTBOUND\n - GATEWAY\n type: string\n portNamePrefix:\n format: string\n type: string\n portNumber:\n type: integer\n type: object\n type: object\n type: array\n workloadLabels:\n additionalProperties:\n format: string\n type: string\n description: Deprecated.\n type: object\n workloadSelector:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: gateways.networking.istio.io\nspec:\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: Gateway\n plural: gateways\n shortNames:\n - gw\n singular: gateway\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting edge load balancer. See more details\n at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html'\n properties:\n selector:\n additionalProperties:\n format: string\n type: string\n type: object\n servers:\n description: A list of server specifications.\n items:\n properties:\n bind:\n format: string\n type: string\n defaultEndpoint:\n format: string\n type: string\n hosts:\n description: One or more hosts exposed by this gateway.\n items:\n format: string\n type: string\n type: array\n port:\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n tls:\n description: Set of TLS related options that govern the server's\n behavior.\n properties:\n caCertificates:\n description: REQUIRED if mode is `MUTUAL`.\n format: string\n type: string\n cipherSuites:\n description: 'Optional: If specified, only support the specified\n cipher list.'\n items:\n format: string\n type: string\n type: array\n credentialName:\n format: string\n type: string\n httpsRedirect:\n type: boolean\n maxProtocolVersion:\n description: 'Optional: Maximum TLS protocol version.'\n enum:\n - TLS_AUTO\n - TLSV1_0\n - TLSV1_1\n - TLSV1_2\n - TLSV1_3\n type: string\n minProtocolVersion:\n description: 'Optional: Minimum TLS protocol version.'\n enum:\n - TLS_AUTO\n - TLSV1_0\n - TLSV1_1\n - TLSV1_2\n - TLSV1_3\n type: string\n mode:\n enum:\n - PASSTHROUGH\n - SIMPLE\n - MUTUAL\n - AUTO_PASSTHROUGH\n - ISTIO_MUTUAL\n type: string\n privateKey:\n description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.\n format: string\n type: string\n serverCertificate:\n description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.\n format: string\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n verifyCertificateHash:\n items:\n format: string\n type: string\n type: array\n verifyCertificateSpki:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: httpapispecbindings.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: HTTPAPISpecBinding\n plural: httpapispecbindings\n singular: httpapispecbinding\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n properties:\n api_specs:\n items:\n properties:\n name:\n description: The short name of the HTTPAPISpec.\n format: string\n type: string\n namespace:\n description: Optional namespace of the HTTPAPISpec.\n format: string\n type: string\n type: object\n type: array\n apiSpecs:\n items:\n properties:\n name:\n description: The short name of the HTTPAPISpec.\n format: string\n type: string\n namespace:\n description: Optional namespace of the HTTPAPISpec.\n format: string\n type: string\n type: object\n type: array\n services:\n description: One or more services to map the listed HTTPAPISpec onto.\n items:\n properties:\n domain:\n description: Domain suffix used to construct the service FQDN\n in implementations that support such specification.\n format: string\n type: string\n labels:\n additionalProperties:\n format: string\n type: string\n description: Optional one or more labels that uniquely identify\n the service version.\n type: object\n name:\n description: The short name of the service such as \"foo\".\n format: string\n type: string\n namespace:\n description: Optional namespace of the service.\n format: string\n type: string\n service:\n description: The service FQDN.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: httpapispecs.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: HTTPAPISpec\n plural: httpapispecs\n singular: httpapispec\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n properties:\n api_keys:\n items:\n oneOf:\n - required:\n - query\n - required:\n - header\n - required:\n - cookie\n properties:\n cookie:\n format: string\n type: string\n header:\n description: API key is sent in a request header.\n format: string\n type: string\n query:\n description: API Key is sent as a query parameter.\n format: string\n type: string\n type: object\n type: array\n apiKeys:\n items:\n oneOf:\n - required:\n - query\n - required:\n - header\n - required:\n - cookie\n properties:\n cookie:\n format: string\n type: string\n header:\n description: API key is sent in a request header.\n format: string\n type: string\n query:\n description: API Key is sent as a query parameter.\n format: string\n type: string\n type: object\n type: array\n attributes:\n properties:\n attributes:\n additionalProperties:\n oneOf:\n - required:\n - stringValue\n - required:\n - int64Value\n - required:\n - doubleValue\n - required:\n - boolValue\n - required:\n - bytesValue\n - required:\n - timestampValue\n - required:\n - durationValue\n - required:\n - stringMapValue\n properties:\n boolValue:\n type: boolean\n bytesValue:\n format: binary\n type: string\n doubleValue:\n format: double\n type: number\n durationValue:\n type: string\n int64Value:\n format: int64\n type: integer\n stringMapValue:\n properties:\n entries:\n additionalProperties:\n format: string\n type: string\n description: Holds a set of name/value pairs.\n type: object\n type: object\n stringValue:\n format: string\n type: string\n timestampValue:\n format: dateTime\n type: string\n type: object\n description: A map of attribute name to its value.\n type: object\n type: object\n patterns:\n description: List of HTTP patterns to match.\n items:\n oneOf:\n - required:\n - uriTemplate\n - required:\n - regex\n properties:\n attributes:\n properties:\n attributes:\n additionalProperties:\n oneOf:\n - required:\n - stringValue\n - required:\n - int64Value\n - required:\n - doubleValue\n - required:\n - boolValue\n - required:\n - bytesValue\n - required:\n - timestampValue\n - required:\n - durationValue\n - required:\n - stringMapValue\n properties:\n boolValue:\n type: boolean\n bytesValue:\n format: binary\n type: string\n doubleValue:\n format: double\n type: number\n durationValue:\n type: string\n int64Value:\n format: int64\n type: integer\n stringMapValue:\n properties:\n entries:\n additionalProperties:\n format: string\n type: string\n description: Holds a set of name/value pairs.\n type: object\n type: object\n stringValue:\n format: string\n type: string\n timestampValue:\n format: dateTime\n type: string\n type: object\n description: A map of attribute name to its value.\n type: object\n type: object\n httpMethod:\n format: string\n type: string\n regex:\n format: string\n type: string\n uriTemplate:\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-citadel\n chart: istio\n heritage: Tiller\n release: istio\n name: meshpolicies.authentication.istio.io\nspec:\n group: authentication.istio.io\n names:\n categories:\n - istio-io\n - authentication-istio-io\n kind: MeshPolicy\n listKind: MeshPolicyList\n plural: meshpolicies\n singular: meshpolicy\n scope: Cluster\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Authentication policy for Istio services. See more details\n at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html'\n properties:\n originIsOptional:\n type: boolean\n origins:\n description: List of authentication methods that can be used for origin\n authentication.\n items:\n properties:\n jwt:\n description: Jwt params for the method.\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n type: array\n peerIsOptional:\n type: boolean\n peers:\n description: List of authentication methods that can be used for peer\n authentication.\n items:\n oneOf:\n - required:\n - mtls\n - required:\n - jwt\n properties:\n jwt:\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n mtls:\n description: Set if mTLS is used.\n properties:\n allowTls:\n description: WILL BE DEPRECATED, if set, will translates to\n `TLS_PERMISSIVE` mode.\n type: boolean\n mode:\n description: Defines the mode of mTLS authentication.\n enum:\n - STRICT\n - PERMISSIVE\n type: string\n type: object\n type: object\n type: array\n principalBinding:\n description: Define whether peer or origin identity should be use for\n principal.\n enum:\n - USE_PEER\n - USE_ORIGIN\n type: string\n targets:\n description: List rules to select workloads that the policy should be\n applied on.\n items:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n name:\n description: The name must be a short name from the service registry.\n format: string\n type: string\n ports:\n description: Specifies the ports.\n items:\n oneOf:\n - required:\n - number\n - required:\n - name\n properties:\n name:\n format: string\n type: string\n number:\n type: integer\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-citadel\n chart: istio\n heritage: Tiller\n release: istio\n name: policies.authentication.istio.io\nspec:\n group: authentication.istio.io\n names:\n categories:\n - istio-io\n - authentication-istio-io\n kind: Policy\n plural: policies\n singular: policy\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Authentication policy for Istio services. See more details\n at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html'\n properties:\n originIsOptional:\n type: boolean\n origins:\n description: List of authentication methods that can be used for origin\n authentication.\n items:\n properties:\n jwt:\n description: Jwt params for the method.\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n type: array\n peerIsOptional:\n type: boolean\n peers:\n description: List of authentication methods that can be used for peer\n authentication.\n items:\n oneOf:\n - required:\n - mtls\n - required:\n - jwt\n properties:\n jwt:\n properties:\n audiences:\n items:\n format: string\n type: string\n type: array\n issuer:\n description: Identifies the issuer that issued the JWT.\n format: string\n type: string\n jwks:\n description: JSON Web Key Set of public keys to validate signature\n of the JWT.\n format: string\n type: string\n jwks_uri:\n format: string\n type: string\n jwksUri:\n format: string\n type: string\n jwt_headers:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtHeaders:\n description: JWT is sent in a request header.\n items:\n format: string\n type: string\n type: array\n jwtParams:\n description: JWT is sent in a query parameter.\n items:\n format: string\n type: string\n type: array\n trigger_rules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n triggerRules:\n items:\n properties:\n excluded_paths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n excludedPaths:\n description: List of paths to be excluded from the request.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n included_paths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n includedPaths:\n description: List of paths that the request must include.\n items:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - suffix\n - required:\n - regex\n properties:\n exact:\n description: exact string match.\n format: string\n type: string\n prefix:\n description: prefix-based match.\n format: string\n type: string\n regex:\n description: ECMAscript style regex-based match\n as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript).\n format: string\n type: string\n suffix:\n description: suffix-based match.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n mtls:\n description: Set if mTLS is used.\n properties:\n allowTls:\n description: WILL BE DEPRECATED, if set, will translates to\n `TLS_PERMISSIVE` mode.\n type: boolean\n mode:\n description: Defines the mode of mTLS authentication.\n enum:\n - STRICT\n - PERMISSIVE\n type: string\n type: object\n type: object\n type: array\n principalBinding:\n description: Define whether peer or origin identity should be use for\n principal.\n enum:\n - USE_PEER\n - USE_ORIGIN\n type: string\n targets:\n description: List rules to select workloads that the policy should be\n applied on.\n items:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n name:\n description: The name must be a short name from the service registry.\n format: string\n type: string\n ports:\n description: Specifies the ports.\n items:\n oneOf:\n - required:\n - number\n - required:\n - name\n properties:\n name:\n format: string\n type: string\n number:\n type: integer\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: quotaspecbindings.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: QuotaSpecBinding\n plural: quotaspecbindings\n singular: quotaspecbinding\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n properties:\n quotaSpecs:\n items:\n properties:\n name:\n description: The short name of the QuotaSpec.\n format: string\n type: string\n namespace:\n description: Optional namespace of the QuotaSpec.\n format: string\n type: string\n type: object\n type: array\n services:\n description: One or more services to map the listed QuotaSpec onto.\n items:\n properties:\n domain:\n description: Domain suffix used to construct the service FQDN\n in implementations that support such specification.\n format: string\n type: string\n labels:\n additionalProperties:\n format: string\n type: string\n description: Optional one or more labels that uniquely identify\n the service version.\n type: object\n name:\n description: The short name of the service such as \"foo\".\n format: string\n type: string\n namespace:\n description: Optional namespace of the service.\n format: string\n type: string\n service:\n description: The service FQDN.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-mixer\n chart: istio\n heritage: Tiller\n release: istio\n name: quotaspecs.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - apim-istio-io\n kind: QuotaSpec\n plural: quotaspecs\n singular: quotaspec\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: Determines the quotas used for individual requests.\n properties:\n rules:\n description: A list of Quota rules.\n items:\n properties:\n match:\n description: If empty, match all request.\n items:\n properties:\n clause:\n additionalProperties:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n description: Map of attribute names to StringMatch type.\n type: object\n type: object\n type: array\n quotas:\n description: The list of quotas to charge.\n items:\n properties:\n charge:\n format: int32\n type: integer\n quota:\n format: string\n type: string\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: rbac\n package: istio.io.mixer\n release: istio\n name: rbacconfigs.rbac.istio.io\nspec:\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: RbacConfig\n plural: rbacconfigs\n singular: rbacconfig\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n enforcementMode:\n enum:\n - ENFORCED\n - PERMISSIVE\n type: string\n exclusion:\n description: A list of services or namespaces that should not be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n inclusion:\n description: A list of services or namespaces that should be enforced\n by Istio RBAC policies.\n properties:\n namespaces:\n description: A list of namespaces.\n items:\n format: string\n type: string\n type: array\n services:\n description: A list of services.\n items:\n format: string\n type: string\n type: array\n type: object\n mode:\n description: Istio RBAC mode.\n enum:\n - \"OFF\"\n - \"ON\"\n - ON_WITH_INCLUSION\n - ON_WITH_EXCLUSION\n type: string\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: core\n package: istio.io.mixer\n release: istio\n name: rules.config.istio.io\nspec:\n group: config.istio.io\n names:\n categories:\n - istio-io\n - policy-istio-io\n kind: rule\n plural: rules\n singular: rule\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Describes the rules used to configure Mixer''s policy and\n telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'\n properties:\n actions:\n description: The actions that will be executed when match evaluates\n to `true`.\n items:\n properties:\n handler:\n description: Fully qualified name of the handler to invoke.\n format: string\n type: string\n instances:\n items:\n format: string\n type: string\n type: array\n name:\n description: A handle to refer to the results of the action.\n format: string\n type: string\n type: object\n type: array\n match:\n description: Match is an attribute based predicate.\n format: string\n type: string\n requestHeaderOperations:\n items:\n properties:\n name:\n description: Header name literal value.\n format: string\n type: string\n operation:\n description: Header operation type.\n enum:\n - REPLACE\n - REMOVE\n - APPEND\n type: string\n values:\n description: Header value expressions.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n responseHeaderOperations:\n items:\n properties:\n name:\n description: Header name literal value.\n format: string\n type: string\n operation:\n description: Header operation type.\n enum:\n - REPLACE\n - REMOVE\n - APPEND\n type: string\n values:\n description: Header value expressions.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n sampling:\n properties:\n random:\n description: Provides filtering of actions based on random selection\n per request.\n properties:\n attributeExpression:\n description: Specifies an attribute expression to use to override\n the numerator in the `percent_sampled` field.\n format: string\n type: string\n percentSampled:\n description: The default sampling rate, expressed as a percentage.\n properties:\n denominator:\n description: Specifies the denominator.\n enum:\n - HUNDRED\n - TEN_THOUSAND\n type: string\n numerator:\n description: Specifies the numerator.\n type: integer\n type: object\n useIndependentRandomness:\n description: By default sampling will be based on the value\n of the request header `x-request-id`.\n type: boolean\n type: object\n rateLimit:\n properties:\n maxUnsampledEntries:\n description: Number of entries to allow during the `sampling_duration`\n before sampling is enforced.\n format: int64\n type: integer\n samplingDuration:\n description: Window in which to enforce the sampling rate.\n type: string\n samplingRate:\n description: The rate at which to sample entries once the unsampled\n limit has been reached.\n format: int64\n type: integer\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha2\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: serviceentries.networking.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.hosts\n description: The hosts associated with the ServiceEntry\n name: Hosts\n type: string\n - JSONPath: .spec.location\n description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL\n or MESH_INTERNAL)\n name: Location\n type: string\n - JSONPath: .spec.resolution\n description: Service discovery mode for the hosts (NONE, STATIC, or DNS)\n name: Resolution\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: ServiceEntry\n listKind: ServiceEntryList\n plural: serviceentries\n shortNames:\n - se\n singular: serviceentry\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting service registry. See more details\n at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html'\n properties:\n addresses:\n description: The virtual IP addresses associated with the service.\n items:\n format: string\n type: string\n type: array\n endpoints:\n description: One or more endpoints associated with the service.\n items:\n properties:\n address:\n format: string\n type: string\n labels:\n additionalProperties:\n format: string\n type: string\n description: One or more labels associated with the endpoint.\n type: object\n locality:\n description: The locality associated with the endpoint.\n format: string\n type: string\n network:\n format: string\n type: string\n ports:\n additionalProperties:\n type: integer\n description: Set of ports associated with the endpoint.\n type: object\n weight:\n description: The load balancing weight associated with the endpoint.\n type: integer\n type: object\n type: array\n exportTo:\n description: A list of namespaces to which this service is exported.\n items:\n format: string\n type: string\n type: array\n hosts:\n description: The hosts associated with the ServiceEntry.\n items:\n format: string\n type: string\n type: array\n location:\n enum:\n - MESH_EXTERNAL\n - MESH_INTERNAL\n type: string\n ports:\n description: The ports associated with the external service.\n items:\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n type: array\n resolution:\n description: Service discovery mode for the hosts.\n enum:\n - NONE\n - STATIC\n - DNS\n type: string\n subjectAltNames:\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: rbac\n package: istio.io.mixer\n release: istio\n name: servicerolebindings.rbac.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.roleRef.name\n description: The name of the ServiceRole object being referenced\n name: Reference\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: ServiceRoleBinding\n plural: servicerolebindings\n singular: servicerolebinding\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n actions:\n items:\n properties:\n constraints:\n description: Optional.\n items:\n properties:\n key:\n description: Key of the constraint.\n format: string\n type: string\n values:\n description: List of valid values for the constraint.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n hosts:\n items:\n format: string\n type: string\n type: array\n methods:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n notHosts:\n items:\n format: string\n type: string\n type: array\n notMethods:\n items:\n format: string\n type: string\n type: array\n notPaths:\n items:\n format: string\n type: string\n type: array\n notPorts:\n items:\n format: int32\n type: integer\n type: array\n paths:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n ports:\n items:\n format: int32\n type: integer\n type: array\n services:\n description: A list of service names.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n mode:\n enum:\n - ENFORCED\n - PERMISSIVE\n type: string\n role:\n format: string\n type: string\n roleRef:\n description: Reference to the ServiceRole object.\n properties:\n kind:\n description: The type of the role being referenced.\n format: string\n type: string\n name:\n description: The name of the ServiceRole object being referenced.\n format: string\n type: string\n type: object\n subjects:\n description: List of subjects that are assigned the ServiceRole object.\n items:\n properties:\n group:\n format: string\n type: string\n groups:\n items:\n format: string\n type: string\n type: array\n ips:\n items:\n format: string\n type: string\n type: array\n names:\n items:\n format: string\n type: string\n type: array\n namespaces:\n items:\n format: string\n type: string\n type: array\n notGroups:\n items:\n format: string\n type: string\n type: array\n notIps:\n items:\n format: string\n type: string\n type: array\n notNames:\n items:\n format: string\n type: string\n type: array\n notNamespaces:\n items:\n format: string\n type: string\n type: array\n properties:\n additionalProperties:\n format: string\n type: string\n description: Optional.\n type: object\n user:\n description: Optional.\n format: string\n type: string\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: mixer\n chart: istio\n heritage: Tiller\n istio: rbac\n package: istio.io.mixer\n release: istio\n name: serviceroles.rbac.istio.io\nspec:\n group: rbac.istio.io\n names:\n categories:\n - istio-io\n - rbac-istio-io\n kind: ServiceRole\n plural: serviceroles\n singular: servicerole\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for Role Based Access Control. See more details\n at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html'\n properties:\n rules:\n description: The set of access rules (permissions) that the role has.\n items:\n properties:\n constraints:\n description: Optional.\n items:\n properties:\n key:\n description: Key of the constraint.\n format: string\n type: string\n values:\n description: List of valid values for the constraint.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n hosts:\n items:\n format: string\n type: string\n type: array\n methods:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n notHosts:\n items:\n format: string\n type: string\n type: array\n notMethods:\n items:\n format: string\n type: string\n type: array\n notPaths:\n items:\n format: string\n type: string\n type: array\n notPorts:\n items:\n format: int32\n type: integer\n type: array\n paths:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n ports:\n items:\n format: int32\n type: integer\n type: array\n services:\n description: A list of service names.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: virtualservices.networking.istio.io\nspec:\n additionalPrinterColumns:\n - JSONPath: .spec.gateways\n description: The names of gateways and sidecars that should apply these routes\n name: Gateways\n type: string\n - JSONPath: .spec.hosts\n description: The destination hosts to which traffic is being sent\n name: Hosts\n type: string\n - JSONPath: .metadata.creationTimestamp\n description: |-\n CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata\n name: Age\n type: date\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: VirtualService\n listKind: VirtualServiceList\n plural: virtualservices\n shortNames:\n - vs\n singular: virtualservice\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting label/content routing, sni routing,\n etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html'\n properties:\n exportTo:\n description: A list of namespaces to which this virtual service is exported.\n items:\n format: string\n type: string\n type: array\n gateways:\n description: The names of gateways and sidecars that should apply these\n routes.\n items:\n format: string\n type: string\n type: array\n hosts:\n description: The destination hosts to which traffic is being sent.\n items:\n format: string\n type: string\n type: array\n http:\n description: An ordered list of route rules for HTTP traffic.\n items:\n properties:\n appendHeaders:\n additionalProperties:\n format: string\n type: string\n type: object\n appendRequestHeaders:\n additionalProperties:\n format: string\n type: string\n type: object\n appendResponseHeaders:\n additionalProperties:\n format: string\n type: string\n type: object\n corsPolicy:\n description: Cross-Origin Resource Sharing policy (CORS).\n properties:\n allowCredentials:\n nullable: true\n type: boolean\n allowHeaders:\n items:\n format: string\n type: string\n type: array\n allowMethods:\n description: List of HTTP methods allowed to access the resource.\n items:\n format: string\n type: string\n type: array\n allowOrigin:\n description: The list of origins that are allowed to perform\n CORS requests.\n items:\n format: string\n type: string\n type: array\n exposeHeaders:\n items:\n format: string\n type: string\n type: array\n maxAge:\n type: string\n type: object\n fault:\n description: Fault injection policy to apply on HTTP traffic at\n the client side.\n properties:\n abort:\n oneOf:\n - properties:\n percent: {}\n required:\n - httpStatus\n - properties:\n percent: {}\n required:\n - grpcStatus\n - properties:\n percent: {}\n required:\n - http2Error\n properties:\n grpcStatus:\n format: string\n type: string\n http2Error:\n format: string\n type: string\n httpStatus:\n description: HTTP status code to use to abort the Http\n request.\n format: int32\n type: integer\n percent:\n description: Percentage of requests to be aborted with\n the error code provided (0-100).\n format: int32\n type: integer\n percentage:\n description: Percentage of requests to be aborted with\n the error code provided.\n properties:\n value:\n format: double\n type: number\n type: object\n type: object\n delay:\n oneOf:\n - properties:\n percent: {}\n required:\n - fixedDelay\n - properties:\n percent: {}\n required:\n - exponentialDelay\n properties:\n exponentialDelay:\n type: string\n fixedDelay:\n description: Add a fixed delay before forwarding the request.\n type: string\n percent:\n description: Percentage of requests on which the delay\n will be injected (0-100).\n format: int32\n type: integer\n percentage:\n description: Percentage of requests on which the delay\n will be injected.\n properties:\n value:\n format: double\n type: number\n type: object\n type: object\n type: object\n headers:\n properties:\n request:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n response:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n match:\n items:\n properties:\n authority:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n gateways:\n items:\n format: string\n type: string\n type: array\n headers:\n additionalProperties:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n type: object\n ignoreUriCase:\n description: Flag to specify whether the URI matching should\n be case-insensitive.\n type: boolean\n method:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n name:\n description: The name assigned to a match.\n format: string\n type: string\n port:\n description: Specifies the ports on the host that is being\n addressed.\n type: integer\n queryParams:\n additionalProperties:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n description: Query parameters for matching.\n type: object\n scheme:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n sourceLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n uri:\n oneOf:\n - required:\n - exact\n - required:\n - prefix\n - required:\n - regex\n properties:\n exact:\n format: string\n type: string\n prefix:\n format: string\n type: string\n regex:\n format: string\n type: string\n type: object\n type: object\n type: array\n mirror:\n properties:\n host:\n description: The name of a service from the service registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is being\n addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n mirror_percent:\n description: Percentage of the traffic to be mirrored by the `mirror`\n field.\n nullable: true\n type: integer\n mirrorPercent:\n description: Percentage of the traffic to be mirrored by the `mirror`\n field.\n nullable: true\n type: integer\n name:\n description: The name assigned to the route for debugging purposes.\n format: string\n type: string\n redirect:\n description: A http rule can either redirect or forward (default)\n traffic.\n properties:\n authority:\n format: string\n type: string\n redirectCode:\n type: integer\n uri:\n format: string\n type: string\n type: object\n removeRequestHeaders:\n items:\n format: string\n type: string\n type: array\n removeResponseHeaders:\n items:\n format: string\n type: string\n type: array\n retries:\n description: Retry policy for HTTP requests.\n properties:\n attempts:\n description: Number of retries for a given request.\n format: int32\n type: integer\n perTryTimeout:\n description: Timeout per retry attempt for a given request.\n type: string\n retryOn:\n description: Specifies the conditions under which retry takes\n place.\n format: string\n type: string\n type: object\n rewrite:\n description: Rewrite HTTP URIs and Authority headers.\n properties:\n authority:\n description: rewrite the Authority/Host header with this value.\n format: string\n type: string\n uri:\n format: string\n type: string\n type: object\n route:\n description: A http rule can either redirect or forward (default)\n traffic.\n items:\n properties:\n appendRequestHeaders:\n additionalProperties:\n format: string\n type: string\n description: Use of `append_request_headers` is deprecated.\n type: object\n appendResponseHeaders:\n additionalProperties:\n format: string\n type: string\n description: Use of `append_response_headers` is deprecated.\n type: object\n destination:\n properties:\n host:\n description: The name of a service from the service\n registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is\n being addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n headers:\n properties:\n request:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n response:\n properties:\n add:\n additionalProperties:\n format: string\n type: string\n type: object\n remove:\n items:\n format: string\n type: string\n type: array\n set:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n removeRequestHeaders:\n description: Use of `remove_request_headers` is deprecated.\n items:\n format: string\n type: string\n type: array\n removeResponseHeaders:\n description: Use of `remove_response_header` is deprecated.\n items:\n format: string\n type: string\n type: array\n weight:\n format: int32\n type: integer\n type: object\n type: array\n timeout:\n description: Timeout for HTTP requests.\n type: string\n websocketUpgrade:\n description: Deprecated.\n type: boolean\n type: object\n type: array\n tcp:\n description: An ordered list of route rules for opaque TCP traffic.\n items:\n properties:\n match:\n items:\n properties:\n destinationSubnets:\n description: IPv4 or IPv6 ip addresses of destination with\n optional subnet.\n items:\n format: string\n type: string\n type: array\n gateways:\n description: Names of gateways where the rule should be\n applied to.\n items:\n format: string\n type: string\n type: array\n port:\n description: Specifies the port on the host that is being\n addressed.\n type: integer\n sourceLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n sourceSubnet:\n description: IPv4 or IPv6 ip address of source with optional\n subnet.\n format: string\n type: string\n type: object\n type: array\n route:\n description: The destination to which the connection should be\n forwarded to.\n items:\n properties:\n destination:\n properties:\n host:\n description: The name of a service from the service\n registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is\n being addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n weight:\n format: int32\n type: integer\n type: object\n type: array\n type: object\n type: array\n tls:\n items:\n properties:\n match:\n items:\n properties:\n destinationSubnets:\n description: IPv4 or IPv6 ip addresses of destination with\n optional subnet.\n items:\n format: string\n type: string\n type: array\n gateways:\n description: Names of gateways where the rule should be\n applied to.\n items:\n format: string\n type: string\n type: array\n port:\n description: Specifies the port on the host that is being\n addressed.\n type: integer\n sniHosts:\n description: SNI (server name indicator) to match on.\n items:\n format: string\n type: string\n type: array\n sourceLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n sourceSubnet:\n description: IPv4 or IPv6 ip address of source with optional\n subnet.\n format: string\n type: string\n type: object\n type: array\n route:\n description: The destination to which the connection should be\n forwarded to.\n items:\n properties:\n destination:\n properties:\n host:\n description: The name of a service from the service\n registry.\n format: string\n type: string\n port:\n description: Specifies the port on the host that is\n being addressed.\n properties:\n number:\n type: integer\n type: object\n subset:\n description: The name of a subset within the service.\n format: string\n type: string\n type: object\n weight:\n format: int32\n type: integer\n type: object\n type: array\n type: object\n type: array\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: adapters.config.istio.io\n labels:\n app: mixer\n package: adapter\n istio: mixer-adapter\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: adapter\n plural: adapters\n singular: adapter\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: instances.config.istio.io\n labels:\n app: mixer\n package: instance\n istio: mixer-instance\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: instance\n plural: instances\n singular: instance\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: templates.config.istio.io\n labels:\n app: mixer\n package: template\n istio: mixer-template\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: template\n plural: templates\n singular: template\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---\nkind: CustomResourceDefinition\napiVersion: apiextensions.k8s.io/v1beta1\nmetadata:\n name: handlers.config.istio.io\n labels:\n app: mixer\n package: handler\n istio: mixer-handler\n chart: istio\n heritage: Tiller\n release: istio\n annotations:\n \"helm.sh/resource-policy\": keep\nspec:\n group: config.istio.io\n names:\n kind: handler\n plural: handlers\n singular: handler\n categories:\n - istio-io\n - policy-istio-io\n scope: Namespaced\n subresources:\n status: {}\n versions:\n - name: v1alpha2\n served: true\n storage: true\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-crd-10","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:52:29Z"
name: istio-crd-10
namespace: istio-system
resourceVersion: "43260"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-crd-10
uid: 003aec4d-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
crd-11.yaml: |-
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
creationTimestamp: null
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: sidecars.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: Sidecar
plural: sidecars
singular: sidecar
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting network reachability of a sidecar.
See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html'
properties:
egress:
items:
properties:
bind:
format: string
type: string
captureMode:
enum:
- DEFAULT
- IPTABLES
- NONE
type: string
hosts:
items:
format: string
type: string
type: array
port:
description: The port associated with the listener.
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
type: object
type: array
ingress:
items:
properties:
bind:
description: The ip to which the listener should be bound.
format: string
type: string
captureMode:
enum:
- DEFAULT
- IPTABLES
- NONE
type: string
defaultEndpoint:
format: string
type: string
port:
description: The port associated with the listener.
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
type: object
type: array
outboundTrafficPolicy:
description: This allows to configure the outbound traffic policy.
properties:
mode:
enum:
- REGISTRY_ONLY
- ALLOW_ANY
type: string
type: object
workloadSelector:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
type: object
versions:
- name: v1alpha3
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"crd-11.yaml":"apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n \"helm.sh/resource-policy\": keep\n creationTimestamp: null\n labels:\n app: istio-pilot\n chart: istio\n heritage: Tiller\n release: istio\n name: sidecars.networking.istio.io\nspec:\n group: networking.istio.io\n names:\n categories:\n - istio-io\n - networking-istio-io\n kind: Sidecar\n plural: sidecars\n singular: sidecar\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration affecting network reachability of a sidecar.\n See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html'\n properties:\n egress:\n items:\n properties:\n bind:\n format: string\n type: string\n captureMode:\n enum:\n - DEFAULT\n - IPTABLES\n - NONE\n type: string\n hosts:\n items:\n format: string\n type: string\n type: array\n port:\n description: The port associated with the listener.\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n type: object\n type: array\n ingress:\n items:\n properties:\n bind:\n description: The ip to which the listener should be bound.\n format: string\n type: string\n captureMode:\n enum:\n - DEFAULT\n - IPTABLES\n - NONE\n type: string\n defaultEndpoint:\n format: string\n type: string\n port:\n description: The port associated with the listener.\n properties:\n name:\n description: Label assigned to the port.\n format: string\n type: string\n number:\n description: A valid non-negative integer port number.\n type: integer\n protocol:\n description: The protocol exposed on the port.\n format: string\n type: string\n type: object\n type: object\n type: array\n outboundTrafficPolicy:\n description: This allows to configure the outbound traffic policy.\n properties:\n mode:\n enum:\n - REGISTRY_ONLY\n - ALLOW_ANY\n type: string\n type: object\n workloadSelector:\n properties:\n labels:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1alpha3\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-crd-11","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:52:31Z"
name: istio-crd-11
namespace: istio-system
resourceVersion: "43263"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-crd-11
uid: 014493e8-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
crd-14.yaml: |-
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
app: istio-pilot
heritage: Tiller
istio: security
release: istio
name: authorizationpolicies.security.istio.io
spec:
group: security.istio.io
names:
categories:
- istio-io
- security-istio-io
kind: AuthorizationPolicy
plural: authorizationpolicies
singular: authorizationpolicy
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration for access control on workloads. See more details
at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html'
properties:
rules:
description: Optional.
items:
properties:
from:
description: Optional.
items:
properties:
source:
description: Source specifies the source of a request.
properties:
ipBlocks:
description: Optional.
items:
format: string
type: string
type: array
namespaces:
description: Optional.
items:
format: string
type: string
type: array
principals:
description: Optional.
items:
format: string
type: string
type: array
requestPrincipals:
description: Optional.
items:
format: string
type: string
type: array
type: object
type: object
type: array
to:
description: Optional.
items:
properties:
operation:
description: Operation specifies the operation of a request.
properties:
hosts:
description: Optional.
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
description: Optional.
items:
format: string
type: string
type: array
type: object
type: object
type: array
when:
description: Optional.
items:
properties:
key:
description: The name of an Istio attribute.
format: string
type: string
values:
description: The allowed values for the attribute.
items:
format: string
type: string
type: array
type: object
type: array
type: object
type: array
selector:
description: Optional.
properties:
matchLabels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
type: object
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"crd-14.yaml":"apiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n creationTimestamp: null\n labels:\n app: istio-pilot\n heritage: Tiller\n istio: security\n release: istio\n name: authorizationpolicies.security.istio.io\nspec:\n group: security.istio.io\n names:\n categories:\n - istio-io\n - security-istio-io\n kind: AuthorizationPolicy\n plural: authorizationpolicies\n singular: authorizationpolicy\n scope: Namespaced\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n spec:\n description: 'Configuration for access control on workloads. See more details\n at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html'\n properties:\n rules:\n description: Optional.\n items:\n properties:\n from:\n description: Optional.\n items:\n properties:\n source:\n description: Source specifies the source of a request.\n properties:\n ipBlocks:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n namespaces:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n principals:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n requestPrincipals:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n to:\n description: Optional.\n items:\n properties:\n operation:\n description: Operation specifies the operation of a request.\n properties:\n hosts:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n methods:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n paths:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n ports:\n description: Optional.\n items:\n format: string\n type: string\n type: array\n type: object\n type: object\n type: array\n when:\n description: Optional.\n items:\n properties:\n key:\n description: The name of an Istio attribute.\n format: string\n type: string\n values:\n description: The allowed values for the attribute.\n items:\n format: string\n type: string\n type: array\n type: object\n type: array\n type: object\n type: array\n selector:\n description: Optional.\n properties:\n matchLabels:\n additionalProperties:\n format: string\n type: string\n type: object\n type: object\n type: object\n type: object\n versions:\n - name: v1beta1\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-crd-14","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:52:31Z"
name: istio-crd-14
namespace: istio-system
resourceVersion: "43265"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-crd-14
uid: 0169c45b-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
validatingwebhookconfiguration.yaml: |-
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: istio-galley
labels:
app: galley
chart: galley
heritage: Tiller
release: RELEASE-NAME
istio: galley
webhooks:
- name: pilot.validation.istio.io
clientConfig:
service:
name: istio-galley
namespace: istio-system
path: "/admitpilot"
caBundle: ""
rules:
- operations:
- CREATE
- UPDATE
apiGroups:
- config.istio.io
apiVersions:
- v1alpha2
resources:
- httpapispecs
- httpapispecbindings
- quotaspecs
- quotaspecbindings
- operations:
- CREATE
- UPDATE
apiGroups:
- rbac.istio.io
apiVersions:
- "*"
resources:
- "*"
- operations:
- CREATE
- UPDATE
apiGroups:
- security.istio.io
apiVersions:
- "*"
resources:
- "*"
- operations:
- CREATE
- UPDATE
apiGroups:
- authentication.istio.io
apiVersions:
- "*"
resources:
- "*"
- operations:
- CREATE
- UPDATE
apiGroups:
- networking.istio.io
apiVersions:
- "*"
resources:
- destinationrules
- envoyfilters
- gateways
- serviceentries
- sidecars
- virtualservices
failurePolicy: Fail
sideEffects: None
- name: mixer.validation.istio.io
clientConfig:
service:
name: istio-galley
namespace: istio-system
path: "/admitmixer"
caBundle: ""
rules:
- operations:
- CREATE
- UPDATE
apiGroups:
- config.istio.io
apiVersions:
- v1alpha2
resources:
- rules
- attributemanifests
- circonuses
- deniers
- fluentds
- kubernetesenvs
- listcheckers
- memquotas
- noops
- opas
- prometheuses
- rbacs
- solarwindses
- stackdrivers
- cloudwatches
- dogstatsds
- statsds
- stdios
- apikeys
- authorizations
- checknothings
# - kuberneteses
- listentries
- logentries
- metrics
- quotas
- reportnothings
- tracespans
- adapters
- handlers
- instances
- templates
- zipkins
failurePolicy: Fail
sideEffects: None
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"validatingwebhookconfiguration.yaml":"apiVersion: admissionregistration.k8s.io/v1beta1\nkind: ValidatingWebhookConfiguration\nmetadata:\n name: istio-galley\n labels:\n app: galley\n chart: galley\n heritage: Tiller\n release: RELEASE-NAME\n istio: galley\nwebhooks:\n - name: pilot.validation.istio.io\n clientConfig:\n service:\n name: istio-galley\n namespace: istio-system\n path: \"/admitpilot\"\n caBundle: \"\"\n rules:\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - config.istio.io\n apiVersions:\n - v1alpha2\n resources:\n - httpapispecs\n - httpapispecbindings\n - quotaspecs\n - quotaspecbindings\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - rbac.istio.io\n apiVersions:\n - \"*\"\n resources:\n - \"*\"\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - security.istio.io\n apiVersions:\n - \"*\"\n resources:\n - \"*\"\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - authentication.istio.io\n apiVersions:\n - \"*\"\n resources:\n - \"*\"\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - networking.istio.io\n apiVersions:\n - \"*\"\n resources:\n - destinationrules\n - envoyfilters\n - gateways\n - serviceentries\n - sidecars\n - virtualservices\n failurePolicy: Fail\n sideEffects: None\n - name: mixer.validation.istio.io\n clientConfig:\n service:\n name: istio-galley\n namespace: istio-system\n path: \"/admitmixer\"\n caBundle: \"\"\n rules:\n - operations:\n - CREATE\n - UPDATE\n apiGroups:\n - config.istio.io\n apiVersions:\n - v1alpha2\n resources:\n - rules\n - attributemanifests\n - circonuses\n - deniers\n - fluentds\n - kubernetesenvs\n - listcheckers\n - memquotas\n - noops\n - opas\n - prometheuses\n - rbacs\n - solarwindses\n - stackdrivers\n - cloudwatches\n - dogstatsds\n - statsds\n - stdios\n - apikeys\n - authorizations\n - checknothings\n # - kuberneteses\n - listentries\n - logentries\n - metrics\n - quotas\n - reportnothings\n - tracespans\n - adapters\n - handlers\n - instances\n - templates\n - zipkins\n failurePolicy: Fail\n sideEffects: None"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"galley","chart":"galley","heritage":"Tiller","istio":"galley","release":"RELEASE-NAME"},"name":"istio-galley-configuration","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:20Z"
labels:
app: galley
chart: galley
heritage: Tiller
istio: galley
release: RELEASE-NAME
name: istio-galley-configuration
namespace: istio-system
resourceVersion: "43408"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-galley-configuration
uid: 1e88c0f8-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
caTLSRootCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: ConfigMap
metadata:
creationTimestamp: "2019-12-03T10:53:37Z"
name: istio-security
namespace: istio-system
resourceVersion: "43635"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-security
uid: 28bd6a39-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
custom-resources.yaml: |-
# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh.
apiVersion: "authentication.istio.io/v1alpha1"
kind: "MeshPolicy"
metadata:
name: "default"
labels:
app: security
chart: security
heritage: Tiller
release: RELEASE-NAME
spec:
peers:
- mtls:
mode: PERMISSIVE
run.sh: |-
#!/bin/sh
set -x
if [ "$#" -ne "1" ]; then
echo "first argument should be path to custom resource yaml"
exit 1
fi
pathToResourceYAML=${1}
kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null
if [ "$?" -eq 0 ]; then
echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready"
while true; do
kubectl -n istio-system get deployment istio-galley 2>/dev/null
if [ "$?" -eq 0 ]; then
break
fi
sleep 1
done
kubectl -n istio-system rollout status deployment istio-galley
if [ "$?" -ne 0 ]; then
echo "istio-galley deployment rollout status check failed"
exit 1
fi
echo "istio-galley deployment ready for configuration validation"
fi
sleep 5
kubectl apply -f ${pathToResourceYAML}
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"custom-resources.yaml":"# Authentication policy to enable permissive mode for all services (that have sidecar) in the mesh.\napiVersion: \"authentication.istio.io/v1alpha1\"\nkind: \"MeshPolicy\"\nmetadata:\n name: \"default\"\n labels:\n app: security\n chart: security\n heritage: Tiller\n release: RELEASE-NAME\nspec:\n peers:\n - mtls:\n mode: PERMISSIVE","run.sh":"#!/bin/sh\n\nset -x\n\nif [ \"$#\" -ne \"1\" ]; then\n echo \"first argument should be path to custom resource yaml\"\n exit 1\nfi\n\npathToResourceYAML=${1}\n\nkubectl get validatingwebhookconfiguration istio-galley 2\u003e/dev/null\nif [ \"$?\" -eq 0 ]; then\n echo \"istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready\"\n while true; do\n kubectl -n istio-system get deployment istio-galley 2\u003e/dev/null\n if [ \"$?\" -eq 0 ]; then\n break\n fi\n sleep 1\n done\n kubectl -n istio-system rollout status deployment istio-galley\n if [ \"$?\" -ne 0 ]; then\n echo \"istio-galley deployment rollout status check failed\"\n exit 1\n fi\n echo \"istio-galley deployment ready for configuration validation\"\nfi\nsleep 5\nkubectl apply -f ${pathToResourceYAML}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"security","chart":"security","heritage":"Tiller","istio":"citadel","release":"RELEASE-NAME"},"name":"istio-security-custom-resources","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:20Z"
labels:
app: security
chart: security
heritage: Tiller
istio: citadel
release: RELEASE-NAME
name: istio-security-custom-resources
namespace: istio-system
resourceVersion: "43409"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-security-custom-resources
uid: 1eb81df9-15bb-11ea-b5af-027e0b84da98
- apiVersion: v1
data:
config: |-
policy: disabled
alwaysInjectSelector:
[]
neverInjectSelector:
[]
template: |-
rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }}
{{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }}
initContainers:
{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
{{- if not .Values.istio_cni.enabled }}
- name: istio-init
{{- if contains "/" .Values.global.proxy_init.image }}
image: "{{ .Values.global.proxy_init.image }}"
{{- else }}
image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
{{- end }}
command:
- istio-iptables
- "-p"
- "15001"
- "-z"
- "15006"
- "-u"
- 1337
- "-m"
- "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}"
- "-i"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}"
- "-x"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}"
- "-b"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}"
- "-d"
- "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}"
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}}
- "-o"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
{{ end -}}
{{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}
- "-k"
- "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
{{ end -}}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
{{- if .Values.global.proxy.init.resources }}
resources:
{{ toYaml .Values.global.proxy.init.resources | indent 4 }}
{{- else }}
resources: {}
{{- end }}
securityContext:
runAsUser: 0
runAsNonRoot: false
capabilities:
add:
- NET_ADMIN
{{- if .Values.global.proxy.privileged }}
privileged: true
{{- end }}
restartPolicy: Always
{{- end }}
{{ end -}}
{{- if eq .Values.global.proxy.enableCoreDump true }}
- name: enable-core-dump
args:
- -c
- sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited
command:
- /bin/sh
image: {{ $.Values.global.proxy.enableCoreDumpImage }}
imagePullPolicy: IfNotPresent
resources: {}
securityContext:
runAsUser: 0
runAsNonRoot: false
privileged: true
{{ end }}
{{- end }}
containers:
- name: istio-proxy
{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
{{- else }}
image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
{{- end }}
ports:
- containerPort: 15090
protocol: TCP
name: http-envoy-prom
args:
- proxy
- sidecar
- --domain
- $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
- --configPath
- "{{ .ProxyConfig.ConfigPath }}"
- --binaryPath
- "{{ .ProxyConfig.BinaryPath }}"
- --serviceCluster
{{ if ne "" (index .ObjectMeta.Labels "app") -}}
- "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)"
{{ else -}}
- "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}"
{{ end -}}
- --drainDuration
- "{{ formatDuration .ProxyConfig.DrainDuration }}"
- --parentShutdownDuration
- "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}"
- --discoveryAddress
- "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}"
{{- if eq .Values.global.proxy.tracer "lightstep" }}
- --lightstepAddress
- "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}"
- --lightstepAccessToken
- "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}"
- --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }}
- --lightstepCacertPath
- "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}"
{{- else if eq .Values.global.proxy.tracer "zipkin" }}
- --zipkinAddress
- "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}"
{{- else if eq .Values.global.proxy.tracer "datadog" }}
- --datadogAgentAddress
- "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}"
{{- end }}
{{- if .Values.global.proxy.logLevel }}
- --proxyLogLevel={{ .Values.global.proxy.logLevel }}
{{- end}}
{{- if .Values.global.proxy.componentLogLevel }}
- --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }}
{{- end}}
- --dnsRefreshRate
- {{ .Values.global.proxy.dnsRefreshRate }}
- --connectTimeout
- "{{ formatDuration .ProxyConfig.ConnectTimeout }}"
{{- if .Values.global.proxy.envoyStatsd.enabled }}
- --statsdUdpAddress
- "{{ .ProxyConfig.StatsdUdpAddress }}"
{{- end }}
{{- if .Values.global.proxy.envoyMetricsService.enabled }}
- --envoyMetricsService
- '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}'
{{- end }}
{{- if .Values.global.proxy.envoyAccessLogService.enabled }}
- --envoyAccessLogService
- '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}'
{{- end }}
- --proxyAdminPort
- "{{ .ProxyConfig.ProxyAdminPort }}"
{{ if gt .ProxyConfig.Concurrency 0 -}}
- --concurrency
- "{{ .ProxyConfig.Concurrency }}"
{{ end -}}
- --controlPlaneAuthPolicy
- "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}"
{{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }}
- --statusPort
- "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}"
- --applicationPorts
- "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}"
{{- end }}
{{- if .Values.global.trustDomain }}
- --trust-domain={{ .Values.global.trustDomain }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ISTIO_META_POD_PORTS
value: |-
[
{{- range $index1, $c := .Spec.Containers }}
{{- range $index2, $p := $c.Ports }}
{{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }}
{{- end}}
{{- end}}
]
- name: ISTIO_META_CLUSTER_ID
value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
{{- if .Values.global.mtls.auto }}
- name: ISTIO_AUTO_MTLS_ENABLED
value: "true"
{{- end }}
{{- if eq .Values.global.proxy.tracer "datadog" }}
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }}
{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
- name: {{ $key }}
value: "{{ $value }}"
{{- end }}
{{- end }}
{{- end }}
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ISTIO_META_CONFIG_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SDS_ENABLED
value: {{ $.Values.global.sds.enabled }}
- name: ISTIO_META_INTERCEPTION_MODE
value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
- name: ISTIO_META_INCLUDE_INBOUND_PORTS
value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}"
{{- if .Values.global.network }}
- name: ISTIO_META_NETWORK
value: "{{ .Values.global.network }}"
{{- end }}
{{ if .ObjectMeta.Annotations }}
- name: ISTIO_METAJSON_ANNOTATIONS
value: |
{{ toJSON .ObjectMeta.Annotations }}
{{ end }}
{{ if .ObjectMeta.Labels }}
- name: ISTIO_METAJSON_LABELS
value: |
{{ toJSON .ObjectMeta.Labels }}
{{ end }}
{{- if .DeploymentMeta.Name }}
- name: ISTIO_META_WORKLOAD_NAME
value: {{ .DeploymentMeta.Name }}
{{ end }}
{{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
- name: ISTIO_META_OWNER
value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
{{- end}}
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- name: ISTIO_BOOTSTRAP_OVERRIDE
value: "/etc/istio/custom-bootstrap/custom_bootstrap.json"
{{- end }}
{{- if .Values.global.sds.customTokenDirectory }}
- name: ISTIO_META_SDS_TOKEN_PATH
value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken"
{{- end }}
{{- if .Values.global.meshID }}
- name: ISTIO_META_MESH_ID
value: "{{ .Values.global.meshID }}"
{{- else if .Values.global.trustDomain }}
- name: ISTIO_META_MESH_ID
value: "{{ .Values.global.trustDomain }}"
{{- end }}
# PATCH #2: Increase termination drain duration.
- name: TERMINATION_DRAIN_DURATION_SECONDS
value: "20"
# PATCH #2 ends.
{{- if eq .Values.global.proxy.tracer "stackdriver" }}
- name: STACKDRIVER_TRACING_ENABLED
value: "true"
- name: STACKDRIVER_TRACING_DEBUG
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}"
{{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}
- name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}"
{{- end }}
{{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}
- name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}"
{{- end }}
{{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}
- name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS
value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}"
{{- end }}
{{- end }}
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
{{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }}
readinessProbe:
httpGet:
path: /healthz/ready
port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}
initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}
periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}
failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}
{{ end -}}
securityContext:
{{- if .Values.global.proxy.privileged }}
privileged: true
{{- end }}
{{- if ne .Values.global.proxy.enableCoreDump true }}
readOnlyRootFilesystem: true
{{- end }}
{{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}}
capabilities:
add:
- NET_ADMIN
runAsGroup: 1337
{{ else -}}
{{ if .Values.global.sds.enabled }}
runAsGroup: 1337
{{- end }}
runAsUser: 1337
{{- end }}
resources:
{{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
requests:
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
{{ end}}
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
{{ end }}
{{ else -}}
{{- if .Values.global.proxy.resources }}
{{ toYaml .Values.global.proxy.resources | indent 4 }}
{{- end }}
{{ end -}}
volumeMounts:
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- mountPath: /etc/istio/custom-bootstrap
name: custom-bootstrap-volume
{{- end }}
- mountPath: /etc/istio/proxy
name: istio-envoy
{{- if .Values.global.sds.enabled }}
- mountPath: /var/run/sds
name: sds-uds-path
readOnly: true
- mountPath: /var/run/secrets/tokens
name: istio-token
{{- if .Values.global.sds.customTokenDirectory }}
- mountPath: "{{ .Values.global.sds.customTokenDirectory -}}"
name: custom-sds-token
readOnly: true
{{- end }}
{{- else }}
- mountPath: /etc/certs/
name: istio-certs
readOnly: true
{{- end }}
{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }}
- mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}
name: lightstep-certs
readOnly: true
{{- end }}
{{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}
{{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}
- name: "{{ $index }}"
{{ toYaml $value | indent 4 }}
{{ end }}
{{- end }}
volumes:
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- name: custom-bootstrap-volume
configMap:
name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }}
{{- end }}
- emptyDir:
medium: Memory
name: istio-envoy
{{- if .Values.global.sds.enabled }}
- name: sds-uds-path
hostPath:
path: /var/run/sds
- name: istio-token
projected:
sources:
- serviceAccountToken:
path: istio-token
expirationSeconds: 43200
audience: {{ .Values.global.sds.token.aud }}
{{- if .Values.global.sds.customTokenDirectory }}
- name: custom-sds-token
secret:
secretName: sdstokensecret
{{- end }}
{{- else }}
- name: istio-certs
secret:
optional: true
{{ if eq .Spec.ServiceAccountName "" }}
secretName: istio.default
{{ else -}}
secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }}
{{ end -}}
{{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}
{{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}
- name: "{{ $index }}"
{{ toYaml $value | indent 2 }}
{{ end }}
{{ end }}
{{- end }}
{{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }}
- name: lightstep-certs
secret:
optional: true
secretName: lightstep.cacert
{{- end }}
{{- if .Values.global.podDNSSearchNamespaces }}
dnsConfig:
searches:
{{- range .Values.global.podDNSSearchNamespaces }}
- {{ render . }}
{{- end }}
{{- end }}
podRedirectAnnot:
sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}"
traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}"
traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}"
traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}"
traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}"
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }}
traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
{{- end }}
traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
injectedAnnotations:
values: '{"certmanager":{"enabled":false},"galley":{"enableAnalysis":false,"enableServiceDiscovery":false,"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"galley","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","tolerations":[]},"gateways":{"cluster-local-gateway":{"autoscaleMax":4,"autoscaleMin":2,"cpu":{"targetAverageUtilization":80},"enabled":true,"externalIPs":[],"labels":{"app":"cluster-local-gateway","istio":"cluster-local-gateway"},"loadBalancerIP":"","loadBalancerSourceRanges":{},"podAnnotations":{},"ports":[{"name":"status-port","port":15020},{"name":"http2","port":80},{"name":"https","port":443}],"replicaCount":2,"resources":{"requests":{"cpu":"250m","memory":"256Mi"}},"secretVolumes":[{"mountPath":"/etc/istio/cluster-local-gateway-certs","name":"cluster-local-gateway-certs","secretName":"istio-cluster-local-gateway-certs"},{"mountPath":"/etc/istio/cluster-local-gateway-ca-certs","name":"cluster-local-gateway-ca-certs","secretName":"istio-cluster-local-gateway-ca-certs"}],"serviceAnnotations":{},"type":"ClusterIP"},"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"istio-egressgateway":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":false,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"labels":{"app":"istio-egressgateway","istio":"egressgateway"},"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"ports":[{"name":"http2","port":80},{"name":"https","port":443},{"name":"tls","port":15443,"targetPort":15443}],"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"serviceAnnotations":{},"tolerations":[],"type":"ClusterIP"},"istio-ilbgateway":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":false,"labels":{"app":"istio-ilbgateway","istio":"ilbgateway"},"loadBalancerIP":"","nodeSelector":{},"podAnnotations":{},"ports":[{"name":"grpc-pilot-mtls","port":15011},{"name":"grpc-pilot","port":15010},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns","port":5353}],"resources":{"requests":{"cpu":"800m","memory":"512Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","secretVolumes":[{"mountPath":"/etc/istio/ilbgateway-certs","name":"ilbgateway-certs","secretName":"istio-ilbgateway-certs"},{"mountPath":"/etc/istio/ilbgateway-ca-certs","name":"ilbgateway-ca-certs","secretName":"istio-ilbgateway-ca-certs"}],"serviceAnnotations":{"cloud.google.com/load-balancer-type":"internal"},"tolerations":[],"type":"LoadBalancer"},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"autoscaleMax":4,"autoscaleMin":2,"cpu":{"targetAverageUtilization":80},"enabled":true,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"externalIPs":[],"labels":{"app":"istio-ingressgateway","istio":"ingressgateway"},"loadBalancerIP":"","loadBalancerSourceRanges":[],"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-mixer-grpc-tls","port":15004,"targetPort":15004},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"ports":[{"name":"status-port","port":15020},{"name":"http2","port":80},{"name":"https","port":443}],"replicaCount":2,"resources":{"limits":{"cpu":"3000m","memory":"2048Mi"},"requests":{"cpu":"3000m","memory":"2048Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sds":{"enabled":true,"image":"node-agent-k8s","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}},"secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"serviceAnnotations":{},"tolerations":[],"type":"LoadBalancer"}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"grafana":{"enabled":false},"istio_cni":{"enabled":false},"istiocoredns":{"enabled":false},"kiali":{"enabled":false},"mixer":{"adapters":{"kubernetesenv":{"enabled":true},"prometheus":{"enabled":false,"metricsExpiryDuration":"10m"},"stdio":{"enabled":false,"outputAsJson":true},"useAdapterCRDs":false},"env":{"GOMAXPROCS":"6"},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"mixer","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"policy":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%"},"telemetry":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"cpu":{"targetAverageUtilization":80},"enabled":true,"loadshedding":{"latencyThreshold":"100ms","mode":"enforce"},"replicaCount":1,"reportBatchMaxEntries":100,"reportBatchMaxTime":"1s","resources":{"limits":{"cpu":"4800m","memory":"4G"},"requests":{"cpu":"1000m","memory":"1G"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sessionAffinityEnabled":false},"tolerations":[]},"nodeagent":{"enabled":false},"pilot":{"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":2,"configSource":{"subscribedResources":null},"cpu":{"targetAverageUtilization":80},"enableProtocolSniffingForInbound":false,"enableProtocolSniffingForOutbound":true,"enabled":true,"env":{"PILOT_PUSH_THROTTLE":100},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"pilot","keepaliveMaxServerConnectionAge":"30m","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"resources":{"requests":{"cpu":"3000m","memory":"2048Mi"}},"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","sidecar":true,"tolerations":[],"traceSampling":100},"prometheus":{"enabled":false},"security":{"citadelHealthCheck":false,"createMeshPolicy":true,"enableNamespacesByDefault":true,"enabled":true,"env":{},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"citadel","nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":true,"tolerations":[],"workloadCertTtl":"2160h"},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableNamespacesByDefault":true,"enabled":true,"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"defaultTolerations":[],"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshID":"","meshNetworks":{},"monitoringPort":15014,"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"network":"","oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"priorityClassName":"","proxy":{"accessLogEncoding":"JSON","accessLogFile":"/dev/stdout","accessLogFormat":"","autoInject":"disabled","clusterDomain":"cluster.local","componentLogLevel":"","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"enableCoreDumpImage":"ubuntu:xenial","envoyAccessLogService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyMetricsService":{"enabled":false,"host":null,"port":null,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"caCertificates":null,"clientCertificate":null,"mode":"DISABLE","privateKey":null,"sni":null,"subjectAltNames":[]}},"envoyStatsd":{"enabled":false,"host":null,"port":null},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","init":{"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"kubevirtInterfaces":"","logLevel":"","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2"},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"tag":"1.4.0","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"stackdriver":{"debug":false,"maxNumberOfAnnotations":200,"maxNumberOfAttributes":200,"maxNumberOfMessageEvents":200},"zipkin":{"address":""}},"trustDomain":"","trustDomainAliases":[],"useMCP":true},"image":"sidecar_injector","injectedAnnotations":{},"neverInjectSelector":[],"nodeSelector":{},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","tolerations":[]},"tracing":{"enabled":false}}'
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"config":"policy: disabled\nalwaysInjectSelector:\n []\nneverInjectSelector:\n []\ntemplate: |-\n rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }}\n {{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }}\n initContainers:\n {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}\n {{- if not .Values.istio_cni.enabled }}\n - name: istio-init\n {{- if contains \"/\" .Values.global.proxy_init.image }}\n image: \"{{ .Values.global.proxy_init.image }}\"\n {{- else }}\n image: \"{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}\"\n {{- end }}\n command:\n - istio-iptables\n - \"-p\"\n - \"15001\"\n - \"-z\"\n - \"15006\"\n - \"-u\"\n - 1337\n - \"-m\"\n - \"{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}\"\n - \"-i\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}\"\n - \"-x\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}\"\n - \"-b\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}\"\n - \"-d\"\n - \"{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}\"\n {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts \"\") -}}\n - \"-o\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}\"\n {{ end -}}\n {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}\n - \"-k\"\n - \"{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}\"\n {{ end -}}\n imagePullPolicy: \"{{ .Values.global.imagePullPolicy }}\"\n {{- if .Values.global.proxy.init.resources }}\n resources:\n {{ toYaml .Values.global.proxy.init.resources | indent 4 }}\n {{- else }}\n resources: {}\n {{- end }}\n securityContext:\n runAsUser: 0\n runAsNonRoot: false\n capabilities:\n add:\n - NET_ADMIN\n {{- if .Values.global.proxy.privileged }}\n privileged: true\n {{- end }}\n restartPolicy: Always\n {{- end }}\n {{ end -}}\n {{- if eq .Values.global.proxy.enableCoreDump true }}\n - name: enable-core-dump\n args:\n - -c\n - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy \u0026\u0026 ulimit -c unlimited\n command:\n - /bin/sh\n image: {{ $.Values.global.proxy.enableCoreDumpImage }}\n imagePullPolicy: IfNotPresent\n resources: {}\n securityContext:\n runAsUser: 0\n runAsNonRoot: false\n privileged: true\n {{ end }}\n {{- end }}\n containers:\n - name: istio-proxy\n {{- if contains \"/\" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}\n image: \"{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}\"\n {{- else }}\n image: \"{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}\"\n {{- end }}\n ports:\n - containerPort: 15090\n protocol: TCP\n name: http-envoy-prom\n args:\n - proxy\n - sidecar\n - --domain\n - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}\n - --configPath\n - \"{{ .ProxyConfig.ConfigPath }}\"\n - --binaryPath\n - \"{{ .ProxyConfig.BinaryPath }}\"\n - --serviceCluster\n {{ if ne \"\" (index .ObjectMeta.Labels \"app\") -}}\n - \"{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)\"\n {{ else -}}\n - \"{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}\"\n {{ end -}}\n - --drainDuration\n - \"{{ formatDuration .ProxyConfig.DrainDuration }}\"\n - --parentShutdownDuration\n - \"{{ formatDuration .ProxyConfig.ParentShutdownDuration }}\"\n - --discoveryAddress\n - \"{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}\"\n {{- if eq .Values.global.proxy.tracer \"lightstep\" }}\n - --lightstepAddress\n - \"{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}\"\n - --lightstepAccessToken\n - \"{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}\"\n - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }}\n - --lightstepCacertPath\n - \"{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}\"\n {{- else if eq .Values.global.proxy.tracer \"zipkin\" }}\n - --zipkinAddress\n - \"{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}\"\n {{- else if eq .Values.global.proxy.tracer \"datadog\" }}\n - --datadogAgentAddress\n - \"{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}\"\n {{- end }}\n {{- if .Values.global.proxy.logLevel }}\n - --proxyLogLevel={{ .Values.global.proxy.logLevel }}\n {{- end}}\n {{- if .Values.global.proxy.componentLogLevel }}\n - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }}\n {{- end}}\n - --dnsRefreshRate\n - {{ .Values.global.proxy.dnsRefreshRate }}\n - --connectTimeout\n - \"{{ formatDuration .ProxyConfig.ConnectTimeout }}\"\n {{- if .Values.global.proxy.envoyStatsd.enabled }}\n - --statsdUdpAddress\n - \"{{ .ProxyConfig.StatsdUdpAddress }}\"\n {{- end }}\n {{- if .Values.global.proxy.envoyMetricsService.enabled }}\n - --envoyMetricsService\n - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}'\n {{- end }}\n {{- if .Values.global.proxy.envoyAccessLogService.enabled }}\n - --envoyAccessLogService\n - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}'\n {{- end }}\n - --proxyAdminPort\n - \"{{ .ProxyConfig.ProxyAdminPort }}\"\n {{ if gt .ProxyConfig.Concurrency 0 -}}\n - --concurrency\n - \"{{ .ProxyConfig.Concurrency }}\"\n {{ end -}}\n - --controlPlaneAuthPolicy\n - \"{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}\"\n {{- if (ne (annotation .ObjectMeta \"status.sidecar.istio.io/port\" (valueOrDefault .Values.global.proxy.statusPort 0 )) `0`) }}\n - --statusPort\n - \"{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}\"\n - --applicationPorts\n - \"{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}\"\n {{- end }}\n {{- if .Values.global.trustDomain }}\n - --trust-domain={{ .Values.global.trustDomain }}\n {{- end }}\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: ISTIO_META_POD_PORTS\n value: |-\n [\n {{- range $index1, $c := .Spec.Containers }}\n {{- range $index2, $p := $c.Ports }}\n {{if or (ne $index1 0) (ne $index2 0)}},{{end}}{{ structToJSON $p }}\n {{- end}}\n {{- end}}\n ]\n - name: ISTIO_META_CLUSTER_ID\n value: \"{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}\"\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: SERVICE_ACCOUNT\n valueFrom:\n fieldRef:\n fieldPath: spec.serviceAccountName\n {{- if .Values.global.mtls.auto }}\n - name: ISTIO_AUTO_MTLS_ENABLED\n value: \"true\"\n {{- end }}\n {{- if eq .Values.global.proxy.tracer \"datadog\" }}\n - name: HOST_IP\n valueFrom:\n fieldRef:\n fieldPath: status.hostIP\n {{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }}\n {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}\n - name: {{ $key }}\n value: \"{{ $value }}\"\n {{- end }}\n {{- end }}\n {{- end }}\n - name: ISTIO_META_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: ISTIO_META_CONFIG_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: SDS_ENABLED\n value: {{ $.Values.global.sds.enabled }}\n - name: ISTIO_META_INTERCEPTION_MODE\n value: \"{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}\"\n - name: ISTIO_META_INCLUDE_INBOUND_PORTS\n value: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}\"\n {{- if .Values.global.network }}\n - name: ISTIO_META_NETWORK\n value: \"{{ .Values.global.network }}\"\n {{- end }}\n {{ if .ObjectMeta.Annotations }}\n - name: ISTIO_METAJSON_ANNOTATIONS\n value: |\n {{ toJSON .ObjectMeta.Annotations }}\n {{ end }}\n {{ if .ObjectMeta.Labels }}\n - name: ISTIO_METAJSON_LABELS\n value: |\n {{ toJSON .ObjectMeta.Labels }}\n {{ end }}\n {{- if .DeploymentMeta.Name }}\n - name: ISTIO_META_WORKLOAD_NAME\n value: {{ .DeploymentMeta.Name }}\n {{ end }}\n {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}\n - name: ISTIO_META_OWNER\n value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}\n {{- end}}\n {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}\n - name: ISTIO_BOOTSTRAP_OVERRIDE\n value: \"/etc/istio/custom-bootstrap/custom_bootstrap.json\"\n {{- end }}\n {{- if .Values.global.sds.customTokenDirectory }}\n - name: ISTIO_META_SDS_TOKEN_PATH\n value: \"{{ .Values.global.sds.customTokenDirectory -}}/sdstoken\"\n {{- end }}\n {{- if .Values.global.meshID }}\n - name: ISTIO_META_MESH_ID\n value: \"{{ .Values.global.meshID }}\"\n {{- else if .Values.global.trustDomain }}\n - name: ISTIO_META_MESH_ID\n value: \"{{ .Values.global.trustDomain }}\"\n {{- end }}\n # PATCH #2: Increase termination drain duration.\n - name: TERMINATION_DRAIN_DURATION_SECONDS\n value: \"20\"\n # PATCH #2 ends.\n {{- if eq .Values.global.proxy.tracer \"stackdriver\" }}\n - name: STACKDRIVER_TRACING_ENABLED\n value: \"true\"\n - name: STACKDRIVER_TRACING_DEBUG\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}\"\n {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}\n - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}\"\n {{- end }}\n {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}\n - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}\"\n {{- end }}\n {{- if .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}\n - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS\n value: \"{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}\"\n {{- end }}\n {{- end }}\n imagePullPolicy: {{ .Values.global.imagePullPolicy }}\n {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` (valueOrDefault .Values.global.proxy.statusPort 0 )) `0` }}\n readinessProbe:\n httpGet:\n path: /healthz/ready\n port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}\n initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}\n periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}\n failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}\n {{ end -}}\n securityContext:\n {{- if .Values.global.proxy.privileged }}\n privileged: true\n {{- end }}\n {{- if ne .Values.global.proxy.enableCoreDump true }}\n readOnlyRootFilesystem: true\n {{- end }}\n {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}}\n capabilities:\n add:\n - NET_ADMIN\n runAsGroup: 1337\n {{ else -}}\n {{ if .Values.global.sds.enabled }}\n runAsGroup: 1337\n {{- end }}\n runAsUser: 1337\n {{- end }}\n resources:\n {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}\n requests:\n {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}\n cpu: \"{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}\"\n {{ end}}\n {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}\n memory: \"{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}\"\n {{ end }}\n {{ else -}}\n {{- if .Values.global.proxy.resources }}\n {{ toYaml .Values.global.proxy.resources | indent 4 }}\n {{- end }}\n {{ end -}}\n volumeMounts:\n {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}\n - mountPath: /etc/istio/custom-bootstrap\n name: custom-bootstrap-volume\n {{- end }}\n - mountPath: /etc/istio/proxy\n name: istio-envoy\n {{- if .Values.global.sds.enabled }}\n - mountPath: /var/run/sds\n name: sds-uds-path\n readOnly: true\n - mountPath: /var/run/secrets/tokens\n name: istio-token\n {{- if .Values.global.sds.customTokenDirectory }}\n - mountPath: \"{{ .Values.global.sds.customTokenDirectory -}}\"\n name: custom-sds-token\n readOnly: true\n {{- end }}\n {{- else }}\n - mountPath: /etc/certs/\n name: istio-certs\n readOnly: true\n {{- end }}\n {{- if and (eq .Values.global.proxy.tracer \"lightstep\") .Values.global.tracer.lightstep.cacertPath }}\n - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}\n name: lightstep-certs\n readOnly: true\n {{- end }}\n {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}\n {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}\n - name: \"{{ $index }}\"\n {{ toYaml $value | indent 4 }}\n {{ end }}\n {{- end }}\n volumes:\n {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}\n - name: custom-bootstrap-volume\n configMap:\n name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` \"\" }}\n {{- end }}\n - emptyDir:\n medium: Memory\n name: istio-envoy\n {{- if .Values.global.sds.enabled }}\n - name: sds-uds-path\n hostPath:\n path: /var/run/sds\n - name: istio-token\n projected:\n sources:\n - serviceAccountToken:\n path: istio-token\n expirationSeconds: 43200\n audience: {{ .Values.global.sds.token.aud }}\n {{- if .Values.global.sds.customTokenDirectory }}\n - name: custom-sds-token\n secret:\n secretName: sdstokensecret\n {{- end }}\n {{- else }}\n - name: istio-certs\n secret:\n optional: true\n {{ if eq .Spec.ServiceAccountName \"\" }}\n secretName: istio.default\n {{ else -}}\n secretName: {{ printf \"istio.%s\" .Spec.ServiceAccountName }}\n {{ end -}}\n {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}\n {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}\n - name: \"{{ $index }}\"\n {{ toYaml $value | indent 2 }}\n {{ end }}\n {{ end }}\n {{- end }}\n {{- if and (eq .Values.global.proxy.tracer \"lightstep\") .Values.global.tracer.lightstep.cacertPath }}\n - name: lightstep-certs\n secret:\n optional: true\n secretName: lightstep.cacert\n {{- end }}\n {{- if .Values.global.podDNSSearchNamespaces }}\n dnsConfig:\n searches:\n {{- range .Values.global.podDNSSearchNamespaces }}\n - {{ render . }}\n {{- end }}\n {{- end }}\n podRedirectAnnot:\n sidecar.istio.io/interceptionMode: \"{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}\"\n traffic.sidecar.istio.io/includeOutboundIPRanges: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}\"\n traffic.sidecar.istio.io/excludeOutboundIPRanges: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}\"\n traffic.sidecar.istio.io/includeInboundPorts: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}\"\n traffic.sidecar.istio.io/excludeInboundPorts: \"{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}\"\n {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts \"\") }}\n traffic.sidecar.istio.io/excludeOutboundPorts: \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}\"\n {{- end }}\n traffic.sidecar.istio.io/kubevirtInterfaces: \"{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}\"\ninjectedAnnotations:","values":"{\"certmanager\":{\"enabled\":false},\"galley\":{\"enableAnalysis\":false,\"enableServiceDiscovery\":false,\"enabled\":true,\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"galley\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"replicaCount\":1,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"tolerations\":[]},\"gateways\":{\"cluster-local-gateway\":{\"autoscaleMax\":4,\"autoscaleMin\":2,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"externalIPs\":[],\"labels\":{\"app\":\"cluster-local-gateway\",\"istio\":\"cluster-local-gateway\"},\"loadBalancerIP\":\"\",\"loadBalancerSourceRanges\":{},\"podAnnotations\":{},\"ports\":[{\"name\":\"status-port\",\"port\":15020},{\"name\":\"http2\",\"port\":80},{\"name\":\"https\",\"port\":443}],\"replicaCount\":2,\"resources\":{\"requests\":{\"cpu\":\"250m\",\"memory\":\"256Mi\"}},\"secretVolumes\":[{\"mountPath\":\"/etc/istio/cluster-local-gateway-certs\",\"name\":\"cluster-local-gateway-certs\",\"secretName\":\"istio-cluster-local-gateway-certs\"},{\"mountPath\":\"/etc/istio/cluster-local-gateway-ca-certs\",\"name\":\"cluster-local-gateway-ca-certs\",\"secretName\":\"istio-cluster-local-gateway-ca-certs\"}],\"serviceAnnotations\":{},\"type\":\"ClusterIP\"},\"enabled\":true,\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"istio-egressgateway\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":false,\"env\":{\"ISTIO_META_ROUTER_MODE\":\"sni-dnat\"},\"labels\":{\"app\":\"istio-egressgateway\",\"istio\":\"egressgateway\"},\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"ports\":[{\"name\":\"http2\",\"port\":80},{\"name\":\"https\",\"port\":443},{\"name\":\"tls\",\"port\":15443,\"targetPort\":15443}],\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"secretVolumes\":[{\"mountPath\":\"/etc/istio/egressgateway-certs\",\"name\":\"egressgateway-certs\",\"secretName\":\"istio-egressgateway-certs\"},{\"mountPath\":\"/etc/istio/egressgateway-ca-certs\",\"name\":\"egressgateway-ca-certs\",\"secretName\":\"istio-egressgateway-ca-certs\"}],\"serviceAnnotations\":{},\"tolerations\":[],\"type\":\"ClusterIP\"},\"istio-ilbgateway\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":false,\"labels\":{\"app\":\"istio-ilbgateway\",\"istio\":\"ilbgateway\"},\"loadBalancerIP\":\"\",\"nodeSelector\":{},\"podAnnotations\":{},\"ports\":[{\"name\":\"grpc-pilot-mtls\",\"port\":15011},{\"name\":\"grpc-pilot\",\"port\":15010},{\"name\":\"tcp-citadel-grpc-tls\",\"port\":8060,\"targetPort\":8060},{\"name\":\"tcp-dns\",\"port\":5353}],\"resources\":{\"requests\":{\"cpu\":\"800m\",\"memory\":\"512Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"secretVolumes\":[{\"mountPath\":\"/etc/istio/ilbgateway-certs\",\"name\":\"ilbgateway-certs\",\"secretName\":\"istio-ilbgateway-certs\"},{\"mountPath\":\"/etc/istio/ilbgateway-ca-certs\",\"name\":\"ilbgateway-ca-certs\",\"secretName\":\"istio-ilbgateway-ca-certs\"}],\"serviceAnnotations\":{\"cloud.google.com/load-balancer-type\":\"internal\"},\"tolerations\":[],\"type\":\"LoadBalancer\"},\"istio-ingressgateway\":{\"applicationPorts\":\"\",\"autoscaleEnabled\":true,\"autoscaleMax\":4,\"autoscaleMin\":2,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"env\":{\"ISTIO_META_ROUTER_MODE\":\"sni-dnat\"},\"externalIPs\":[],\"labels\":{\"app\":\"istio-ingressgateway\",\"istio\":\"ingressgateway\"},\"loadBalancerIP\":\"\",\"loadBalancerSourceRanges\":[],\"meshExpansionPorts\":[{\"name\":\"tcp-pilot-grpc-tls\",\"port\":15011,\"targetPort\":15011},{\"name\":\"tcp-mixer-grpc-tls\",\"port\":15004,\"targetPort\":15004},{\"name\":\"tcp-citadel-grpc-tls\",\"port\":8060,\"targetPort\":8060},{\"name\":\"tcp-dns-tls\",\"port\":853,\"targetPort\":853}],\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"ports\":[{\"name\":\"status-port\",\"port\":15020},{\"name\":\"http2\",\"port\":80},{\"name\":\"https\",\"port\":443}],\"replicaCount\":2,\"resources\":{\"limits\":{\"cpu\":\"3000m\",\"memory\":\"2048Mi\"},\"requests\":{\"cpu\":\"3000m\",\"memory\":\"2048Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"sds\":{\"enabled\":true,\"image\":\"node-agent-k8s\",\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}}},\"secretVolumes\":[{\"mountPath\":\"/etc/istio/ingressgateway-certs\",\"name\":\"ingressgateway-certs\",\"secretName\":\"istio-ingressgateway-certs\"},{\"mountPath\":\"/etc/istio/ingressgateway-ca-certs\",\"name\":\"ingressgateway-ca-certs\",\"secretName\":\"istio-ingressgateway-ca-certs\"}],\"serviceAnnotations\":{},\"tolerations\":[],\"type\":\"LoadBalancer\"}},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"grafana\":{\"enabled\":false},\"istio_cni\":{\"enabled\":false},\"istiocoredns\":{\"enabled\":false},\"kiali\":{\"enabled\":false},\"mixer\":{\"adapters\":{\"kubernetesenv\":{\"enabled\":true},\"prometheus\":{\"enabled\":false,\"metricsExpiryDuration\":\"10m\"},\"stdio\":{\"enabled\":false,\"outputAsJson\":true},\"useAdapterCRDs\":false},\"env\":{\"GOMAXPROCS\":\"6\"},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"mixer\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"policy\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"replicaCount\":1,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\"},\"telemetry\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":1,\"cpu\":{\"targetAverageUtilization\":80},\"enabled\":true,\"loadshedding\":{\"latencyThreshold\":\"100ms\",\"mode\":\"enforce\"},\"replicaCount\":1,\"reportBatchMaxEntries\":100,\"reportBatchMaxTime\":\"1s\",\"resources\":{\"limits\":{\"cpu\":\"4800m\",\"memory\":\"4G\"},\"requests\":{\"cpu\":\"1000m\",\"memory\":\"1G\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"sessionAffinityEnabled\":false},\"tolerations\":[]},\"nodeagent\":{\"enabled\":false},\"pilot\":{\"autoscaleEnabled\":true,\"autoscaleMax\":5,\"autoscaleMin\":2,\"configSource\":{\"subscribedResources\":null},\"cpu\":{\"targetAverageUtilization\":80},\"enableProtocolSniffingForInbound\":false,\"enableProtocolSniffingForOutbound\":true,\"enabled\":true,\"env\":{\"PILOT_PUSH_THROTTLE\":100},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"pilot\",\"keepaliveMaxServerConnectionAge\":\"30m\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"resources\":{\"requests\":{\"cpu\":\"3000m\",\"memory\":\"2048Mi\"}},\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"sidecar\":true,\"tolerations\":[],\"traceSampling\":100},\"prometheus\":{\"enabled\":false},\"security\":{\"citadelHealthCheck\":false,\"createMeshPolicy\":true,\"enableNamespacesByDefault\":true,\"enabled\":true,\"env\":{},\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"citadel\",\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"replicaCount\":1,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"selfSigned\":true,\"tolerations\":[],\"workloadCertTtl\":\"2160h\"},\"sidecarInjectorWebhook\":{\"alwaysInjectSelector\":[],\"enableNamespacesByDefault\":true,\"enabled\":true,\"global\":{\"arch\":{\"amd64\":2,\"ppc64le\":2,\"s390x\":2},\"certificates\":[],\"configValidation\":true,\"controlPlaneSecurityEnabled\":false,\"defaultNodeSelector\":{},\"defaultPodDisruptionBudget\":{\"enabled\":true},\"defaultResources\":{\"requests\":{\"cpu\":\"10m\"}},\"defaultTolerations\":[],\"disablePolicyChecks\":true,\"enableHelmTest\":false,\"enableTracing\":true,\"hub\":\"docker.io/istio\",\"imagePullPolicy\":\"IfNotPresent\",\"imagePullSecrets\":[],\"k8sIngress\":{\"enableHttps\":false,\"enabled\":false,\"gatewayName\":\"ingressgateway\"},\"localityLbSetting\":{\"enabled\":true},\"logging\":{\"level\":\"default:info\"},\"meshExpansion\":{\"enabled\":false,\"useILB\":false},\"meshID\":\"\",\"meshNetworks\":{},\"monitoringPort\":15014,\"mtls\":{\"auto\":false,\"enabled\":false},\"multiCluster\":{\"clusterName\":\"\",\"enabled\":false},\"network\":\"\",\"oneNamespace\":false,\"operatorManageWebhooks\":false,\"outboundTrafficPolicy\":{\"mode\":\"ALLOW_ANY\"},\"policyCheckFailOpen\":false,\"priorityClassName\":\"\",\"proxy\":{\"accessLogEncoding\":\"JSON\",\"accessLogFile\":\"/dev/stdout\",\"accessLogFormat\":\"\",\"autoInject\":\"disabled\",\"clusterDomain\":\"cluster.local\",\"componentLogLevel\":\"\",\"concurrency\":2,\"dnsRefreshRate\":\"300s\",\"enableCoreDump\":false,\"enableCoreDumpImage\":\"ubuntu:xenial\",\"envoyAccessLogService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyMetricsService\":{\"enabled\":false,\"host\":null,\"port\":null,\"tcpKeepalive\":{\"interval\":\"10s\",\"probes\":3,\"time\":\"10s\"},\"tlsSettings\":{\"caCertificates\":null,\"clientCertificate\":null,\"mode\":\"DISABLE\",\"privateKey\":null,\"sni\":null,\"subjectAltNames\":[]}},\"envoyStatsd\":{\"enabled\":false,\"host\":null,\"port\":null},\"excludeIPRanges\":\"\",\"excludeInboundPorts\":\"\",\"excludeOutboundPorts\":\"\",\"image\":\"proxyv2\",\"includeIPRanges\":\"*\",\"includeInboundPorts\":\"*\",\"init\":{\"resources\":{\"limits\":{\"cpu\":\"100m\",\"memory\":\"50Mi\"},\"requests\":{\"cpu\":\"10m\",\"memory\":\"10Mi\"}}},\"kubevirtInterfaces\":\"\",\"logLevel\":\"\",\"privileged\":false,\"protocolDetectionTimeout\":\"100ms\",\"readinessFailureThreshold\":30,\"readinessInitialDelaySeconds\":1,\"readinessPeriodSeconds\":2,\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1024Mi\"},\"requests\":{\"cpu\":\"100m\",\"memory\":\"128Mi\"}},\"statusPort\":15020,\"tracer\":\"zipkin\"},\"proxy_init\":{\"image\":\"proxyv2\"},\"sds\":{\"enabled\":false,\"token\":{\"aud\":\"istio-ca\"},\"udsPath\":\"\"},\"tag\":\"1.4.0\",\"tracer\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"},\"lightstep\":{\"accessToken\":\"\",\"address\":\"\",\"cacertPath\":\"\",\"secure\":true},\"stackdriver\":{\"debug\":false,\"maxNumberOfAnnotations\":200,\"maxNumberOfAttributes\":200,\"maxNumberOfMessageEvents\":200},\"zipkin\":{\"address\":\"\"}},\"trustDomain\":\"\",\"trustDomainAliases\":[],\"useMCP\":true},\"image\":\"sidecar_injector\",\"injectedAnnotations\":{},\"neverInjectSelector\":[],\"nodeSelector\":{},\"podAnnotations\":{},\"podAntiAffinityLabelSelector\":[],\"podAntiAffinityTermLabelSelector\":[],\"replicaCount\":1,\"rewriteAppHTTPProbe\":false,\"rollingMaxSurge\":\"100%\",\"rollingMaxUnavailable\":\"25%\",\"tolerations\":[]},\"tracing\":{\"enabled\":false}}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"istio","chart":"istio","heritage":"Tiller","istio":"sidecar-injector","release":"RELEASE-NAME"},"name":"istio-sidecar-injector","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:21Z"
labels:
app: istio
chart: istio
heritage: Tiller
istio: sidecar-injector
release: RELEASE-NAME
name: istio-sidecar-injector
namespace: istio-system
resourceVersion: "43411"
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-sidecar-injector
uid: 1f2d3c0f-15bb-11ea-b5af-027e0b84da98
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: endpoints
-------
apiVersion: v1
items:
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:57Z"
creationTimestamp: "2019-12-03T10:53:28Z"
labels:
app: cluster-local-gateway
chart: gateways
heritage: Tiller
istio: cluster-local-gateway
release: RELEASE-NAME
name: cluster-local-gateway
namespace: istio-system
resourceVersion: "54985"
selfLink: /api/v1/namespaces/istio-system/endpoints/cluster-local-gateway
uid: 232ede47-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.63.67
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
resourceVersion: "54982"
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
- ip: 172.20.66.124
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
resourceVersion: "54976"
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
ports:
- name: http2
port: 80
protocol: TCP
- name: status-port
port: 15020
protocol: TCP
- name: https
port: 443
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:27Z"
creationTimestamp: "2019-12-03T10:53:29Z"
labels:
app: security
chart: security
heritage: Tiller
istio: citadel
release: RELEASE-NAME
name: istio-citadel
namespace: istio-system
resourceVersion: "54804"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-citadel
uid: 24000200-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.52.171
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-citadel-685c4d4b68-bzvxj
namespace: istio-system
resourceVersion: "54802"
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98
ports:
- name: http-monitoring
port: 15014
protocol: TCP
- name: grpc-citadel
port: 8060
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:40Z"
creationTimestamp: "2019-12-03T10:53:27Z"
labels:
app: galley
chart: galley
heritage: Tiller
istio: galley
release: RELEASE-NAME
name: istio-galley
namespace: istio-system
resourceVersion: "54898"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-galley
uid: 2304aa96-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.43.141
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
resourceVersion: "54896"
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
ports:
- name: http-monitoring
port: 15014
protocol: TCP
- name: https-validation
port: 443
protocol: TCP
- name: grpc-mcp
port: 9901
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:24:11Z"
creationTimestamp: "2019-12-03T10:53:28Z"
labels:
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
release: RELEASE-NAME
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "55020"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-ingressgateway
uid: 23589228-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.59.74
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54967"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
- ip: 172.20.73.149
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "55016"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
ports:
- name: http2
port: 80
protocol: TCP
- name: status-port
port: 15020
protocol: TCP
- name: https
port: 443
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:50Z"
creationTimestamp: "2019-12-03T10:53:29Z"
labels:
app: pilot
chart: pilot
heritage: Tiller
istio: pilot
release: RELEASE-NAME
name: istio-pilot
namespace: istio-system
resourceVersion: "54948"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-pilot
uid: 23d5b800-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.48.51
nodeName: ip-172-20-44-18.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54939"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
- ip: 172.20.95.245
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54945"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
ports:
- name: http-monitoring
port: 15014
protocol: TCP
- name: grpc-xds
port: 15010
protocol: TCP
- name: http-legacy-discovery
port: 8080
protocol: TCP
- name: https-xds
port: 15011
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
creationTimestamp: "2019-12-03T10:53:28Z"
labels:
app: mixer
chart: mixer
heritage: Tiller
istio: mixer
release: RELEASE-NAME
name: istio-policy
namespace: istio-system
resourceVersion: "54874"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-policy
uid: 2380258c-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.80.221
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54840"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
ports:
- name: http-monitoring
port: 15014
protocol: TCP
- name: grpc-mixer
port: 9091
protocol: TCP
- name: grpc-mixer-mtls
port: 15004
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:39Z"
creationTimestamp: "2019-12-03T10:53:29Z"
labels:
app: sidecarInjectorWebhook
chart: sidecarInjectorWebhook
heritage: Tiller
istio: sidecar-injector
release: RELEASE-NAME
name: istio-sidecar-injector
namespace: istio-system
resourceVersion: "54893"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-sidecar-injector
uid: 2433ef3f-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.62.179
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
resourceVersion: "54891"
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
ports:
- name: http-monitoring
port: 15014
protocol: TCP
- name: https-inject
port: 443
protocol: TCP
- apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2019-12-03T12:23:52Z"
creationTimestamp: "2019-12-03T10:53:28Z"
labels:
app: mixer
chart: mixer
heritage: Tiller
istio: mixer
release: RELEASE-NAME
name: istio-telemetry
namespace: istio-system
resourceVersion: "54957"
selfLink: /api/v1/namespaces/istio-system/endpoints/istio-telemetry
uid: 23a9bcda-15bb-11ea-b5af-027e0b84da98
subsets:
- addresses:
- ip: 172.20.61.35
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal
targetRef:
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54954"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
ports:
- name: prometheus
port: 42422
protocol: TCP
- name: http-monitoring
port: 15014
protocol: TCP
- name: grpc-mixer
port: 9091
protocol: TCP
- name: grpc-mixer-mtls
port: 15004
protocol: TCP
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: events
-------
apiVersion: v1
items:
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Pod
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
resourceVersion: "54674"
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Successfully assigned istio-system/cluster-local-gateway-7458b849c7-7qhwk
to ip-172-20-83-101.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2bd7f4724
namespace: istio-system
resourceVersion: "3396"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2bd7f4724
uid: b4224484-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
resourceVersion: "54675"
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e5cea2a0
namespace: istio-system
resourceVersion: "3415"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e5cea2a0
uid: b4862504-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
resourceVersion: "54675"
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e90c2857
namespace: istio-system
resourceVersion: "3417"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2e90c2857
uid: b48e78e8-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
resourceVersion: "54675"
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2f337d713
namespace: istio-system
resourceVersion: "3422"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf2f337d713
uid: b4aa45e1-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 15
eventTime: null
firstTimestamp: "2019-12-03T12:23:27Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
resourceVersion: "54675"
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:55Z"
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503'
metadata:
creationTimestamp: "2019-12-03T12:23:27Z"
name: cluster-local-gateway-7458b849c7-7qhwk.15dcdbf33f5a1684
namespace: istio-system
resourceVersion: "3583"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-7qhwk.15dcdbf33f5a1684
uid: b56b64aa-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-86vsb
namespace: istio-system
resourceVersion: "43523"
uid: 2493b9c6-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-86vsb.15dcdbf2ae01d811
namespace: istio-system
resourceVersion: "3390"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-86vsb.15dcdbf2ae01d811
uid: b3f785b6-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 2
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-86vsb
namespace: istio-system
resourceVersion: "43523"
uid: 2493b9c6-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:28Z"
message: 'Readiness probe failed: Get http://172.20.55.86:15020/healthz/ready: dial
tcp 172.20.55.86:15020: connect: connection refused'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: cluster-local-gateway-7458b849c7-86vsb.15dcdbf3045ddf32
namespace: istio-system
resourceVersion: "3461"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-86vsb.15dcdbf3045ddf32
uid: b4d44baa-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-l5qpg
namespace: istio-system
resourceVersion: "43520"
uid: 2491b955-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b68c0608
namespace: istio-system
resourceVersion: "3394"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b68c0608
uid: b4115b83-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 3
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-l5qpg
namespace: istio-system
resourceVersion: "43520"
uid: 2491b955-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:29Z"
message: 'Readiness probe failed: Get http://172.20.86.34:15020/healthz/ready: dial
tcp 172.20.86.34:15020: connect: connection refused'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b96520a6
namespace: istio-system
resourceVersion: "3464"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-l5qpg.15dcdbf2b96520a6
uid: b41588f5-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Pod
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
resourceVersion: "54663"
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Successfully assigned istio-system/cluster-local-gateway-7458b849c7-t4clh
to ip-172-20-44-180.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf2b01dcb67
namespace: istio-system
resourceVersion: "3392"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf2b01dcb67
uid: b3fe6137-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
resourceVersion: "54664"
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf2e6725b0b
namespace: istio-system
resourceVersion: "3416"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf2e6725b0b
uid: b487bc01-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
resourceVersion: "54664"
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf2eaea886c
namespace: istio-system
resourceVersion: "3418"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf2eaea886c
uid: b493637f-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
resourceVersion: "54664"
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf3006a8c1e
namespace: istio-system
resourceVersion: "3433"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf3006a8c1e
uid: b4ca36ad-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 14
eventTime: null
firstTimestamp: "2019-12-03T12:23:29Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
resourceVersion: "54664"
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:55Z"
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503'
metadata:
creationTimestamp: "2019-12-03T12:23:29Z"
name: cluster-local-gateway-7458b849c7-t4clh.15dcdbf3bb94af6c
namespace: istio-system
resourceVersion: "3584"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7-t4clh.15dcdbf3bb94af6c
uid: b6a960a5-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: cluster-local-gateway-7458b849c7
namespace: istio-system
resourceVersion: "43890"
uid: 2490d050-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Created pod: cluster-local-gateway-7458b849c7-t4clh'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7.15dcdbf2b0a30ace
namespace: istio-system
resourceVersion: "3393"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7.15dcdbf2b0a30ace
uid: b3ff93bc-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: cluster-local-gateway-7458b849c7
namespace: istio-system
resourceVersion: "54670"
uid: 2490d050-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Created pod: cluster-local-gateway-7458b849c7-7qhwk'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: cluster-local-gateway-7458b849c7.15dcdbf2bd76aedf
namespace: istio-system
resourceVersion: "3397"
selfLink: /api/v1/namespaces/istio-system/events/cluster-local-gateway-7458b849c7.15dcdbf2bd76aedf
uid: b423f3a0-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{citadel}
kind: Pod
name: istio-citadel-685c4d4b68-7qk6b
namespace: istio-system
resourceVersion: "43575"
uid: 2567dc40-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container citadel
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-citadel-685c4d4b68-7qk6b.15dcdbf2c1feaf9a
namespace: istio-system
resourceVersion: "3398"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-7qk6b.15dcdbf2c1feaf9a
uid: b42d0193-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-citadel-685c4d4b68-bzvxj
namespace: istio-system
resourceVersion: "54682"
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Successfully assigned istio-system/istio-citadel-685c4d4b68-bzvxj to ip-172-20-44-180.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf2ccca0e42
namespace: istio-system
resourceVersion: "3402"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf2ccca0e42
uid: b447bf36-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{citadel}
kind: Pod
name: istio-citadel-685c4d4b68-bzvxj
namespace: istio-system
resourceVersion: "54689"
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Container image "docker.io/istio/citadel:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf303ff04f1
namespace: istio-system
resourceVersion: "3435"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf303ff04f1
uid: b4d35d62-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{citadel}
kind: Pod
name: istio-citadel-685c4d4b68-bzvxj
namespace: istio-system
resourceVersion: "54689"
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Created container citadel
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf308413d4a
namespace: istio-system
resourceVersion: "3437"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf308413d4a
uid: b4de390d-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{citadel}
kind: Pod
name: istio-citadel-685c4d4b68-bzvxj
namespace: istio-system
resourceVersion: "54689"
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Started container citadel
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-citadel-685c4d4b68-bzvxj.15dcdbf31677545f
namespace: istio-system
resourceVersion: "3448"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68-bzvxj.15dcdbf31677545f
uid: b50298c7-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-citadel-685c4d4b68
namespace: istio-system
resourceVersion: "43642"
uid: 256769b7-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Created pod: istio-citadel-685c4d4b68-bzvxj'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-citadel-685c4d4b68.15dcdbf2c43a73db
namespace: istio-system
resourceVersion: "3399"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel-685c4d4b68.15dcdbf2c43a73db
uid: b4333d58-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Endpoints
name: istio-citadel
namespace: istio-system
resourceVersion: "43645"
uid: 24000200-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Failed to update endpoint istio-system/istio-citadel: Operation cannot
be fulfilled on endpoints "istio-citadel": the object has been modified; please
apply your changes to the latest version and try again'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-citadel.15dcdbf2c9fdce49
namespace: istio-system
resourceVersion: "3400"
selfLink: /api/v1/namespaces/istio-system/events/istio-citadel.15dcdbf2c9fdce49
uid: b443fdcb-15c7-11ea-b5af-027e0b84da98
reason: FailedToUpdateEndpoint
reportingComponent: ""
reportingInstance: ""
source:
component: endpoint-controller
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
resourceVersion: "54695"
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Successfully assigned istio-system/istio-galley-5f5b6f77bb-cqp6q to ip-172-20-44-180.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf2d19bc593
namespace: istio-system
resourceVersion: "3405"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf2d19bc593
uid: b4531c49-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{galley}
kind: Pod
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
resourceVersion: "54698"
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Pulling image "docker.io/istio/galley:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf30a54e1da
namespace: istio-system
resourceVersion: "3440"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf30a54e1da
uid: b4e573db-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:31Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{galley}
kind: Pod
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
resourceVersion: "54698"
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:31Z"
message: Successfully pulled image "docker.io/istio/galley:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:31Z"
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf44c67b996
namespace: istio-system
resourceVersion: "3482"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf44c67b996
uid: b81c18cd-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{galley}
kind: Pod
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
resourceVersion: "54698"
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Created container galley
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf44f285bdb
namespace: istio-system
resourceVersion: "3483"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf44f285bdb
uid: b823183f-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{galley}
kind: Pod
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
resourceVersion: "54698"
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Started container galley
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-galley-5f5b6f77bb-cqp6q.15dcdbf456c99939
namespace: istio-system
resourceVersion: "3487"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-cqp6q.15dcdbf456c99939
uid: b8369b74-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{galley}
kind: Pod
name: istio-galley-5f5b6f77bb-dxvp2
namespace: istio-system
resourceVersion: "43511"
uid: 24687871-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container galley
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-galley-5f5b6f77bb-dxvp2.15dcdbf2ceeffd5a
namespace: istio-system
resourceVersion: "3403"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb-dxvp2.15dcdbf2ceeffd5a
uid: b44cf11f-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-galley-5f5b6f77bb
namespace: istio-system
resourceVersion: "43756"
uid: 2465da7d-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Created pod: istio-galley-5f5b6f77bb-cqp6q'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-galley-5f5b6f77bb.15dcdbf2cf1852d1
namespace: istio-system
resourceVersion: "3404"
selfLink: /api/v1/namespaces/istio-system/events/istio-galley-5f5b6f77bb.15dcdbf2cf1852d1
uid: b450e57e-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-2p2qt
namespace: istio-system
resourceVersion: "43699"
uid: 2f0374e4-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container ingress-sds
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49b4f6e
namespace: istio-system
resourceVersion: "3407"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49b4f6e
uid: b45c93cd-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-2p2qt
namespace: istio-system
resourceVersion: "43699"
uid: 2f0374e4-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49e1109
namespace: istio-system
resourceVersion: "3406"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf2d49e1109
uid: b45a59a2-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 2
eventTime: null
firstTimestamp: "2019-12-03T12:23:27Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-2p2qt
namespace: istio-system
resourceVersion: "43699"
uid: 2f0374e4-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:29Z"
message: 'Readiness probe failed: Get http://172.20.81.53:15020/healthz/ready: dial
tcp 172.20.81.53:15020: connect: connection refused'
metadata:
creationTimestamp: "2019-12-03T12:23:27Z"
name: istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf347657851
namespace: istio-system
resourceVersion: "3468"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-2p2qt.15dcdbf347657851
uid: b57fea35-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-kxpkl
namespace: istio-system
resourceVersion: "43533"
uid: 24bb0759-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container ingress-sds
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacb82a6
namespace: istio-system
resourceVersion: "3411"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacb82a6
uid: b46a1227-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-kxpkl
namespace: istio-system
resourceVersion: "43533"
uid: 24bb0759-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacf76e5
namespace: istio-system
resourceVersion: "3412"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf2dacf76e5
uid: b46bb7b3-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 2
eventTime: null
firstTimestamp: "2019-12-03T12:23:27Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-kxpkl
namespace: istio-system
resourceVersion: "43533"
uid: 24bb0759-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:29Z"
message: 'Readiness probe failed: Get http://172.20.52.161:15020/healthz/ready:
dial tcp 172.20.52.161:15020: connect: connection refused'
metadata:
creationTimestamp: "2019-12-03T12:23:27Z"
name: istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf3293f5967
namespace: istio-system
resourceVersion: "3463"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-kxpkl.15dcdbf3293f5967
uid: b532c31d-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54705"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Successfully assigned istio-system/istio-ingressgateway-84dfb78dfb-qlpxr
to ip-172-20-44-180.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf2d70e649b
namespace: istio-system
resourceVersion: "3408"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf2d70e649b
uid: b4606fbe-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:27Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:27Z"
message: Pulling image "docker.io/istio/node-agent-k8s:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:27Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf335b3c457
namespace: istio-system
resourceVersion: "3453"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf335b3c457
uid: b5528f17-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:36Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:36Z"
message: Successfully pulled image "docker.io/istio/node-agent-k8s:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:36Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5683cfdbf
namespace: istio-system
resourceVersion: "3510"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5683cfdbf
uid: baf2ae3b-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:36Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:36Z"
message: Created container ingress-sds
metadata:
creationTimestamp: "2019-12-03T12:23:36Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf56b5d345d
namespace: istio-system
resourceVersion: "3511"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf56b5d345d
uid: bafaab9b-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:37Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:37Z"
message: Started container ingress-sds
metadata:
creationTimestamp: "2019-12-03T12:23:37Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57901ea79
namespace: istio-system
resourceVersion: "3512"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57901ea79
uid: bb1d99e2-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:37Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:37Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:37Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf579774bf1
namespace: istio-system
resourceVersion: "3513"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf579774bf1
uid: bb1ec53a-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:37Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:37Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:37Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57d0a4b9f
namespace: istio-system
resourceVersion: "3514"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf57d0a4b9f
uid: bb27f052-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:37Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:37Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:37Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf584c586f5
namespace: istio-system
resourceVersion: "3515"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf584c586f5
uid: bb3bbd89-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 9
eventTime: null
firstTimestamp: "2019-12-03T12:23:38Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
resourceVersion: "54708"
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:54Z"
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503'
metadata:
creationTimestamp: "2019-12-03T12:23:38Z"
name: istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5ce6fcd7d
namespace: istio-system
resourceVersion: "3582"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-qlpxr.15dcdbf5ce6fcd7d
uid: bbf847c9-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54716"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: Successfully assigned istio-system/istio-ingressgateway-84dfb78dfb-zqbxn
to ip-172-20-67-65.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf2e02ea367
namespace: istio-system
resourceVersion: "3414"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf2e02ea367
uid: b4790358-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Pulling image "docker.io/istio/node-agent-k8s:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf309c318cc
namespace: istio-system
resourceVersion: "3438"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf309c318cc
uid: b4e22595-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:31Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:31Z"
message: Successfully pulled image "docker.io/istio/node-agent-k8s:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:31Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf436ad89fe
namespace: istio-system
resourceVersion: "3477"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf436ad89fe
uid: b7e4941e-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:31Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:31Z"
message: Created container ingress-sds
metadata:
creationTimestamp: "2019-12-03T12:23:31Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf43984ef7f
namespace: istio-system
resourceVersion: "3478"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf43984ef7f
uid: b7ebc1b8-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:31Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{ingress-sds}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:31Z"
message: Started container ingress-sds
metadata:
creationTimestamp: "2019-12-03T12:23:31Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4448e69ae
namespace: istio-system
resourceVersion: "3479"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4448e69ae
uid: b8080951-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:31Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:31Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:31Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf444b0b4e9
namespace: istio-system
resourceVersion: "3480"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf444b0b4e9
uid: b8089e79-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:31Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:31Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:31Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf44801e9a9
namespace: istio-system
resourceVersion: "3481"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf44801e9a9
uid: b81122ae-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf45026f7a6
namespace: istio-system
resourceVersion: "3484"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf45026f7a6
uid: b825b4e8-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 18
eventTime: null
firstTimestamp: "2019-12-03T12:23:33Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
resourceVersion: "54719"
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:24:07Z"
message: 'Readiness probe failed: HTTP probe failed with statuscode: 503'
metadata:
creationTimestamp: "2019-12-03T12:23:33Z"
name: istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4adc23e54
namespace: istio-system
resourceVersion: "3599"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb-zqbxn.15dcdbf4adc23e54
uid: b91553d0-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-ingressgateway-84dfb78dfb
namespace: istio-system
resourceVersion: "44073"
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Created pod: istio-ingressgateway-84dfb78dfb-qlpxr'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb.15dcdbf2d6361923
namespace: istio-system
resourceVersion: "3409"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb.15dcdbf2d6361923
uid: b45ff299-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:25Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-ingressgateway-84dfb78dfb
namespace: istio-system
resourceVersion: "54712"
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Created pod: istio-ingressgateway-84dfb78dfb-zqbxn'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway-84dfb78dfb.15dcdbf2dda23987
namespace: istio-system
resourceVersion: "3413"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway-84dfb78dfb.15dcdbf2dda23987
uid: b471f268-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 2
eventTime: null
firstTimestamp: "2019-12-03T10:53:48Z"
involvedObject:
apiVersion: v1
kind: Endpoints
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "44075"
uid: 23589228-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:25Z"
message: 'Failed to update endpoint istio-system/istio-ingressgateway: Operation
cannot be fulfilled on endpoints "istio-ingressgateway": the object has been modified;
please apply your changes to the latest version and try again'
metadata:
creationTimestamp: "2019-12-03T12:23:25Z"
name: istio-ingressgateway.15dcd70ecb8587ff
namespace: istio-system
resourceVersion: "3410"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway.15dcd70ecb8587ff
uid: b4629ec6-15c7-11ea-b5af-027e0b84da98
reason: FailedToUpdateEndpoint
reportingComponent: ""
reportingInstance: ""
source:
component: endpoint-controller
type: Warning
- apiVersion: v1
count: 567
eventTime: null
firstTimestamp: "2019-12-03T10:54:02Z"
involvedObject:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "43691"
uid: 25bedba4-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T13:18:57Z"
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)'
metadata:
creationTimestamp: "2019-12-03T10:54:02Z"
name: istio-ingressgateway.15dcd7123ba19467
namespace: istio-system
resourceVersion: "3748"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway.15dcd7123ba19467
uid: 37f13537-15bb-11ea-b5af-027e0b84da98
reason: FailedGetResourceMetric
reportingComponent: ""
reportingInstance: ""
source:
component: horizontal-pod-autoscaler
type: Warning
- apiVersion: v1
count: 469
eventTime: null
firstTimestamp: "2019-12-03T10:54:02Z"
involvedObject:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "43766"
uid: 25bedba4-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:53:49Z"
message: 'failed to get cpu utilization: unable to get metrics for resource cpu:
unable to fetch metrics from resource metrics API: the server could not find the
requested resource (get pods.metrics.k8s.io)'
metadata:
creationTimestamp: "2019-12-03T12:53:49Z"
name: istio-ingressgateway.15dcd7123bd3345e
namespace: istio-system
resourceVersion: "3708"
selfLink: /api/v1/namespaces/istio-system/events/istio-ingressgateway.15dcd7123bd3345e
uid: f370448e-15cb-11ea-b5af-027e0b84da98
reason: FailedComputeMetricsReplicas
reportingComponent: ""
reportingInstance: ""
source:
component: horizontal-pod-autoscaler
type: Warning
- apiVersion: v1
count: 4
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54744"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:35Z"
message: '0/6 nodes are available: 1 node(s) had taints that the pod didn''t tolerate,
5 Insufficient cpu.'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf2f9124b4a
namespace: istio-system
resourceVersion: "3505"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf2f9124b4a
uid: b4b8af51-15c7-11ea-b5af-027e0b84da98
reason: FailedScheduling
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:44Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54747"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:44Z"
message: Successfully assigned istio-system/istio-pilot-7dbfbcf744-26cvg to ip-172-20-67-65.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:44Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf743f5a562
namespace: istio-system
resourceVersion: "3546"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf743f5a562
uid: bfb5a394-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54919"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Container image "docker.io/istio/pilot:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf76816583d
namespace: istio-system
resourceVersion: "3547"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf76816583d
uid: c01132c4-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54919"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Created container discovery
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf76b983a41
namespace: istio-system
resourceVersion: "3549"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf76b983a41
uid: c01b12f0-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54919"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Started container discovery
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf7753fba1b
namespace: istio-system
resourceVersion: "3551"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf7753fba1b
uid: c032c20a-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54919"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf7756006af
namespace: istio-system
resourceVersion: "3553"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf7756006af
uid: c0334c8c-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54919"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf77a66e6fa
namespace: istio-system
resourceVersion: "3557"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf77a66e6fa
uid: c03fed5a-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
resourceVersion: "54919"
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-pilot-7dbfbcf744-26cvg.15dcdbf7848e6fec
namespace: istio-system
resourceVersion: "3558"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-26cvg.15dcdbf7848e6fec
uid: c059ef41-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 4
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54734"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:30Z"
message: '0/6 nodes are available: 1 node(s) had taints that the pod didn''t tolerate,
5 Insufficient cpu.'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf2f354c2e0
namespace: istio-system
resourceVersion: "3471"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf2f354c2e0
uid: b4ab811c-15c7-11ea-b5af-027e0b84da98
reason: FailedScheduling
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:35Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54737"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:35Z"
message: Successfully assigned istio-system/istio-pilot-7dbfbcf744-7d6vr to ip-172-20-44-18.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:35Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf52ae3f1d6
namespace: istio-system
resourceVersion: "3507"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf52ae3f1d6
uid: ba579150-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:36Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:36Z"
message: Pulling image "docker.io/istio/pilot:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:36Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf553cb146b
namespace: istio-system
resourceVersion: "3508"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf553cb146b
uid: babe724f-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:42Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:42Z"
message: Successfully pulled image "docker.io/istio/pilot:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:42Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6dafbb0b2
namespace: istio-system
resourceVersion: "3535"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6dafbb0b2
uid: bea81a1d-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:43Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:43Z"
message: Created container discovery
metadata:
creationTimestamp: "2019-12-03T12:23:43Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6de75d89f
namespace: istio-system
resourceVersion: "3536"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6de75d89f
uid: beb0b8ba-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:43Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:43Z"
message: Started container discovery
metadata:
creationTimestamp: "2019-12-03T12:23:43Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7c4c6b7
namespace: istio-system
resourceVersion: "3537"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7c4c6b7
uid: bec89341-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:43Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:43Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:43Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7fc0825
namespace: istio-system
resourceVersion: "3538"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6e7fc0825
uid: bec91fc4-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:43Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:43Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:43Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6eb1bc555
namespace: istio-system
resourceVersion: "3539"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6eb1bc555
uid: bed116d1-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:43Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
resourceVersion: "54853"
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:43Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:43Z"
name: istio-pilot-7dbfbcf744-7d6vr.15dcdbf6f39352c0
namespace: istio-system
resourceVersion: "3540"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7d6vr.15dcdbf6f39352c0
uid: bee6ca39-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-7vz47
namespace: istio-system
resourceVersion: "43712"
uid: 2f336a4d-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container discovery
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744-7vz47.15dcdbf2f25ef5e6
namespace: istio-system
resourceVersion: "3420"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7vz47.15dcdbf2f25ef5e6
uid: b4a6fe32-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-7vz47
namespace: istio-system
resourceVersion: "43712"
uid: 2f336a4d-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744-7vz47.15dcdbf2f261a4c6
namespace: istio-system
resourceVersion: "3419"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-7vz47.15dcdbf2f261a4c6
uid: b4a65f6d-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{discovery}
kind: Pod
name: istio-pilot-7dbfbcf744-89kmq
namespace: istio-system
resourceVersion: "43564"
uid: 253f2da9-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container discovery
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8361879
namespace: istio-system
resourceVersion: "3426"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8361879
uid: b4b890e0-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-pilot-7dbfbcf744-89kmq
namespace: istio-system
resourceVersion: "43564"
uid: 253f2da9-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8382a4e
namespace: istio-system
resourceVersion: "3425"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744-89kmq.15dcdbf2f8382a4e
uid: b4b544f5-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-pilot-7dbfbcf744
namespace: istio-system
resourceVersion: "43881"
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: 'Created pod: istio-pilot-7dbfbcf744-7d6vr'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744.15dcdbf2f3a0fab7
namespace: istio-system
resourceVersion: "3421"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744.15dcdbf2f3a0fab7
uid: b4a99241-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-pilot-7dbfbcf744
namespace: istio-system
resourceVersion: "54739"
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: 'Created pod: istio-pilot-7dbfbcf744-26cvg'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-pilot-7dbfbcf744.15dcdbf2f9384b41
namespace: istio-system
resourceVersion: "3428"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot-7dbfbcf744.15dcdbf2f9384b41
uid: b4b9e8f3-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 567
eventTime: null
firstTimestamp: "2019-12-03T10:54:03Z"
involvedObject:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: istio-pilot
namespace: istio-system
resourceVersion: "43708"
uid: 263bc18a-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T13:18:57Z"
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)'
metadata:
creationTimestamp: "2019-12-03T10:54:03Z"
name: istio-pilot.15dcd7124f937454
namespace: istio-system
resourceVersion: "3751"
selfLink: /api/v1/namespaces/istio-system/events/istio-pilot.15dcd7124f937454
uid: 38243813-15bb-11ea-b5af-027e0b84da98
reason: FailedGetResourceMetric
reportingComponent: ""
reportingInstance: ""
source:
component: horizontal-pod-autoscaler
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-policy-65b67fd4f8-ljjpq
namespace: istio-system
resourceVersion: "43543"
uid: 24e420b1-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd48d683
namespace: istio-system
resourceVersion: "3430"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd48d683
uid: b4c4990a-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-policy-65b67fd4f8-ljjpq
namespace: istio-system
resourceVersion: "43543"
uid: 24e420b1-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container mixer
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd4c03ed
namespace: istio-system
resourceVersion: "3429"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-ljjpq.15dcdbf2fd4c03ed
uid: b4c2c0e9-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54753"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Successfully assigned istio-system/istio-policy-65b67fd4f8-zsdp8 to ip-172-20-83-101.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf2ff54ac14
namespace: istio-system
resourceVersion: "3432"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf2ff54ac14
uid: b4c7935e-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:27Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:27Z"
message: Pulling image "docker.io/istio/mixer:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:27Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf32489f005
namespace: istio-system
resourceVersion: "3449"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf32489f005
uid: b526b21d-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Successfully pulled image "docker.io/istio/mixer:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf46d5e674f
namespace: istio-system
resourceVersion: "3489"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf46d5e674f
uid: b8708bb3-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Created container mixer
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf470ec87a0
namespace: istio-system
resourceVersion: "3490"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf470ec87a0
uid: b8799984-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Started container mixer
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf47b2d4361
namespace: istio-system
resourceVersion: "3491"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf47b2d4361
uid: b893d6fd-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf47b6c8159
namespace: istio-system
resourceVersion: "3492"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf47b6c8159
uid: b8949ba8-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf47efc1212
namespace: istio-system
resourceVersion: "3493"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf47efc1212
uid: b89da06c-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:33Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:33Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:33Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf489b640b9
namespace: istio-system
resourceVersion: "3494"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf489b640b9
uid: b8b913f7-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:40Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
resourceVersion: "54756"
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:40Z"
message: 'Liveness probe failed: Get http://172.20.80.221:15014/version: dial tcp
172.20.80.221:15014: connect: connection refused'
metadata:
creationTimestamp: "2019-12-03T12:23:40Z"
name: istio-policy-65b67fd4f8-zsdp8.15dcdbf660bd8153
namespace: istio-system
resourceVersion: "3530"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8-zsdp8.15dcdbf660bd8153
uid: bd6ee6b2-15c7-11ea-b5af-027e0b84da98
reason: Unhealthy
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-policy-65b67fd4f8
namespace: istio-system
resourceVersion: "43648"
uid: 24e34d8a-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: 'Created pod: istio-policy-65b67fd4f8-zsdp8'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-policy-65b67fd4f8.15dcdbf2fe0607d7
namespace: istio-system
resourceVersion: "3431"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy-65b67fd4f8.15dcdbf2fe0607d7
uid: b4c524b7-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 568
eventTime: null
firstTimestamp: "2019-12-03T10:53:48Z"
involvedObject:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: istio-policy
namespace: istio-system
resourceVersion: "43598"
uid: 25e873be-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T13:18:57Z"
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)'
metadata:
creationTimestamp: "2019-12-03T10:53:48Z"
name: istio-policy.15dcd70ec21658e0
namespace: istio-system
resourceVersion: "3749"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy.15dcd70ec21658e0
uid: 2f124a0a-15bb-11ea-b5af-027e0b84da98
reason: FailedGetResourceMetric
reportingComponent: ""
reportingInstance: ""
source:
component: horizontal-pod-autoscaler
type: Warning
- apiVersion: v1
count: 509
eventTime: null
firstTimestamp: "2019-12-03T10:53:48Z"
involvedObject:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: istio-policy
namespace: istio-system
resourceVersion: "43696"
uid: 25e873be-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T13:03:51Z"
message: 'failed to get cpu utilization: unable to get metrics for resource cpu:
unable to fetch metrics from resource metrics API: the server could not find the
requested resource (get pods.metrics.k8s.io)'
metadata:
creationTimestamp: "2019-12-03T13:03:51Z"
name: istio-policy.15dcd70ec6df95d2
namespace: istio-system
resourceVersion: "3723"
selfLink: /api/v1/namespaces/istio-system/events/istio-policy.15dcd70ec6df95d2
uid: 5a1aaf28-15cd-11ea-b5af-027e0b84da98
reason: FailedComputeMetricsReplicas
reportingComponent: ""
reportingInstance: ""
source:
component: horizontal-pod-autoscaler
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{sidecar-injector-webhook}
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-ptj82
namespace: istio-system
resourceVersion: "43587"
uid: 259184a9-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container sidecar-injector-webhook
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-sidecar-injector-85bc5dfb7c-ptj82.15dcdbf30a38e967
namespace: istio-system
resourceVersion: "3439"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-ptj82.15dcdbf30a38e967
uid: b4e3493b-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
resourceVersion: "54766"
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Successfully assigned istio-system/istio-sidecar-injector-85bc5dfb7c-zvx9k
to ip-172-20-40-226.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf30b7453cd
namespace: istio-system
resourceVersion: "3443"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf30b7453cd
uid: b4e763b3-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:27Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{sidecar-injector-webhook}
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
resourceVersion: "54769"
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:27Z"
message: Pulling image "docker.io/istio/sidecar_injector:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:27Z"
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf3304f0209
namespace: istio-system
resourceVersion: "3451"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf3304f0209
uid: b544d6c7-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{sidecar-injector-webhook}
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
resourceVersion: "54769"
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Successfully pulled image "docker.io/istio/sidecar_injector:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf4527775a8
namespace: istio-system
resourceVersion: "3485"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf4527775a8
uid: b82ba809-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{sidecar-injector-webhook}
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
resourceVersion: "54769"
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Created container sidecar-injector-webhook
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf455162d96
namespace: istio-system
resourceVersion: "3486"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf455162d96
uid: b83285da-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:32Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{sidecar-injector-webhook}
kind: Pod
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
resourceVersion: "54769"
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:32Z"
message: Started container sidecar-injector-webhook
metadata:
creationTimestamp: "2019-12-03T12:23:32Z"
name: istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf45da70eaf
namespace: istio-system
resourceVersion: "3488"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c-zvx9k.15dcdbf45da70eaf
uid: b8485a4f-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-sidecar-injector-85bc5dfb7c
namespace: istio-system
resourceVersion: "43724"
uid: 2590ddf3-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: 'Created pod: istio-sidecar-injector-85bc5dfb7c-zvx9k'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-sidecar-injector-85bc5dfb7c.15dcdbf30abc004f
namespace: istio-system
resourceVersion: "3441"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector-85bc5dfb7c.15dcdbf30abc004f
uid: b4e59a59-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
kind: Endpoints
name: istio-sidecar-injector
namespace: istio-system
resourceVersion: "43726"
uid: 2433ef3f-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: 'Failed to update endpoint istio-system/istio-sidecar-injector: Operation
cannot be fulfilled on endpoints "istio-sidecar-injector": the object has been
modified; please apply your changes to the latest version and try again'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-sidecar-injector.15dcdbf30b7ca5e6
namespace: istio-system
resourceVersion: "3442"
selfLink: /api/v1/namespaces/istio-system/events/istio-sidecar-injector.15dcdbf30b7ca5e6
uid: b4e7658d-15c7-11ea-b5af-027e0b84da98
reason: FailedToUpdateEndpoint
reportingComponent: ""
reportingInstance: ""
source:
component: endpoint-controller
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-telemetry-8bc7955f7-9ffqq
namespace: istio-system
resourceVersion: "43551"
uid: 2512a981-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-telemetry-8bc7955f7-9ffqq.15dcdbf31033b57e
namespace: istio-system
resourceVersion: "3445"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-9ffqq.15dcdbf31033b57e
uid: b4f51aa7-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-telemetry-8bc7955f7-9ffqq
namespace: istio-system
resourceVersion: "43551"
uid: 2512a981-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: Stopping container mixer
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-telemetry-8bc7955f7-9ffqq.15dcdbf31037494a
namespace: istio-system
resourceVersion: "3444"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-9ffqq.15dcdbf31037494a
uid: b4f2ee2d-15c7-11ea-b5af-027e0b84da98
reason: Killing
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 4
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54778"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:35Z"
message: '0/6 nodes are available: 1 node(s) had taints that the pod didn''t tolerate,
5 Insufficient cpu.'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf311773823
namespace: istio-system
resourceVersion: "3506"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf311773823
uid: b4f74aa5-15c7-11ea-b5af-027e0b84da98
reason: FailedScheduling
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Warning
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:44Z"
involvedObject:
apiVersion: v1
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54780"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:44Z"
message: Successfully assigned istio-system/istio-telemetry-8bc7955f7-vhv6k to ip-172-20-40-226.ap-southeast-1.compute.internal
metadata:
creationTimestamp: "2019-12-03T12:23:44Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf743f1cc4a
namespace: istio-system
resourceVersion: "3545"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf743f1cc4a
uid: bfb4af0d-15c7-11ea-b5af-027e0b84da98
reason: Scheduled
reportingComponent: ""
reportingInstance: ""
source:
component: default-scheduler
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:45Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:45Z"
message: Pulling image "docker.io/istio/mixer:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:45Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf76bf18b7c
namespace: istio-system
resourceVersion: "3548"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf76bf18b7c
uid: c01b1526-15c7-11ea-b5af-027e0b84da98
reason: Pulling
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:50Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:50Z"
message: Successfully pulled image "docker.io/istio/mixer:1.4.0"
metadata:
creationTimestamp: "2019-12-03T12:23:50Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a401bfcb
namespace: istio-system
resourceVersion: "3569"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a401bfcb
uid: c339f386-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:50Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:50Z"
message: Created container mixer
metadata:
creationTimestamp: "2019-12-03T12:23:50Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a6d766d5
namespace: istio-system
resourceVersion: "3570"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8a6d766d5
uid: c3411473-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:50Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{mixer}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:50Z"
message: Started container mixer
metadata:
creationTimestamp: "2019-12-03T12:23:50Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4786e91
namespace: istio-system
resourceVersion: "3571"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4786e91
uid: c363fd18-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:50Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:50Z"
message: Container image "docker.io/istio/proxyv2:1.4.0" already present on machine
metadata:
creationTimestamp: "2019-12-03T12:23:50Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4b1656e
namespace: istio-system
resourceVersion: "3572"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b4b1656e
uid: c3649166-15c7-11ea-b5af-027e0b84da98
reason: Pulled
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:50Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:50Z"
message: Created container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:50Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b9b6df83
namespace: istio-system
resourceVersion: "3573"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8b9b6df83
uid: c3715d03-15c7-11ea-b5af-027e0b84da98
reason: Created
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:51Z"
involvedObject:
apiVersion: v1
fieldPath: spec.containers{istio-proxy}
kind: Pod
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
resourceVersion: "54920"
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:51Z"
message: Started container istio-proxy
metadata:
creationTimestamp: "2019-12-03T12:23:51Z"
name: istio-telemetry-8bc7955f7-vhv6k.15dcdbf8c3d91fbc
namespace: istio-system
resourceVersion: "3574"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7-vhv6k.15dcdbf8c3d91fbc
uid: c38b7e51-15c7-11ea-b5af-027e0b84da98
reason: Started
reportingComponent: ""
reportingInstance: ""
source:
component: kubelet
host: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Normal
- apiVersion: v1
count: 1
eventTime: null
firstTimestamp: "2019-12-03T12:23:26Z"
involvedObject:
apiVersion: apps/v1
kind: ReplicaSet
name: istio-telemetry-8bc7955f7
namespace: istio-system
resourceVersion: "43661"
uid: 2512191f-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T12:23:26Z"
message: 'Created pod: istio-telemetry-8bc7955f7-vhv6k'
metadata:
creationTimestamp: "2019-12-03T12:23:26Z"
name: istio-telemetry-8bc7955f7.15dcdbf3116ac982
namespace: istio-system
resourceVersion: "3446"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry-8bc7955f7.15dcdbf3116ac982
uid: b4f6a88d-15c7-11ea-b5af-027e0b84da98
reason: SuccessfulCreate
reportingComponent: ""
reportingInstance: ""
source:
component: replicaset-controller
type: Normal
- apiVersion: v1
count: 568
eventTime: null
firstTimestamp: "2019-12-03T10:53:48Z"
involvedObject:
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
name: istio-telemetry
namespace: istio-system
resourceVersion: "43599"
uid: 2611aa94-15bb-11ea-b5af-027e0b84da98
kind: Event
lastTimestamp: "2019-12-03T13:18:57Z"
message: 'unable to get metrics for resource cpu: unable to fetch metrics from resource
metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)'
metadata:
creationTimestamp: "2019-12-03T10:53:48Z"
name: istio-telemetry.15dcd70ecb06feed
namespace: istio-system
resourceVersion: "3750"
selfLink: /api/v1/namespaces/istio-system/events/istio-telemetry.15dcd70ecb06feed
uid: 2f2bca81-15bb-11ea-b5af-027e0b84da98
reason: FailedGetResourceMetric
reportingComponent: ""
reportingInstance: ""
source:
component: horizontal-pod-autoscaler
type: Warning
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: limitranges
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: namespaces
-------
apiVersion: v1
items:
- apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2019-12-03T04:43:13Z"
name: default
resourceVersion: "158"
selfLink: /api/v1/namespaces/default
uid: 6a10d6e7-1587-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"labels":{"istio-injection":"disabled"},"name":"istio-system"}}
creationTimestamp: "2019-12-03T10:52:28Z"
labels:
istio-injection: disabled
name: istio-system
resourceVersion: "43255"
selfLink: /api/v1/namespaces/istio-system
uid: ffb3df9d-15ba-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"labels":{"istio-injection":"enabled","serving.knative.dev/release":"devel"},"name":"knative-serving"}}
creationTimestamp: "2019-12-03T10:54:03Z"
labels:
istio-injection: enabled
serving.knative.dev/release: devel
name: knative-serving
resourceVersion: "43770"
selfLink: /api/v1/namespaces/knative-serving
uid: 3870c561-15bb-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2019-12-03T04:43:09Z"
name: kube-node-lease
resourceVersion: "7"
selfLink: /api/v1/namespaces/kube-node-lease
uid: 681a31ea-1587-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2019-12-03T04:43:09Z"
name: kube-public
resourceVersion: "5"
selfLink: /api/v1/namespaces/kube-public
uid: 681974bf-1587-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
annotations:
addons.k8s.io/core.addons.k8s.io: '{"version":"1.4.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","manifestHash":"3ffe9ac576f9eec72e2bdfbd2ea17d56d9b17b90"}'
addons.k8s.io/dns-controller.addons.k8s.io: '{"version":"1.14.0-beta.2","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.12","manifestHash":"3a5efdd7920c96c09158ae60a67b28493b954d45"}'
addons.k8s.io/kube-dns.addons.k8s.io: '{"version":"1.14.13-kops.1","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.12","manifestHash":"0051963d9aa7cfc63509498f3ebd2a72fbb624f8"}'
addons.k8s.io/kubelet-api.rbac.addons.k8s.io: '{"version":"v0.0.1","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.9","manifestHash":"e1508d77cb4e527d7a2939babe36dc350dd83745"}'
addons.k8s.io/limit-range.addons.k8s.io: '{"version":"1.5.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","manifestHash":"2ea50e23f1a5aa41df3724630ac25173738cc90c"}'
addons.k8s.io/networking.amazon-vpc-routed-eni: '{"version":"1.5.0-kops.1","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.12","manifestHash":"7c1540b3529e1260c41a9e90ac709c0f672ad47e"}'
addons.k8s.io/rbac.addons.k8s.io: '{"version":"1.8.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"k8s-1.8","manifestHash":"5d53ce7b920cd1e8d65d2306d80a041420711914"}'
addons.k8s.io/storage-aws.addons.k8s.io: '{"version":"1.7.0","channel":"s3://nak3/example.cluster.k8s.local/addons/bootstrap-channel.yaml","id":"v1.7.0","manifestHash":"62705a596142e6cc283280e8aa973e51536994c5"}'
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"kube-system"}}
creationTimestamp: "2019-12-03T04:43:09Z"
name: kube-system
resourceVersion: "389"
selfLink: /api/v1/namespaces/kube-system
uid: 6818e75d-1587-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"serving-tests"}}
creationTimestamp: "2019-12-03T06:51:16Z"
labels:
istio-injection: enabled
name: serving-tests
resourceVersion: "46981"
selfLink: /api/v1/namespaces/serving-tests
uid: 4d7f1fcb-1599-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
- apiVersion: v1
kind: Namespace
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"serving-tests-alt"}}
creationTimestamp: "2019-12-03T06:51:16Z"
name: serving-tests-alt
resourceVersion: "15014"
selfLink: /api/v1/namespaces/serving-tests-alt
uid: 4da36e05-1599-11ea-b5af-027e0b84da98
spec:
finalizers:
- kubernetes
status:
phase: Active
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: nodes
-------
apiVersion: v1
items:
- apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2019-12-03T04:44:19Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/instance-type: t3.large
beta.kubernetes.io/os: linux
failure-domain.beta.kubernetes.io/region: ap-southeast-1
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a
kops.k8s.io/instancegroup: master-ap-southeast-1a
kubernetes.io/arch: amd64
kubernetes.io/hostname: ip-172-20-37-73.ap-southeast-1.compute.internal
kubernetes.io/os: linux
kubernetes.io/role: master
node-role.kubernetes.io/master: ""
name: ip-172-20-37-73.ap-southeast-1.compute.internal
resourceVersion: "60975"
selfLink: /api/v1/nodes/ip-172-20-37-73.ap-southeast-1.compute.internal
uid: 91d88796-1587-11ea-b5af-027e0b84da98
spec:
podCIDR: 172.20.128.0/24
providerID: aws:///ap-southeast-1a/i-0299c3739afd98ba7
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
status:
addresses:
- address: 172.20.37.73
type: InternalIP
- address: 18.141.24.94
type: ExternalIP
- address: ip-172-20-37-73.ap-southeast-1.compute.internal
type: InternalDNS
- address: ec2-18-141-24-94.ap-southeast-1.compute.amazonaws.com
type: ExternalDNS
- address: ip-172-20-37-73.ap-southeast-1.compute.internal
type: Hostname
allocatable:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: "57916492090"
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 7972780Ki
pods: "35"
capacity:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: 62843416Ki
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 8075180Ki
pods: "35"
conditions:
- lastHeartbeatTime: "2019-12-03T13:18:21Z"
lastTransitionTime: "2019-12-03T04:44:19Z"
message: kubelet has sufficient memory available
reason: KubeletHasSufficientMemory
status: "False"
type: MemoryPressure
- lastHeartbeatTime: "2019-12-03T13:18:21Z"
lastTransitionTime: "2019-12-03T04:44:19Z"
message: kubelet has no disk pressure
reason: KubeletHasNoDiskPressure
status: "False"
type: DiskPressure
- lastHeartbeatTime: "2019-12-03T13:18:21Z"
lastTransitionTime: "2019-12-03T04:44:19Z"
message: kubelet has sufficient PID available
reason: KubeletHasSufficientPID
status: "False"
type: PIDPressure
- lastHeartbeatTime: "2019-12-03T13:18:21Z"
lastTransitionTime: "2019-12-03T04:44:40Z"
message: kubelet is posting ready status
reason: KubeletReady
status: "True"
type: Ready
daemonEndpoints:
kubeletEndpoint:
Port: 10250
images:
- names:
- kopeio/etcd-manager@sha256:74b2866dd62eda22183ce06b8e6c1d2a499f1b281768a0fceee1890ea204fdef
- kopeio/etcd-manager:3.0.20190816
sizeBytes: 656348569
- names:
- protokube:1.14.0-beta.2
sizeBytes: 287898685
- names:
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
sizeBytes: 247322214
- names:
- k8s.gcr.io/kube-apiserver@sha256:8c43d27db9fc89f515ea35e6f7cd8cfe0429e9fc1a0cb7eda9ca9dced36675b0
- k8s.gcr.io/kube-apiserver:v1.14.6
sizeBytes: 209433406
- names:
- k8s.gcr.io/kube-controller-manager@sha256:1809ab49da73332ca9f8e46cb0a7b799375a49ed50996c579352fc6e880add95
- k8s.gcr.io/kube-controller-manager:v1.14.6
sizeBytes: 157458462
- names:
- kope/dns-controller@sha256:0ebcf793480436fac6ef9af42b465447c1e03b3fac9c258e8292c10063d3dee3
- kope/dns-controller:1.14.0-beta.2
sizeBytes: 122678800
- names:
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9
- k8s.gcr.io/kube-proxy:v1.14.6
sizeBytes: 82106236
- names:
- k8s.gcr.io/kube-scheduler@sha256:0147e498f115390c6276014c5ac038e1128ba1cc0d15d28c380ba5a8cab34851
- k8s.gcr.io/kube-scheduler:v1.14.6
sizeBytes: 81579742
- names:
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516
- k8s.gcr.io/pause-amd64:3.0
sizeBytes: 746888
nodeInfo:
architecture: amd64
bootID: b7ad2dae-68bc-4bca-b9ad-d53ba6446cd0
containerRuntimeVersion: docker://18.6.3
kernelVersion: 4.9.0-11-amd64
kubeProxyVersion: v1.14.6
kubeletVersion: v1.14.6
machineID: ec27af0a0426bb93177d40b41608d0de
operatingSystem: linux
osImage: Debian GNU/Linux 9 (stretch)
systemUUID: EC27AF0A-0426-BB93-177D-40B41608D0DE
- apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2019-12-03T04:45:02Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/instance-type: t3.large
beta.kubernetes.io/os: linux
failure-domain.beta.kubernetes.io/region: ap-southeast-1
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a
kops.k8s.io/instancegroup: nodes
kubernetes.io/arch: amd64
kubernetes.io/hostname: ip-172-20-40-226.ap-southeast-1.compute.internal
kubernetes.io/os: linux
kubernetes.io/role: node
node-role.kubernetes.io/node: ""
name: ip-172-20-40-226.ap-southeast-1.compute.internal
resourceVersion: "60971"
selfLink: /api/v1/nodes/ip-172-20-40-226.ap-southeast-1.compute.internal
uid: ab2dc16f-1587-11ea-b5af-027e0b84da98
spec:
podCIDR: 172.20.130.0/24
providerID: aws:///ap-southeast-1a/i-07165c474a3a1fd98
status:
addresses:
- address: 172.20.40.226
type: InternalIP
- address: 13.229.102.237
type: ExternalIP
- address: ip-172-20-40-226.ap-southeast-1.compute.internal
type: InternalDNS
- address: ec2-13-229-102-237.ap-southeast-1.compute.amazonaws.com
type: ExternalDNS
- address: ip-172-20-40-226.ap-southeast-1.compute.internal
type: Hostname
allocatable:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: "115894266893"
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 7972780Ki
pods: "35"
capacity:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: 125753328Ki
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 8075180Ki
pods: "35"
conditions:
- lastHeartbeatTime: "2019-12-03T13:18:20Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient memory available
reason: KubeletHasSufficientMemory
status: "False"
type: MemoryPressure
- lastHeartbeatTime: "2019-12-03T13:18:20Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has no disk pressure
reason: KubeletHasNoDiskPressure
status: "False"
type: DiskPressure
- lastHeartbeatTime: "2019-12-03T13:18:20Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient PID available
reason: KubeletHasSufficientPID
status: "False"
type: PIDPressure
- lastHeartbeatTime: "2019-12-03T13:18:20Z"
lastTransitionTime: "2019-12-03T04:45:22Z"
message: kubelet is posting ready status
reason: KubeletReady
status: "True"
type: Ready
daemonEndpoints:
kubeletEndpoint:
Port: 10250
images:
- names:
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14
- istio/proxyv2:1.3.5
sizeBytes: 295628711
- names:
- protokube:1.14.0-beta.2
sizeBytes: 287898685
- names:
- istio/kubectl@sha256:76c76dbed21c162dac9d6fa2337348eeaf5fb0f89a5c9857ff47f352cd6e82b4
- istio/kubectl:1.3.5
sizeBytes: 271562982
- names:
- istio/pilot@sha256:17aefbe996d67e9fdf5dbba90bdcf030333a0832a34bc66469472ce61d2eed76
- istio/pilot:1.3.5
sizeBytes: 268531301
- names:
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
sizeBytes: 247322214
- names:
- istio/citadel@sha256:8cd4eac4fb8f1f331b0a63bb628c560e9ac5509717c469a9f3f01dec61a2f825
- istio/citadel:1.3.5
sizeBytes: 241393987
- names:
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
- istio/proxyv2:1.4.0
sizeBytes: 236743155
- names:
- istio/kubectl@sha256:d62512cc4b10228512c86f63501b828b80c20e238452c429cfd62a9b9388cc54
- istio/kubectl:1.4.0
sizeBytes: 218715390
- names:
- istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938
- istio/sidecar_injector:1.4.0
sizeBytes: 196252897
- names:
- istio/proxy_init@sha256:8278995c58eef8cd4ba32cb8756e2b93a09708e39fc9c0381e90c8a4fb62a042
- istio/proxy_init:1.3.5
sizeBytes: 193060005
- names:
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d
- istio/node-agent-k8s:1.4.0
sizeBytes: 193009018
- names:
- istio/mixer@sha256:8fa82c01ce621a4643600e4c54d4bfa41875c0030e0b41a819dd0e5e75349376
- istio/mixer:1.3.5
sizeBytes: 92658350
- names:
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9
- k8s.gcr.io/kube-proxy:v1.14.6
sizeBytes: 82106236
- names:
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4
- istio/mixer:1.4.0
sizeBytes: 80456256
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-12c0fa24db31956a7cfa673210e4fa13@sha256:f74987342b3c7bcb8b95006f98a8efcfa19bd518430844df037cd5f29132c997
sizeBytes: 65899235
- names:
- gcr.io/gcp-compute-engine-223401/activator-ecd51ca5034883acbe737fde417a3d86@sha256:b2257a5f6e2427a5a96f6ea9ca2b652ee648e131e9a699df6e20b4bcfa4ef940
sizeBytes: 59323763
- names:
- gcr.io/gcp-compute-engine-223401/certmanager-f79b5bfeb092d099f0f3326024a30ebb@sha256:9f7622fd03d96c3262e71b4f6fb14455145041c81950b3efe10010c122974bed
sizeBytes: 58077460
- names:
- gcr.io/gcp-compute-engine-223401/istio-c58c0c8bb8ecc80f800bb788a425ae1d@sha256:ebdb4e8832e9574311494a31ea18dc63cf903e8dd7f0651d640eb2c7f252da2a
sizeBytes: 57052872
- names:
- gcr.io/gcp-compute-engine-223401/nscert-e3625dd01dcb901439f4630ab9789e75@sha256:77da0645be1369d0e56a1daa204da6de6661488eef5858a60dee9a052f02150c
sizeBytes: 56568040
- names:
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6
sizeBytes: 55354038
- names:
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516
- k8s.gcr.io/pause-amd64:3.0
sizeBytes: 746888
nodeInfo:
architecture: amd64
bootID: cf2549e6-50e0-4c1f-a09c-da8be985c8b8
containerRuntimeVersion: docker://18.6.3
kernelVersion: 4.9.0-11-amd64
kubeProxyVersion: v1.14.6
kubeletVersion: v1.14.6
machineID: ec22f1bbd486f63ef1252035db817620
operatingSystem: linux
osImage: Debian GNU/Linux 9 (stretch)
systemUUID: EC22F1BB-D486-F63E-F125-2035DB817620
- apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2019-12-03T04:45:02Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/instance-type: t3.large
beta.kubernetes.io/os: linux
failure-domain.beta.kubernetes.io/region: ap-southeast-1
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a
kops.k8s.io/instancegroup: nodes
kubernetes.io/arch: amd64
kubernetes.io/hostname: ip-172-20-44-18.ap-southeast-1.compute.internal
kubernetes.io/os: linux
kubernetes.io/role: node
node-role.kubernetes.io/node: ""
name: ip-172-20-44-18.ap-southeast-1.compute.internal
resourceVersion: "61033"
selfLink: /api/v1/nodes/ip-172-20-44-18.ap-southeast-1.compute.internal
uid: ab6ff308-1587-11ea-b5af-027e0b84da98
spec:
podCIDR: 172.20.132.0/24
providerID: aws:///ap-southeast-1a/i-08c20d344fa1fb6c5
status:
addresses:
- address: 172.20.44.18
type: InternalIP
- address: 54.179.175.206
type: ExternalIP
- address: ip-172-20-44-18.ap-southeast-1.compute.internal
type: InternalDNS
- address: ec2-54-179-175-206.ap-southeast-1.compute.amazonaws.com
type: ExternalDNS
- address: ip-172-20-44-18.ap-southeast-1.compute.internal
type: Hostname
allocatable:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: "115894266893"
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 7972788Ki
pods: "35"
capacity:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: 125753328Ki
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 8075188Ki
pods: "35"
conditions:
- lastHeartbeatTime: "2019-12-03T13:18:54Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient memory available
reason: KubeletHasSufficientMemory
status: "False"
type: MemoryPressure
- lastHeartbeatTime: "2019-12-03T13:18:54Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has no disk pressure
reason: KubeletHasNoDiskPressure
status: "False"
type: DiskPressure
- lastHeartbeatTime: "2019-12-03T13:18:54Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient PID available
reason: KubeletHasSufficientPID
status: "False"
type: PIDPressure
- lastHeartbeatTime: "2019-12-03T13:18:54Z"
lastTransitionTime: "2019-12-03T04:45:22Z"
message: kubelet is posting ready status
reason: KubeletReady
status: "True"
type: Ready
daemonEndpoints:
kubeletEndpoint:
Port: 10250
images:
- names:
- gcr.io/knative-samples/helloworld-go@sha256:5ea96ba4b872685ff4ddb5cd8d1a97ec18c18fae79ee8df0d29f446c5efe5f50
sizeBytes: 780868439
- names:
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14
- istio/proxyv2:1.3.5
sizeBytes: 295628711
- names:
- protokube:1.14.0-beta.2
sizeBytes: 287898685
- names:
- istio/kubectl@sha256:76c76dbed21c162dac9d6fa2337348eeaf5fb0f89a5c9857ff47f352cd6e82b4
- istio/kubectl:1.3.5
sizeBytes: 271562982
- names:
- istio/galley@sha256:de9c61c20d8e6b86b7761574789f1660d3b3fdff0463bfc24393e0d9c5985f53
- istio/galley:1.3.5
sizeBytes: 270017814
- names:
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
sizeBytes: 247322214
- names:
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
- istio/proxyv2:1.4.0
sizeBytes: 236743155
- names:
- istio/kubectl@sha256:d62512cc4b10228512c86f63501b828b80c20e238452c429cfd62a9b9388cc54
- istio/kubectl:1.4.0
sizeBytes: 218715390
- names:
- istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc
- istio/galley:1.4.0
sizeBytes: 212440743
- names:
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb
- istio/pilot:1.4.0
sizeBytes: 208430582
- names:
- istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938
- istio/sidecar_injector:1.4.0
sizeBytes: 196252897
- names:
- istio/citadel@sha256:e168f97716efd0a16a65ad19bdf6be5858c31e0499023b3a3ef15e9f4fcd6ef5
- istio/citadel:1.4.0
sizeBytes: 187942039
- names:
- istio/mixer@sha256:8fa82c01ce621a4643600e4c54d4bfa41875c0030e0b41a819dd0e5e75349376
- istio/mixer:1.3.5
sizeBytes: 92658350
- names:
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9
- k8s.gcr.io/kube-proxy:v1.14.6
sizeBytes: 82106236
- names:
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4
- istio/mixer:1.4.0
sizeBytes: 80456256
- names:
- gcr.io/gcp-compute-engine-223401/activator-ecd51ca5034883acbe737fde417a3d86@sha256:b2257a5f6e2427a5a96f6ea9ca2b652ee648e131e9a699df6e20b4bcfa4ef940
sizeBytes: 59323763
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec
sizeBytes: 58181702
- names:
- gcr.io/gcp-compute-engine-223401/queue-39be6f1d08a095bd076a71d288d295b6@sha256:8adf8f990b4485e7ead4dc9e6f8ddb3a19142835de95386428deb9ffde8d20b2
sizeBytes: 48155143
- names:
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516
- k8s.gcr.io/pause-amd64:3.0
sizeBytes: 746888
nodeInfo:
architecture: amd64
bootID: 6101bb52-01d3-4bdf-9e12-51188ec1cd60
containerRuntimeVersion: docker://18.6.3
kernelVersion: 4.9.0-11-amd64
kubeProxyVersion: v1.14.6
kubeletVersion: v1.14.6
machineID: ec2ed086b5b5c48fe013453c0596130e
operatingSystem: linux
osImage: Debian GNU/Linux 9 (stretch)
systemUUID: EC2ED086-B5B5-C48F-E013-453C0596130E
- apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2019-12-03T04:45:02Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/instance-type: t3.large
beta.kubernetes.io/os: linux
failure-domain.beta.kubernetes.io/region: ap-southeast-1
failure-domain.beta.kubernetes.io/zone: ap-southeast-1a
kops.k8s.io/instancegroup: nodes
kubernetes.io/arch: amd64
kubernetes.io/hostname: ip-172-20-44-180.ap-southeast-1.compute.internal
kubernetes.io/os: linux
kubernetes.io/role: node
node-role.kubernetes.io/node: ""
name: ip-172-20-44-180.ap-southeast-1.compute.internal
resourceVersion: "61029"
selfLink: /api/v1/nodes/ip-172-20-44-180.ap-southeast-1.compute.internal
uid: ab3fb0f5-1587-11ea-b5af-027e0b84da98
spec:
podCIDR: 172.20.131.0/24
providerID: aws:///ap-southeast-1a/i-0732cd8aeec90e874
status:
addresses:
- address: 172.20.44.180
type: InternalIP
- address: 54.179.147.153
type: ExternalIP
- address: ip-172-20-44-180.ap-southeast-1.compute.internal
type: InternalDNS
- address: ec2-54-179-147-153.ap-southeast-1.compute.amazonaws.com
type: ExternalDNS
- address: ip-172-20-44-180.ap-southeast-1.compute.internal
type: Hostname
allocatable:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: "115894266893"
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 7972788Ki
pods: "35"
capacity:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: 125753328Ki
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 8075188Ki
pods: "35"
conditions:
- lastHeartbeatTime: "2019-12-03T13:18:52Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient memory available
reason: KubeletHasSufficientMemory
status: "False"
type: MemoryPressure
- lastHeartbeatTime: "2019-12-03T13:18:52Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has no disk pressure
reason: KubeletHasNoDiskPressure
status: "False"
type: DiskPressure
- lastHeartbeatTime: "2019-12-03T13:18:52Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient PID available
reason: KubeletHasSufficientPID
status: "False"
type: PIDPressure
- lastHeartbeatTime: "2019-12-03T13:18:52Z"
lastTransitionTime: "2019-12-03T04:45:22Z"
message: kubelet is posting ready status
reason: KubeletReady
status: "True"
type: Ready
daemonEndpoints:
kubeletEndpoint:
Port: 10250
images:
- names:
- gcr.io/knative-samples/helloworld-go@sha256:5ea96ba4b872685ff4ddb5cd8d1a97ec18c18fae79ee8df0d29f446c5efe5f50
sizeBytes: 780868439
- names:
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14
- istio/proxyv2:1.3.5
sizeBytes: 295628711
- names:
- protokube:1.14.0-beta.2
sizeBytes: 287898685
- names:
- istio/node-agent-k8s@sha256:0a18362538b10523fe2a302ca88e6edd206661658ee43b1bc9e7e671cd2dc0b9
- istio/node-agent-k8s:1.3.5
sizeBytes: 250162398
- names:
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
sizeBytes: 247322214
- names:
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
- istio/proxyv2:1.4.0
sizeBytes: 236743155
- names:
- istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc
- istio/galley:1.4.0
sizeBytes: 212440743
- names:
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb
- istio/pilot:1.4.0
sizeBytes: 208430582
- names:
- istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938
- istio/sidecar_injector:1.4.0
sizeBytes: 196252897
- names:
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d
- istio/node-agent-k8s:1.4.0
sizeBytes: 193009018
- names:
- istio/citadel@sha256:e168f97716efd0a16a65ad19bdf6be5858c31e0499023b3a3ef15e9f4fcd6ef5
- istio/citadel:1.4.0
sizeBytes: 187942039
- names:
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9
- k8s.gcr.io/kube-proxy:v1.14.6
sizeBytes: 82106236
- names:
- gcr.io/gcp-compute-engine-223401/controller-f6fdb41c6acbc726e29a3104ff2ef720@sha256:7cde59d7e5e3f7891b57fb51ade68929b5220df54b70dc027a62018c54fe23d3
sizeBytes: 59788477
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec
sizeBytes: 58181702
- names:
- gcr.io/gcp-compute-engine-223401/certmanager-f79b5bfeb092d099f0f3326024a30ebb@sha256:9f7622fd03d96c3262e71b4f6fb14455145041c81950b3efe10010c122974bed
sizeBytes: 58077460
- names:
- gcr.io/gcp-compute-engine-223401/istio-c58c0c8bb8ecc80f800bb788a425ae1d@sha256:ebdb4e8832e9574311494a31ea18dc63cf903e8dd7f0651d640eb2c7f252da2a
sizeBytes: 57052872
- names:
- gcr.io/gcp-compute-engine-223401/nscert-e3625dd01dcb901439f4630ab9789e75@sha256:77da0645be1369d0e56a1daa204da6de6661488eef5858a60dee9a052f02150c
sizeBytes: 56568040
- names:
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6
sizeBytes: 55354038
- names:
- k8s.gcr.io/k8s-dns-kube-dns-amd64@sha256:618a82fa66cf0c75e4753369a6999032372be7308866fc9afb381789b1e5ad52
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.13
sizeBytes: 51157394
- names:
- gcr.io/gcp-compute-engine-223401/queue-39be6f1d08a095bd076a71d288d295b6@sha256:8adf8f990b4485e7ead4dc9e6f8ddb3a19142835de95386428deb9ffde8d20b2
sizeBytes: 48155143
- names:
- k8s.gcr.io/k8s-dns-sidecar-amd64@sha256:cedc8fe2098dffc26d17f64061296b7aa54258a31513b6c52df271a98bb522b3
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.13
sizeBytes: 42852039
- names:
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64@sha256:45df3e8e0c551bd0c79cdba48ae6677f817971dcbd1eeed7fd1f9a35118410e4
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.13
sizeBytes: 41372492
- names:
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516
- k8s.gcr.io/pause-amd64:3.0
sizeBytes: 746888
nodeInfo:
architecture: amd64
bootID: e6259c5a-c4b5-4882-a5cf-8b3021dc4550
containerRuntimeVersion: docker://18.6.3
kernelVersion: 4.9.0-11-amd64
kubeProxyVersion: v1.14.6
kubeletVersion: v1.14.6
machineID: ec26f7e1ac86f9b0ec326d2a53038716
operatingSystem: linux
osImage: Debian GNU/Linux 9 (stretch)
systemUUID: EC26F7E1-AC86-F9B0-EC32-6D2A53038716
- apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2019-12-03T04:45:04Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/instance-type: t3.large
beta.kubernetes.io/os: linux
failure-domain.beta.kubernetes.io/region: ap-southeast-1
failure-domain.beta.kubernetes.io/zone: ap-southeast-1b
kops.k8s.io/instancegroup: nodes
kubernetes.io/arch: amd64
kubernetes.io/hostname: ip-172-20-67-65.ap-southeast-1.compute.internal
kubernetes.io/os: linux
kubernetes.io/role: node
node-role.kubernetes.io/node: ""
name: ip-172-20-67-65.ap-southeast-1.compute.internal
resourceVersion: "61020"
selfLink: /api/v1/nodes/ip-172-20-67-65.ap-southeast-1.compute.internal
uid: ac415e24-1587-11ea-b5af-027e0b84da98
spec:
podCIDR: 172.20.133.0/24
providerID: aws:///ap-southeast-1b/i-00c1a6378957ee8f4
status:
addresses:
- address: 172.20.67.65
type: InternalIP
- address: 13.250.22.240
type: ExternalIP
- address: ip-172-20-67-65.ap-southeast-1.compute.internal
type: InternalDNS
- address: ec2-13-250-22-240.ap-southeast-1.compute.amazonaws.com
type: ExternalDNS
- address: ip-172-20-67-65.ap-southeast-1.compute.internal
type: Hostname
allocatable:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: "115894266893"
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 7972788Ki
pods: "35"
capacity:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: 125753328Ki
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 8075188Ki
pods: "35"
conditions:
- lastHeartbeatTime: "2019-12-03T13:18:47Z"
lastTransitionTime: "2019-12-03T04:45:04Z"
message: kubelet has sufficient memory available
reason: KubeletHasSufficientMemory
status: "False"
type: MemoryPressure
- lastHeartbeatTime: "2019-12-03T13:18:47Z"
lastTransitionTime: "2019-12-03T04:45:04Z"
message: kubelet has no disk pressure
reason: KubeletHasNoDiskPressure
status: "False"
type: DiskPressure
- lastHeartbeatTime: "2019-12-03T13:18:47Z"
lastTransitionTime: "2019-12-03T04:45:04Z"
message: kubelet has sufficient PID available
reason: KubeletHasSufficientPID
status: "False"
type: PIDPressure
- lastHeartbeatTime: "2019-12-03T13:18:47Z"
lastTransitionTime: "2019-12-03T04:45:24Z"
message: kubelet is posting ready status
reason: KubeletReady
status: "True"
type: Ready
daemonEndpoints:
kubeletEndpoint:
Port: 10250
images:
- names:
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14
- istio/proxyv2:1.3.5
sizeBytes: 295628711
- names:
- protokube:1.14.0-beta.2
sizeBytes: 287898685
- names:
- istio/kubectl@sha256:76c76dbed21c162dac9d6fa2337348eeaf5fb0f89a5c9857ff47f352cd6e82b4
- istio/kubectl:1.3.5
sizeBytes: 271562982
- names:
- istio/pilot@sha256:17aefbe996d67e9fdf5dbba90bdcf030333a0832a34bc66469472ce61d2eed76
- istio/pilot:1.3.5
sizeBytes: 268531301
- names:
- istio/sidecar_injector@sha256:484506534c3b1e7ef39575dbbc78b2a85457c5204e1d4a7e16e284c5a1cf0002
- istio/sidecar_injector:1.3.5
sizeBytes: 256818781
- names:
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
sizeBytes: 247322214
- names:
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
- istio/proxyv2:1.4.0
sizeBytes: 236743155
- names:
- istio/kubectl@sha256:d62512cc4b10228512c86f63501b828b80c20e238452c429cfd62a9b9388cc54
- istio/kubectl:1.4.0
sizeBytes: 218715390
- names:
- istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc
- istio/galley:1.4.0
sizeBytes: 212440743
- names:
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb
- istio/pilot:1.4.0
sizeBytes: 208430582
- names:
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d
- istio/node-agent-k8s:1.4.0
sizeBytes: 193009018
- names:
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9
- k8s.gcr.io/kube-proxy:v1.14.6
sizeBytes: 82106236
- names:
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4
- istio/mixer:1.4.0
sizeBytes: 80456256
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-12c0fa24db31956a7cfa673210e4fa13@sha256:f74987342b3c7bcb8b95006f98a8efcfa19bd518430844df037cd5f29132c997
sizeBytes: 65899235
- names:
- gcr.io/gcp-compute-engine-223401/controller-f6fdb41c6acbc726e29a3104ff2ef720@sha256:7cde59d7e5e3f7891b57fb51ade68929b5220df54b70dc027a62018c54fe23d3
sizeBytes: 59788477
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec
sizeBytes: 58181702
- names:
- gcr.io/gcp-compute-engine-223401/certmanager-f79b5bfeb092d099f0f3326024a30ebb@sha256:9f7622fd03d96c3262e71b4f6fb14455145041c81950b3efe10010c122974bed
sizeBytes: 58077460
- names:
- gcr.io/gcp-compute-engine-223401/nscert-e3625dd01dcb901439f4630ab9789e75@sha256:77da0645be1369d0e56a1daa204da6de6661488eef5858a60dee9a052f02150c
sizeBytes: 56568040
- names:
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6
sizeBytes: 55354038
- names:
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516
- k8s.gcr.io/pause-amd64:3.0
sizeBytes: 746888
nodeInfo:
architecture: amd64
bootID: 5cc4af93-5a4d-4476-9e57-7413e83a0444
containerRuntimeVersion: docker://18.6.3
kernelVersion: 4.9.0-11-amd64
kubeProxyVersion: v1.14.6
kubeletVersion: v1.14.6
machineID: ec21031918156b5eccab20d02c8221fe
operatingSystem: linux
osImage: Debian GNU/Linux 9 (stretch)
systemUUID: EC210319-1815-6B5E-CCAB-20D02C8221FE
- apiVersion: v1
kind: Node
metadata:
annotations:
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2019-12-03T04:45:02Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/instance-type: t3.large
beta.kubernetes.io/os: linux
failure-domain.beta.kubernetes.io/region: ap-southeast-1
failure-domain.beta.kubernetes.io/zone: ap-southeast-1b
kops.k8s.io/instancegroup: nodes
kubernetes.io/arch: amd64
kubernetes.io/hostname: ip-172-20-83-101.ap-southeast-1.compute.internal
kubernetes.io/os: linux
kubernetes.io/role: node
node-role.kubernetes.io/node: ""
name: ip-172-20-83-101.ap-southeast-1.compute.internal
resourceVersion: "61014"
selfLink: /api/v1/nodes/ip-172-20-83-101.ap-southeast-1.compute.internal
uid: aafe1a1b-1587-11ea-b5af-027e0b84da98
spec:
podCIDR: 172.20.129.0/24
providerID: aws:///ap-southeast-1b/i-0d393b2fa5cdc9ad4
status:
addresses:
- address: 172.20.83.101
type: InternalIP
- address: 13.229.237.26
type: ExternalIP
- address: ip-172-20-83-101.ap-southeast-1.compute.internal
type: InternalDNS
- address: ec2-13-229-237-26.ap-southeast-1.compute.amazonaws.com
type: ExternalDNS
- address: ip-172-20-83-101.ap-southeast-1.compute.internal
type: Hostname
allocatable:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: "115894266893"
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 7972780Ki
pods: "35"
capacity:
attachable-volumes-aws-ebs: "25"
cpu: "2"
ephemeral-storage: 125753328Ki
hugepages-1Gi: "0"
hugepages-2Mi: "0"
memory: 8075180Ki
pods: "35"
conditions:
- lastHeartbeatTime: "2019-12-03T13:18:44Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient memory available
reason: KubeletHasSufficientMemory
status: "False"
type: MemoryPressure
- lastHeartbeatTime: "2019-12-03T13:18:44Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has no disk pressure
reason: KubeletHasNoDiskPressure
status: "False"
type: DiskPressure
- lastHeartbeatTime: "2019-12-03T13:18:44Z"
lastTransitionTime: "2019-12-03T04:45:02Z"
message: kubelet has sufficient PID available
reason: KubeletHasSufficientPID
status: "False"
type: PIDPressure
- lastHeartbeatTime: "2019-12-03T13:18:44Z"
lastTransitionTime: "2019-12-03T04:45:22Z"
message: kubelet is posting ready status
reason: KubeletReady
status: "True"
type: Ready
daemonEndpoints:
kubeletEndpoint:
Port: 10250
images:
- names:
- gcr.io/knative-samples/helloworld-go@sha256:5ea96ba4b872685ff4ddb5cd8d1a97ec18c18fae79ee8df0d29f446c5efe5f50
sizeBytes: 780868439
- names:
- istio/proxyv2@sha256:245b1b40003654e9a9e3757196fa3cb506439cf8c98792c1552300528d8aea14
- istio/proxyv2:1.3.5
sizeBytes: 295628711
- names:
- protokube:1.14.0-beta.2
sizeBytes: 287898685
- names:
- istio/node-agent-k8s@sha256:0a18362538b10523fe2a302ca88e6edd206661658ee43b1bc9e7e671cd2dc0b9
- istio/node-agent-k8s:1.3.5
sizeBytes: 250162398
- names:
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni@sha256:81cd8a9d7ce75b2f7190296d5f9c43188d7e43e438a8e6dd11d36238ee36b5de
- 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
sizeBytes: 247322214
- names:
- istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
- istio/proxyv2:1.4.0
sizeBytes: 236743155
- names:
- istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb
- istio/pilot:1.4.0
sizeBytes: 208430582
- names:
- istio/proxy_init@sha256:8278995c58eef8cd4ba32cb8756e2b93a09708e39fc9c0381e90c8a4fb62a042
- istio/proxy_init:1.3.5
sizeBytes: 193060005
- names:
- istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d
- istio/node-agent-k8s:1.4.0
sizeBytes: 193009018
- names:
- k8s.gcr.io/kube-proxy@sha256:e5c364dc75d816132bebf2d84b35518f0661fdeae39c686d92f9e5f9a07e96b9
- k8s.gcr.io/kube-proxy:v1.14.6
sizeBytes: 82106236
- names:
- istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4
- istio/mixer:1.4.0
sizeBytes: 80456256
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-12c0fa24db31956a7cfa673210e4fa13@sha256:f74987342b3c7bcb8b95006f98a8efcfa19bd518430844df037cd5f29132c997
sizeBytes: 65899235
- names:
- gcr.io/gcp-compute-engine-223401/autoscaler-hpa-85c0b68178743d74ff7f663a72802ceb@sha256:24e81ede4cc223f0f70a1630fc4bed30308eb7b406715dbdd2280827f7565eec
sizeBytes: 58181702
- names:
- gcr.io/gcp-compute-engine-223401/istio-c58c0c8bb8ecc80f800bb788a425ae1d@sha256:ebdb4e8832e9574311494a31ea18dc63cf903e8dd7f0651d640eb2c7f252da2a
sizeBytes: 57052872
- names:
- gcr.io/gcp-compute-engine-223401/webhook-261c6506fca17bc41be50b3461f98f1c@sha256:012be54c7866cb8458fe96061f5321e519da7a4803809d912c2a670fff904ac6
sizeBytes: 55354038
- names:
- k8s.gcr.io/k8s-dns-kube-dns-amd64@sha256:618a82fa66cf0c75e4753369a6999032372be7308866fc9afb381789b1e5ad52
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.13
sizeBytes: 51157394
- names:
- gcr.io/gcp-compute-engine-223401/queue-39be6f1d08a095bd076a71d288d295b6@sha256:8adf8f990b4485e7ead4dc9e6f8ddb3a19142835de95386428deb9ffde8d20b2
sizeBytes: 48155143
- names:
- k8s.gcr.io/cluster-proportional-autoscaler-amd64@sha256:12370202895b621a2ac28226292e4578598f13c1502aa4d3ee90fff4325d9275
- k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.4.0
sizeBytes: 45853555
- names:
- k8s.gcr.io/k8s-dns-sidecar-amd64@sha256:cedc8fe2098dffc26d17f64061296b7aa54258a31513b6c52df271a98bb522b3
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.13
sizeBytes: 42852039
- names:
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64@sha256:45df3e8e0c551bd0c79cdba48ae6677f817971dcbd1eeed7fd1f9a35118410e4
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.13
sizeBytes: 41372492
- names:
- k8s.gcr.io/pause-amd64@sha256:163ac025575b775d1c0f9bf0bdd0f086883171eb475b5068e7defa4ca9e76516
- k8s.gcr.io/pause-amd64:3.0
sizeBytes: 746888
nodeInfo:
architecture: amd64
bootID: 76995eef-ea09-47f6-b7f6-55cf7da94ca8
containerRuntimeVersion: docker://18.6.3
kernelVersion: 4.9.0-11-amd64
kubeProxyVersion: v1.14.6
kubeletVersion: v1.14.6
machineID: ec2f0a28f2ec7d60ccd651e152c481ad
operatingSystem: linux
osImage: Debian GNU/Linux 9 (stretch)
systemUUID: EC2F0A28-F2EC-7D60-CCD6-51E152C481AD
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: persistentvolumeclaims
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: persistentvolumes
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: pods
-------
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:25Z"
generateName: cluster-local-gateway-7458b849c7-
labels:
app: cluster-local-gateway
chart: gateways
heritage: Tiller
istio: cluster-local-gateway
pod-template-hash: 7458b849c7
release: RELEASE-NAME
name: cluster-local-gateway-7458b849c7-7qhwk
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: cluster-local-gateway-7458b849c7
uid: 2490d050-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54976"
selfLink: /api/v1/namespaces/istio-system/pods/cluster-local-gateway-7458b849c7-7qhwk
uid: b41729e6-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- proxy
- router
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --log_output_level=default:info
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --connectTimeout
- 10s
- --serviceCluster
- cluster-local-gateway
- --zipkinAddress
- zipkin:9411
- --proxyAdminPort
- "15000"
- --statusPort
- "15020"
- --controlPlaneAuthPolicy
- NONE
- --discoveryAddress
- istio-pilot:15010
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ISTIO_META_CONFIG_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ISTIO_METAJSON_LABELS
value: |
{"app":"cluster-local-gateway","chart":"gateways","heritage":"Tiller","istio":"cluster-local-gateway","release":"RELEASE-NAME"}
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: SDS_ENABLED
value: "false"
- name: ISTIO_META_WORKLOAD_NAME
value: cluster-local-gateway
- name: ISTIO_META_OWNER
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15020
protocol: TCP
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15020
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 250m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /etc/istio/cluster-local-gateway-certs
name: cluster-local-gateway-certs
readOnly: true
- mountPath: /etc/istio/cluster-local-gateway-ca-certs
name: cluster-local-gateway-ca-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: cluster-local-gateway-service-account-token-226tq
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: cluster-local-gateway-service-account
serviceAccountName: cluster-local-gateway-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.cluster-local-gateway-service-account
- name: cluster-local-gateway-certs
secret:
defaultMode: 420
optional: true
secretName: istio-cluster-local-gateway-certs
- name: cluster-local-gateway-ca-certs
secret:
defaultMode: 420
optional: true
secretName: istio-cluster-local-gateway-ca-certs
- name: cluster-local-gateway-service-account-token-226tq
secret:
defaultMode: 420
secretName: cluster-local-gateway-service-account-token-226tq
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:57Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:57Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://ddf85318a0aa9b816f704760c65c8ceef78994f205c700796d4fe9cfd05cca6f
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:26Z"
hostIP: 172.20.83.101
phase: Running
podIP: 172.20.66.124
qosClass: Burstable
startTime: "2019-12-03T12:23:25Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:25Z"
generateName: cluster-local-gateway-7458b849c7-
labels:
app: cluster-local-gateway
chart: gateways
heritage: Tiller
istio: cluster-local-gateway
pod-template-hash: 7458b849c7
release: RELEASE-NAME
name: cluster-local-gateway-7458b849c7-t4clh
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: cluster-local-gateway-7458b849c7
uid: 2490d050-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54982"
selfLink: /api/v1/namespaces/istio-system/pods/cluster-local-gateway-7458b849c7-t4clh
uid: b3fa28df-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- proxy
- router
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --log_output_level=default:info
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --connectTimeout
- 10s
- --serviceCluster
- cluster-local-gateway
- --zipkinAddress
- zipkin:9411
- --proxyAdminPort
- "15000"
- --statusPort
- "15020"
- --controlPlaneAuthPolicy
- NONE
- --discoveryAddress
- istio-pilot:15010
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ISTIO_META_CONFIG_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ISTIO_METAJSON_LABELS
value: |
{"app":"cluster-local-gateway","chart":"gateways","heritage":"Tiller","istio":"cluster-local-gateway","release":"RELEASE-NAME"}
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: SDS_ENABLED
value: "false"
- name: ISTIO_META_WORKLOAD_NAME
value: cluster-local-gateway
- name: ISTIO_META_OWNER
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15020
protocol: TCP
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15020
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 250m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /etc/istio/cluster-local-gateway-certs
name: cluster-local-gateway-certs
readOnly: true
- mountPath: /etc/istio/cluster-local-gateway-ca-certs
name: cluster-local-gateway-ca-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: cluster-local-gateway-service-account-token-226tq
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: cluster-local-gateway-service-account
serviceAccountName: cluster-local-gateway-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.cluster-local-gateway-service-account
- name: cluster-local-gateway-certs
secret:
defaultMode: 420
optional: true
secretName: istio-cluster-local-gateway-certs
- name: cluster-local-gateway-ca-certs
secret:
defaultMode: 420
optional: true
secretName: istio-cluster-local-gateway-ca-certs
- name: cluster-local-gateway-service-account-token-226tq
secret:
defaultMode: 420
secretName: cluster-local-gateway-service-account-token-226tq
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:57Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:57Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://c109ca242ec95cbc192958e1db70ae057c7db995008617310eabfe29512713e7
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:26Z"
hostIP: 172.20.44.180
phase: Running
podIP: 172.20.63.67
qosClass: Burstable
startTime: "2019-12-03T12:23:25Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:25Z"
generateName: istio-citadel-685c4d4b68-
labels:
app: security
chart: security
heritage: Tiller
istio: citadel
pod-template-hash: 685c4d4b68
release: RELEASE-NAME
name: istio-citadel-685c4d4b68-bzvxj
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-citadel-685c4d4b68
uid: 256769b7-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54802"
selfLink: /api/v1/namespaces/istio-system/pods/istio-citadel-685c4d4b68-bzvxj
uid: b42c9c47-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- --append-dns-names=true
- --grpc-port=8060
- --citadel-storage-namespace=istio-system
- --custom-dns-names=istio-pilot-service-account.istio-system:istio-pilot.istio-system
- --monitoring-port=15014
- --self-signed-ca=true
- --workload-cert-ttl=2160h
env:
- name: CITADEL_ENABLE_NAMESPACES_BY_DEFAULT
value: "true"
image: docker.io/istio/citadel:1.4.0
imagePullPolicy: IfNotPresent
name: citadel
resources:
requests:
cpu: 10m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-citadel-service-account-token-klk7s
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-citadel-service-account
serviceAccountName: istio-citadel-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: istio-citadel-service-account-token-klk7s
secret:
defaultMode: 420
secretName: istio-citadel-service-account-token-klk7s
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:27Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:27Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://f3b1f23684708fcb65502820f327525a2792e9a49af0a34aef5ab8ad788cf73f
image: istio/citadel:1.4.0
imageID: docker-pullable://istio/citadel@sha256:e168f97716efd0a16a65ad19bdf6be5858c31e0499023b3a3ef15e9f4fcd6ef5
lastState: {}
name: citadel
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:26Z"
hostIP: 172.20.44.180
phase: Running
podIP: 172.20.52.171
qosClass: Burstable
startTime: "2019-12-03T12:23:25Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:25Z"
generateName: istio-galley-5f5b6f77bb-
labels:
app: galley
chart: galley
heritage: Tiller
istio: galley
pod-template-hash: 5f5b6f77bb
release: RELEASE-NAME
name: istio-galley-5f5b6f77bb-cqp6q
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-galley-5f5b6f77bb
uid: 2465da7d-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54896"
selfLink: /api/v1/namespaces/istio-system/pods/istio-galley-5f5b6f77bb-cqp6q
uid: b44ae837-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- command:
- /usr/local/bin/galley
- server
- --meshConfigFile=/etc/mesh-config/mesh
- --livenessProbeInterval=1s
- --livenessProbePath=/healthliveness
- --readinessProbePath=/healthready
- --readinessProbeInterval=1s
- --deployment-namespace=istio-system
- --insecure=true
- --enable-reconcileWebhookConfiguration=true
- --validation-webhook-config-file
- /etc/config/validatingwebhookconfiguration.yaml
- --monitoringPort=15014
- --log_output_level=default:info
image: docker.io/istio/galley:1.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /usr/local/bin/galley
- probe
- --probe-path=/healthliveness
- --interval=10s
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
name: galley
ports:
- containerPort: 443
protocol: TCP
- containerPort: 15014
protocol: TCP
- containerPort: 9901
protocol: TCP
readinessProbe:
exec:
command:
- /usr/local/bin/galley
- probe
- --probe-path=/healthready
- --interval=10s
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: certs
readOnly: true
- mountPath: /etc/config
name: config
readOnly: true
- mountPath: /etc/mesh-config
name: mesh-config
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-galley-service-account-token-wf8jr
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-galley-service-account
serviceAccountName: istio-galley-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: certs
secret:
defaultMode: 420
secretName: istio.istio-galley-service-account
- configMap:
defaultMode: 420
name: istio-galley-configuration
name: config
- configMap:
defaultMode: 420
name: istio
name: mesh-config
- name: istio-galley-service-account-token-wf8jr
secret:
defaultMode: 420
secretName: istio-galley-service-account-token-wf8jr
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:40Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:40Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://ce113f1ee29a6560a5dff55953f2b301a3497ac4a5bf5aade1d2b16c8b7ab89f
image: istio/galley:1.4.0
imageID: docker-pullable://istio/galley@sha256:67f9f5321e6fefdf97e5406a047579a0fd04b576ad1c997e95a9db4dd2fbc6bc
lastState: {}
name: galley
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:32Z"
hostIP: 172.20.44.180
phase: Running
podIP: 172.20.43.141
qosClass: Burstable
startTime: "2019-12-03T12:23:25Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:25Z"
generateName: istio-ingressgateway-84dfb78dfb-
labels:
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
pod-template-hash: 84dfb78dfb
release: RELEASE-NAME
name: istio-ingressgateway-84dfb78dfb-qlpxr
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-ingressgateway-84dfb78dfb
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54967"
selfLink: /api/v1/namespaces/istio-system/pods/istio-ingressgateway-84dfb78dfb-qlpxr
uid: b45b9d70-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- env:
- name: ENABLE_WORKLOAD_SDS
value: "false"
- name: ENABLE_INGRESS_GATEWAY_SDS
value: "true"
- name: INGRESS_GATEWAY_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: docker.io/istio/node-agent-k8s:1.4.0
imagePullPolicy: IfNotPresent
name: ingress-sds
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/ingress_gateway
name: ingressgatewaysdsudspath
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-ingressgateway-service-account-token-pk9tg
readOnly: true
- args:
- proxy
- router
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --log_output_level=default:info
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --connectTimeout
- 10s
- --serviceCluster
- istio-ingressgateway
- --zipkinAddress
- zipkin:9411
- --proxyAdminPort
- "15000"
- --statusPort
- "15020"
- --controlPlaneAuthPolicy
- NONE
- --discoveryAddress
- istio-pilot:15010
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ISTIO_META_CONFIG_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ISTIO_METAJSON_LABELS
value: |
{"app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","release":"RELEASE-NAME"}
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: SDS_ENABLED
value: "false"
- name: ISTIO_META_WORKLOAD_NAME
value: istio-ingressgateway
- name: ISTIO_META_OWNER
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway
- name: ISTIO_META_USER_SDS
value: "true"
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15020
protocol: TCP
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15020
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: "3"
memory: 2Gi
requests:
cpu: 500m
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/ingress_gateway
name: ingressgatewaysdsudspath
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /etc/istio/ingressgateway-certs
name: ingressgateway-certs
readOnly: true
- mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-ingressgateway-service-account-token-pk9tg
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-44-180.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-ingressgateway-service-account
serviceAccountName: istio-ingressgateway-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- emptyDir: {}
name: ingressgatewaysdsudspath
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-ingressgateway-service-account
- name: ingressgateway-certs
secret:
defaultMode: 420
optional: true
secretName: istio-ingressgateway-certs
- name: ingressgateway-ca-certs
secret:
defaultMode: 420
optional: true
secretName: istio-ingressgateway-ca-certs
- name: istio-ingressgateway-service-account-token-pk9tg
secret:
defaultMode: 420
secretName: istio-ingressgateway-service-account-token-pk9tg
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:56Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:56Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://6d34a3751b52943ab441024fd5c33219244e7b470244d8ba38571aa9c615d91b
image: istio/node-agent-k8s:1.4.0
imageID: docker-pullable://istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d
lastState: {}
name: ingress-sds
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:37Z"
- containerID: docker://1e3f986b150e1a865b9a079999b5732dcb7e974c6628c2680ff6c7429e1b66f4
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:37Z"
hostIP: 172.20.44.180
phase: Running
podIP: 172.20.59.74
qosClass: Burstable
startTime: "2019-12-03T12:23:25Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:25Z"
generateName: istio-ingressgateway-84dfb78dfb-
labels:
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
pod-template-hash: 84dfb78dfb
release: RELEASE-NAME
name: istio-ingressgateway-84dfb78dfb-zqbxn
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-ingressgateway-84dfb78dfb
uid: 24ba77a8-15bb-11ea-b5af-027e0b84da98
resourceVersion: "55016"
selfLink: /api/v1/namespaces/istio-system/pods/istio-ingressgateway-84dfb78dfb-zqbxn
uid: b46c7d71-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- env:
- name: ENABLE_WORKLOAD_SDS
value: "false"
- name: ENABLE_INGRESS_GATEWAY_SDS
value: "true"
- name: INGRESS_GATEWAY_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: docker.io/istio/node-agent-k8s:1.4.0
imagePullPolicy: IfNotPresent
name: ingress-sds
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/ingress_gateway
name: ingressgatewaysdsudspath
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-ingressgateway-service-account-token-pk9tg
readOnly: true
- args:
- proxy
- router
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --log_output_level=default:info
- --drainDuration
- 45s
- --parentShutdownDuration
- 1m0s
- --connectTimeout
- 10s
- --serviceCluster
- istio-ingressgateway
- --zipkinAddress
- zipkin:9411
- --proxyAdminPort
- "15000"
- --statusPort
- "15020"
- --controlPlaneAuthPolicy
- NONE
- --discoveryAddress
- istio-pilot:15010
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ISTIO_META_CONFIG_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ISTIO_METAJSON_LABELS
value: |
{"app":"istio-ingressgateway","chart":"gateways","heritage":"Tiller","istio":"ingressgateway","release":"RELEASE-NAME"}
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: SDS_ENABLED
value: "false"
- name: ISTIO_META_WORKLOAD_NAME
value: istio-ingressgateway
- name: ISTIO_META_OWNER
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway
- name: ISTIO_META_USER_SDS
value: "true"
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15020
protocol: TCP
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15020
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: "3"
memory: 2Gi
requests:
cpu: 500m
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/ingress_gateway
name: ingressgatewaysdsudspath
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /etc/istio/ingressgateway-certs
name: ingressgateway-certs
readOnly: true
- mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-ingressgateway-service-account-token-pk9tg
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-ingressgateway-service-account
serviceAccountName: istio-ingressgateway-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- emptyDir: {}
name: ingressgatewaysdsudspath
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-ingressgateway-service-account
- name: ingressgateway-certs
secret:
defaultMode: 420
optional: true
secretName: istio-ingressgateway-certs
- name: ingressgateway-ca-certs
secret:
defaultMode: 420
optional: true
secretName: istio-ingressgateway-ca-certs
- name: istio-ingressgateway-service-account-token-pk9tg
secret:
defaultMode: 420
secretName: istio-ingressgateway-service-account-token-pk9tg
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:24:11Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:24:11Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:25Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://7cc29f0cf1f2dcdb1092d378743eb54059144e656ba4c69cad1db3b99864fb74
image: istio/node-agent-k8s:1.4.0
imageID: docker-pullable://istio/node-agent-k8s@sha256:b3a169eb928e651bb0e9e40ed574d2c8cd1671a3b598c3c79458a63fd7cf398d
lastState: {}
name: ingress-sds
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:31Z"
- containerID: docker://7f1c5999b8e9e328620dadea517fa1efdbd93f0346b3961cf67b9a6d26562fc2
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:32Z"
hostIP: 172.20.67.65
phase: Running
podIP: 172.20.73.149
qosClass: Burstable
startTime: "2019-12-03T12:23:25Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:26Z"
generateName: istio-pilot-7dbfbcf744-
labels:
app: pilot
chart: pilot
heritage: Tiller
istio: pilot
pod-template-hash: 7dbfbcf744
release: RELEASE-NAME
name: istio-pilot-7dbfbcf744-26cvg
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-pilot-7dbfbcf744
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54945"
selfLink: /api/v1/namespaces/istio-system/pods/istio-pilot-7dbfbcf744-26cvg
uid: b4b5fb0e-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- discovery
- --monitoringAddr=:15014
- --log_output_level=default:info
- --domain
- cluster.local
- --secureGrpcAddr
- ""
- --keepaliveMaxServerConnectionAge
- 30m
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: PILOT_PUSH_THROTTLE
value: "100"
- name: PILOT_TRACE_SAMPLING
value: "100"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
value: "true"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
value: "false"
image: docker.io/istio/pilot:1.4.0
imagePullPolicy: IfNotPresent
name: discovery
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 15010
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 500m
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/istio/config
name: config-volume
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-pilot-service-account-token-c7xjz
readOnly: true
- args:
- proxy
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --serviceCluster
- istio-pilot
- --templateFile
- /etc/istio/proxy/envoy_pilot.yaml.tmpl
- --controlPlaneAuthPolicy
- NONE
- --log_output_level=default:info
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SDS_ENABLED
value: "false"
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15003
protocol: TCP
- containerPort: 15005
protocol: TCP
- containerPort: 15007
protocol: TCP
- containerPort: 15011
protocol: TCP
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-pilot-service-account-token-c7xjz
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-67-65.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-pilot-service-account
serviceAccountName: istio-pilot-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 420
name: istio
name: config-volume
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-pilot-service-account
- name: istio-pilot-service-account-token-c7xjz
secret:
defaultMode: 420
secretName: istio-pilot-service-account-token-c7xjz
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:50Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:50Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://38177cda84b07edffb34f234628eaf416789a87d1d8d6cbd9d59eaf110eac79e
image: istio/pilot:1.4.0
imageID: docker-pullable://istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb
lastState: {}
name: discovery
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:45Z"
- containerID: docker://a709c180ace04aa9a8083b555550b026d0cfdaf88ab031aa6234de789233c92c
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:45Z"
hostIP: 172.20.67.65
phase: Running
podIP: 172.20.95.245
qosClass: Burstable
startTime: "2019-12-03T12:23:44Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:26Z"
generateName: istio-pilot-7dbfbcf744-
labels:
app: pilot
chart: pilot
heritage: Tiller
istio: pilot
pod-template-hash: 7dbfbcf744
release: RELEASE-NAME
name: istio-pilot-7dbfbcf744-7d6vr
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-pilot-7dbfbcf744
uid: 253e85ab-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54939"
selfLink: /api/v1/namespaces/istio-system/pods/istio-pilot-7dbfbcf744-7d6vr
uid: b4a70398-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- discovery
- --monitoringAddr=:15014
- --log_output_level=default:info
- --domain
- cluster.local
- --secureGrpcAddr
- ""
- --keepaliveMaxServerConnectionAge
- 30m
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: PILOT_PUSH_THROTTLE
value: "100"
- name: PILOT_TRACE_SAMPLING
value: "100"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
value: "true"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
value: "false"
image: docker.io/istio/pilot:1.4.0
imagePullPolicy: IfNotPresent
name: discovery
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 15010
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 500m
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/istio/config
name: config-volume
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-pilot-service-account-token-c7xjz
readOnly: true
- args:
- proxy
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --serviceCluster
- istio-pilot
- --templateFile
- /etc/istio/proxy/envoy_pilot.yaml.tmpl
- --controlPlaneAuthPolicy
- NONE
- --log_output_level=default:info
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SDS_ENABLED
value: "false"
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15003
protocol: TCP
- containerPort: 15005
protocol: TCP
- containerPort: 15007
protocol: TCP
- containerPort: 15011
protocol: TCP
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-pilot-service-account-token-c7xjz
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-44-18.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-pilot-service-account
serviceAccountName: istio-pilot-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 420
name: istio
name: config-volume
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-pilot-service-account
- name: istio-pilot-service-account-token-c7xjz
secret:
defaultMode: 420
secretName: istio-pilot-service-account-token-c7xjz
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:35Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:50Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:50Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:35Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://3ac7fd29d14a27f9db3a4ca4f9d90992f619a5c57fe58875bc95f49e8596b0fe
image: istio/pilot:1.4.0
imageID: docker-pullable://istio/pilot@sha256:149357dc33f488eff0cc1edfb3329e72ea49614d52095770df543cbb8d60bcdb
lastState: {}
name: discovery
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:43Z"
- containerID: docker://d5af99ea3a34bd13cfb4fc498b956c574a43377d850bee857dfdd17adc8e42e3
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:43Z"
hostIP: 172.20.44.18
phase: Running
podIP: 172.20.48.51
qosClass: Burstable
startTime: "2019-12-03T12:23:35Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:26Z"
generateName: istio-policy-65b67fd4f8-
labels:
app: policy
chart: mixer
heritage: Tiller
istio: mixer
istio-mixer-type: policy
pod-template-hash: 65b67fd4f8
release: RELEASE-NAME
security.istio.io/tlsMode: istio
name: istio-policy-65b67fd4f8-zsdp8
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-policy-65b67fd4f8
uid: 24e34d8a-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54840"
selfLink: /api/v1/namespaces/istio-system/pods/istio-policy-65b67fd4f8-zsdp8
uid: b4c2bb49-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- --monitoringPort=15014
- --address
- unix:///sock/mixer.socket
- --log_output_level=default:info
- --configStoreURL=mcp://istio-galley.istio-system.svc:9901
- --configDefaultNamespace=istio-system
- --useAdapterCRDs=false
- --useTemplateCRDs=false
- --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: GOMAXPROCS
value: "6"
image: docker.io/istio/mixer:1.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /version
port: 15014
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
name: mixer
ports:
- containerPort: 15014
protocol: TCP
- containerPort: 42422
protocol: TCP
resources:
requests:
cpu: 10m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /sock
name: uds-socket
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-rg24f
readOnly: true
- args:
- proxy
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --serviceCluster
- istio-policy
- --templateFile
- /etc/istio/proxy/envoy_policy.yaml.tmpl
- --controlPlaneAuthPolicy
- NONE
- --log_output_level=default:info
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SDS_ENABLED
value: "false"
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 9091
protocol: TCP
- containerPort: 15004
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /sock
name: uds-socket
- mountPath: /var/run/secrets/istio.io/policy/adapter
name: policy-adapter-secret
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-rg24f
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-83-101.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-mixer-service-account
serviceAccountName: istio-mixer-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-mixer-service-account
- emptyDir: {}
name: uds-socket
- name: policy-adapter-secret
secret:
defaultMode: 420
optional: true
secretName: policy-adapter-secret
- name: istio-mixer-service-account-token-rg24f
secret:
defaultMode: 420
secretName: istio-mixer-service-account-token-rg24f
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:26Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:33Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:33Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:26Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://b9da5220f3a7bc9e9ac1946c248a66d762890f6098a9f04aa10b6c495b4bbe4b
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:32Z"
- containerID: docker://9105b5996bc65507276a54531a2589dae2ee74cbf56e1775299d07157bffd7bf
image: istio/mixer:1.4.0
imageID: docker-pullable://istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4
lastState: {}
name: mixer
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:32Z"
hostIP: 172.20.83.101
phase: Running
podIP: 172.20.80.221
qosClass: Burstable
startTime: "2019-12-03T12:23:26Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:26Z"
generateName: istio-sidecar-injector-85bc5dfb7c-
labels:
app: sidecarInjectorWebhook
chart: sidecarInjectorWebhook
heritage: Tiller
istio: sidecar-injector
pod-template-hash: 85bc5dfb7c
release: RELEASE-NAME
name: istio-sidecar-injector-85bc5dfb7c-zvx9k
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-sidecar-injector-85bc5dfb7c
uid: 2590ddf3-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54891"
selfLink: /api/v1/namespaces/istio-system/pods/istio-sidecar-injector-85bc5dfb7c-zvx9k
uid: b4e3aa67-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- --caCertFile=/etc/istio/certs/root-cert.pem
- --tlsCertFile=/etc/istio/certs/cert-chain.pem
- --tlsKeyFile=/etc/istio/certs/key.pem
- --injectConfig=/etc/istio/inject/config
- --meshConfig=/etc/istio/config/mesh
- --healthCheckInterval=2s
- --healthCheckFile=/health
- --reconcileWebhookConfig=true
image: docker.io/istio/sidecar_injector:1.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /usr/local/bin/sidecar-injector
- probe
- --probe-path=/health
- --interval=4s
failureThreshold: 3
initialDelaySeconds: 4
periodSeconds: 4
successThreshold: 1
timeoutSeconds: 1
name: sidecar-injector-webhook
readinessProbe:
exec:
command:
- /usr/local/bin/sidecar-injector
- probe
- --probe-path=/health
- --interval=4s
failureThreshold: 3
initialDelaySeconds: 4
periodSeconds: 4
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/istio/config
name: config-volume
readOnly: true
- mountPath: /etc/istio/certs
name: certs
readOnly: true
- mountPath: /etc/istio/inject
name: inject-config
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-sidecar-injector-service-account-token-mcc9d
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-sidecar-injector-service-account
serviceAccountName: istio-sidecar-injector-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 420
name: istio
name: config-volume
- name: certs
secret:
defaultMode: 420
secretName: istio.istio-sidecar-injector-service-account
- configMap:
defaultMode: 420
items:
- key: config
path: config
- key: values
path: values
name: istio-sidecar-injector
name: inject-config
- name: istio-sidecar-injector-service-account-token-mcc9d
secret:
defaultMode: 420
secretName: istio-sidecar-injector-service-account-token-mcc9d
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:26Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:39Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:39Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:26Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://e79a6aafc75f35275f689a54d06a85e47c639ddfb97b315b80948d0d264a0fde
image: istio/sidecar_injector:1.4.0
imageID: docker-pullable://istio/sidecar_injector@sha256:9f4aba5bb84a07e198b65bc7e4fc0067f876f66b51c7404816ae95e6b5ffa938
lastState: {}
name: sidecar-injector-webhook
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:32Z"
hostIP: 172.20.40.226
phase: Running
podIP: 172.20.62.179
qosClass: Burstable
startTime: "2019-12-03T12:23:26Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
sidecar.istio.io/inject: "false"
creationTimestamp: "2019-12-03T12:23:26Z"
generateName: istio-telemetry-8bc7955f7-
labels:
app: telemetry
chart: mixer
heritage: Tiller
istio: mixer
istio-mixer-type: telemetry
pod-template-hash: 8bc7955f7
release: RELEASE-NAME
security.istio.io/tlsMode: istio
name: istio-telemetry-8bc7955f7-vhv6k
namespace: istio-system
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-telemetry-8bc7955f7
uid: 2512191f-15bb-11ea-b5af-027e0b84da98
resourceVersion: "54954"
selfLink: /api/v1/namespaces/istio-system/pods/istio-telemetry-8bc7955f7-vhv6k
uid: b4f3b353-15c7-11ea-b5af-027e0b84da98
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- --monitoringPort=15014
- --address
- unix:///sock/mixer.socket
- --log_output_level=default:info
- --configStoreURL=mcp://istio-galley.istio-system.svc:9901
- --configDefaultNamespace=istio-system
- --useAdapterCRDs=false
- --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans
- --averageLatencyThreshold
- 100ms
- --loadsheddingMode
- enforce
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: GOMAXPROCS
value: "6"
image: docker.io/istio/mixer:1.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /version
port: 15014
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
name: mixer
ports:
- containerPort: 15014
protocol: TCP
- containerPort: 42422
protocol: TCP
resources:
limits:
cpu: 4800m
memory: 4G
requests:
cpu: "1"
memory: 1G
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /var/run/secrets/istio.io/telemetry/adapter
name: telemetry-adapter-secret
readOnly: true
- mountPath: /sock
name: uds-socket
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-rg24f
readOnly: true
- args:
- proxy
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --serviceCluster
- istio-telemetry
- --templateFile
- /etc/istio/proxy/envoy_telemetry.yaml.tmpl
- --controlPlaneAuthPolicy
- NONE
- --log_output_level=default:info
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SDS_ENABLED
value: "false"
image: docker.io/istio/proxyv2:1.4.0
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 9091
protocol: TCP
- containerPort: 15004
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /sock
name: uds-socket
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-rg24f
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: ip-172-20-40-226.ap-southeast-1.compute.internal
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-mixer-service-account
serviceAccountName: istio-mixer-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-mixer-service-account
- emptyDir: {}
name: uds-socket
- name: telemetry-adapter-secret
secret:
defaultMode: 420
optional: true
secretName: telemetry-adapter-secret
- name: istio-mixer-service-account-token-rg24f
secret:
defaultMode: 420
secretName: istio-mixer-service-account-token-rg24f
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:52Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:52Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-03T12:23:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://9ce10f0109da447773865317d77a1e1adf3e2ff12797e9bbbede9a943684a523
image: istio/proxyv2:1.4.0
imageID: docker-pullable://istio/proxyv2@sha256:9ba9de87d660767a2147f786040a8fe29ebb3b335742d3c95257ab82a33b8415
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:51Z"
- containerID: docker://7b5d0d15672cfcf154cba33b8ead5e6eeab573450cb4452eb2289434b3208718
image: istio/mixer:1.4.0
imageID: docker-pullable://istio/mixer@sha256:b0b13e4311da022a1f67c85ffeb82d42567739c7156d2f644a66364b0c947fc4
lastState: {}
name: mixer
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-03T12:23:50Z"
hostIP: 172.20.40.226
phase: Running
podIP: 172.20.61.35
qosClass: Burstable
startTime: "2019-12-03T12:23:44Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: podtemplates
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: replicationcontrollers
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: resourcequotas
-------
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: secrets
-------
apiVersion: v1
items:
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pWTJ4MWMzUmxjaTFzYjJOaGJDMW5ZWFJsZDJGNUxYTmxjblpwWTJVdFlXTmpiM1Z1ZEMxMGIydGxiaTB5TWpaMGNTSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMbTVoYldVaU9pSmpiSFZ6ZEdWeUxXeHZZMkZzTFdkaGRHVjNZWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpYSjJhV05sTFdGalkyOTFiblF1ZFdsa0lqb2lNV1ppTkRGaU5XVXRNVFZpWWkweE1XVmhMV0kxWVdZdE1ESTNaVEJpT0RSa1lUazRJaXdpYzNWaUlqb2ljM2x6ZEdWdE9uTmxjblpwWTJWaFkyTnZkVzUwT21semRHbHZMWE41YzNSbGJUcGpiSFZ6ZEdWeUxXeHZZMkZzTFdkaGRHVjNZWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJbjAubzBJV2pqYUpJdWM0RjBsNmpKMU5PRnlqQWtZb2M4Z3EyMUI1bmlaM0tHRTFBM3V5UWFXN0FNUG80NmowZkl0NTZfYXRpaXFFSlZkNlZzQnhuaGVLdnEyOEU0Y3dhZm5WdHZGNVdiYVoxSHN2MDJRNGxyY0M3T2h4dk9URFhaVmRtb0pBdEN1LWEtMVFTdWVnTW5KMFRMMzFtQWRnUFd4NTNnX3BlbmkwWkgzeWlSUU15SG1oeWN2cmRVNm5jbng1eTRvTzhsTEVxS3g2RlgwZHJxOVJxbXJSUHR0RUtxVGwxYThLc296WERRSHhGRTNtaE5rMkZsZjVNaTdObm9sSEhHVzNPNGpNTEUxMVM5Z2NzVWN4Mkt6SEFyaG85Q213Z1lhNjZibFowV0c5R2ZMc3F0NXduZDRSRHZhd1MwZFZrX0YyRnRWdmxCbGtPQk5WaGg0SHF3
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: cluster-local-gateway-service-account
kubernetes.io/service-account.uid: 1fb41b5e-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:22Z"
name: cluster-local-gateway-service-account-token-226tq
namespace: istio-system
resourceVersion: "43418"
selfLink: /api/v1/namespaces/istio-system/secrets/cluster-local-gateway-service-account-token-226tq
uid: 1fb52306-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pWkdWbVlYVnNkQzEwYjJ0bGJpMW9aelJzWXlJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKa1pXWmhkV3gwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWRXbGtJam9pWm1aaU5EazRNbVV0TVRWaVlTMHhNV1ZoTFdJMVlXWXRNREkzWlRCaU9EUmtZVGs0SWl3aWMzVmlJam9pYzNsemRHVnRPbk5sY25acFkyVmhZMk52ZFc1ME9tbHpkR2x2TFhONWMzUmxiVHBrWldaaGRXeDBJbjAuU3UzX25CVGp3MWFNbjhnY1o0TlVRNC0tQXFES1k2T09XOENyazdhM0EtVlBmRC1Cdlp2dVFiUEpLNlB6UjJzZF9fMmFSaGRzb3lWN0FwdXdxekp4ajVnUy1ObUVobkpIQmhtOHhDNjJpWWNFUldKYy1JaGozakJOb2hxa1lQaDEwU2t0eER5S2JyTV9RNHpYZmU5aklsMmFuaTV1eEZIOUtjd3pPNFJZanUwMWViaTAzdWpKMkpyZUt5eEhqMVZvTE91R2d2bW5jcVdYTVIxRGJtV2tGLTBZZUVoRG5fRXlDRXRjODcyd05oSG5ZSmdWMlRrdUxTVm90T3FFNTZial9uemRfYXJlcEV5M29pdFFreDJYbWVVR2Z5QUUzSEZnRzlZVW54RUllTFE1aVE4ZmFJb3h3UmV4MGQ3eFpIQzNTOG5Yd3ZuUklna2RyeU5rZFE3NHFn
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: ffb4982e-15ba-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:52:28Z"
name: default-token-hg4lc
namespace: istio-system
resourceVersion: "43257"
selfLink: /api/v1/namespaces/istio-system/secrets/default-token-hg4lc
uid: ffb65fe3-15ba-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
ca-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb0Zxd2FmdVZ5c3lETFprV09vQksxOG10QnlQcTY2Z0ZVRW9CaUpiR1V1MG5zUFNLCjU5TDZMSWdOM0Z2czQ3bTlmT0JQYWM5UXc0R0YrZndMNW9hWkZ0RHJCajNrNk1QY1l6YUlHVStqMGVGWVZSY3YKckR6UGc2cWlTM0dmeEVIT2pxbEo5djBobVcrQjhYZStibjd4alJrK3pWRHRVcXZtRUxlYUo3WkFPai81VzFEMApPNzIzNEkzYXZUS2w0Y05uQUUvT3ZkRmErWTgxc29HUjhEOUwyUXJPWkZTd0p5dFRQS2N1TklNcmVRVFdndzI0Cmd4ekFodmpwMWdRZHU3QzZ5djNpT1puQ1d0RmxXR0MrWlNwUnFCQVJ2RUt4VFNZdy9UZ2RJeVlqbFVCOE5majkKR25WajJEYjVSU094eUNLUm1EaUpBMnpJaTVSbmpMdmxpOVIvc3dJREFRQUJBb0lCQVFDY1JVVS9ROHRMQTl1agpDRm05VVdHZXdoQTVzU3N6MVY2NFRDY0tjY1Y4ODFtRy9ncVF1ZTdNanhyUzhWTCs2dmhiUms2ZUUwZmwvOGdOClF6Qmx6QzVOS2ZTZzlKaXNycE9Nckl3ZC9wcnI0dXd1b0pYNUNKcEMrbnVIZ29mc3Z5VUpxcmxHVnBIejhkTjAKK3ZrK3ZiK3hmalRSNmxnZUJTQUVrcWxNb2pRZGpzZTJnQ0h2YmM0UWhZT3JJR2VSMnpFVVQxckhUTENlS0FUNApRRGVPSVNwQjJqd3czMjdTOS9VN09oMk82UVJheUxrUVVONTZOQ2ZuZUg4anEvYnA5WmhLZjQvaS9JL1paTDhYCjhvenBGVCtqWUMrbzJWM0JrV1YySXVOZGVTRmc1SkNKRmJuaWNaZzYwMURuYkxvdlJVc2p0ZXRYbjQzblhkN0kKc2M3LzFmdUJBb0dCQU1KRC8wdG96eThoYWV6RHZ6WlFnY2ZTTHVrdVV3akhKSW8yZmlmVUM0elFuTUtHVElYTgpMTHdUQUQzbXlYdHozaHN5NDU0djNQamZBSzM0eFl4djBqQXV5SXhZQzdFU1BPcVgvWTlvT3NkSHBjY01YeFcwCldkWnlzK1JnVmJkWmpCTmRtSlk0UFc0UHgxZURkMFpTVU1Zb3JzeW5JVEh2WmptRkFYR2V0WmFSQW9HQkFOTlAKNnBURXNna1E1UWYySWJ5TWxHT0Y3SUVhU3psWnJkb1hhc2ZNU2xudXJjVUZVSDNvQVJkQkVDRGxUc1FZSldybgpORW5tSmt0L1gxRG1JVnhwWGp4ZVVqL2p0N1hHWTV2WFNzY2NldW5CUFZiQmZVSWUzc04ybmppcDBRMThWNTdXCmhoRlVuZHNGcHZKd29zY0diSUVONUhSbDN4WWdHZlFYcWE3NExmd0RBb0dBU0tXZEJ0by9BR1VDYzZRUUVZT3gKeE1QNC93SnYwc3lHQVptM083VzBUQWlIVnNkYVBuOG54MzFqamNLTWZqb3FTUW1TelVrZzNZQ25oR2VQbUtFSQpmVFJCa3hvcDVTSG8zZUhRMUp3cHZ2UXdMbXVWODB2cWZLT1FXa3NjUXVDZDNYQVc2N1pFWXJCTDM1SXVQSUh6CjZ1YXoxNXg0Y1hBUlRsbEszTzU1QWNFQ2dZQU5jVE1CL2JVNW9HcUJaQ1huUWFZYTRxVVYzVjlWcVovR2xPREYKRHZqWDJiZ1NKWEZtWVFEWXd0bk16ZW1CemV0cmJvUEVBN0VCOG50VXdSNzBLdnZFcVZkZ0d4TlBxK3dnT01UWAovN2JOOGUzOSs5Y0ZBc08yK1crOU9RaEViRm1Da0REOUh6M2ZkZStWMHBaNFJLOVlVbExyR0tQbFcydHJQS29kCnFFbjhrd0tCZ0ZpVWJRK0tuLzErSzc5L3pGdjdoRFEvQkFsRTVkSkF3MU1pcDNNRjZVT2EzR1ZxYWNrakVWVVAKQVpPdHdOUnhuNGU0TGx2WFA4NSttZEF1eGNXQVhEcHU0bmc5R21hL1N3ekhaL0ZGdEs3SVB5RHlkOXh5Q0xYWgpkSXBJb2JLZUZiNkJSdWJ6Mm1rOXA3UGxkZUlqT1dZZ3JNT3NjN0FQc0R4bUNncU1jNnJhCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
cert-chain.pem: ""
key.pem: ""
root-cert.pem: ""
kind: Secret
metadata:
creationTimestamp: "2019-12-03T10:53:37Z"
name: istio-ca-secret
namespace: istio-system
resourceVersion: "43634"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-ca-secret
uid: 28bc7fd6-15bb-11ea-b5af-027e0b84da98
type: istio.io/ca-root
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRZMmwwWVdSbGJDMXpaWEoyYVdObExXRmpZMjkxYm5RdGRHOXJaVzR0YTJ4ck4zTWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhWE4wYVc4dFkybDBZV1JsYkMxelpYSjJhV05sTFdGalkyOTFiblFpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl5TUdWaU0yUXhaaTB4TldKaUxURXhaV0V0WWpWaFppMHdNamRsTUdJNE5HUmhPVGdpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmFYTjBhVzh0YzNsemRHVnRPbWx6ZEdsdkxXTnBkR0ZrWld3dGMyVnlkbWxqWlMxaFkyTnZkVzUwSW4wLnJLekthSTlxMkFlYXVjYkdxSmUyTlJETEhjS1N5Q0tSTS1uRDdhTjl3VEh3cTl1ZlFuZUxsQ1NCVGIwOE9xSm83Q29IcGVPWDRFd3VjQ2Z2eFR0cE9YV040Rkk0WGdNU2ZqSXdoNzVpaTl6VlFBOVM4Rzl1ZTBhQVlYbFBWd01Zc2JDQm9UQV8wem9uam1UWFJTQ3ptUkpDZm1ieDhNYUtObmYwRThMSDFwZUdCMzhUQ1BpWTk3T09sTlIwU09ZNm9aRUlrR1F6X1VGRnFYNEFnWTJYblJFSDVoZTZoa1lHUENGblRRWDEyM0Q3b2lHVmNENUp4NXEtaVZtZkNxejhjN18ySVY0OEFTaXJiX3pvTk9GRzh3LV9NRWdfbEh1TkVzVHJianMyOWM5ZUM2QXduWEV4N1hiM3Z2bWo1OGJKV181Tk5McjlYeTQ3MVQ3Q0l5bE0wQQ==
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-citadel-service-account
kubernetes.io/service-account.uid: 20eb3d1f-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:24Z"
name: istio-citadel-service-account-token-klk7s
namespace: istio-system
resourceVersion: "43445"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-citadel-service-account-token-klk7s
uid: 20ed1fb0-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRaMkZzYkdWNUxYTmxjblpwWTJVdFlXTmpiM1Z1ZEMxMGIydGxiaTEzWmpocWNpSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMbTVoYldVaU9pSnBjM1JwYnkxbllXeHNaWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpYSjJhV05sTFdGalkyOTFiblF1ZFdsa0lqb2lNV1k0TkRNeVpUSXRNVFZpWWkweE1XVmhMV0kxWVdZdE1ESTNaVEJpT0RSa1lUazRJaXdpYzNWaUlqb2ljM2x6ZEdWdE9uTmxjblpwWTJWaFkyTnZkVzUwT21semRHbHZMWE41YzNSbGJUcHBjM1JwYnkxbllXeHNaWGt0YzJWeWRtbGpaUzFoWTJOdmRXNTBJbjAuZ2FYQ2ViRlpRWGNJQ2RWNGNiNkhheEV4UVU3eGxSd0dfTl85U3ZnWkdBYmstcmVEUjRTelBqUW4xdWhMeXkzZzZOTnhQUzRnZGw1a3FpUVNuSVBwZkxGcHNBakMtelYySzZJUTVib3EyLXEzOXI4LVdWYVo2dG9fZHNRYnF5YTlEcXdnY1RxaUx2c2FXM2NuWEdkLVBHOURNaGZLSlJUR2UyRWM0Y29DLWlyTjZRbHdfRTFoczRwdlZBLUFCWWRFRzYyV19tSzBkUFllNEZjTkhPUEY4dUhSM1gyazY3TTFoOWNTUFl1S1dXNnJyaUhyR2FmOGZ2bHMyT19kbWpvRXVZbTI2ZHd2ZWsxV0hYUzE1WVFKMnBOTnZTZU9qNEc2UTlRNE9VUHR5TU1SbktRNzQ5a2VUb2ZpRHEtbnJ1QXFxMVdGcmc5VzRYZV9xelpTTDYtRXl3
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-galley-service-account
kubernetes.io/service-account.uid: 1f8432e2-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:22Z"
name: istio-galley-service-account-token-wf8jr
namespace: istio-system
resourceVersion: "43415"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-galley-service-account-token-wf8jr
uid: 1f853dc1-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRhVzVuY21WemMyZGhkR1YzWVhrdGMyVnlkbWxqWlMxaFkyTnZkVzUwTFhSdmEyVnVMWEJyT1hSbklpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltbHpkR2x2TFdsdVozSmxjM05uWVhSbGQyRjVMWE5sY25acFkyVXRZV05qYjNWdWRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqRm1aR00xTmpKakxURTFZbUl0TVRGbFlTMWlOV0ZtTFRBeU4yVXdZamcwWkdFNU9DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBwYzNScGJ5MXplWE4wWlcwNmFYTjBhVzh0YVc1bmNtVnpjMmRoZEdWM1lYa3RjMlZ5ZG1salpTMWhZMk52ZFc1MEluMC5RekZqSFQ4NjlHWmVSTmdOeU1UNTdOYS1yczNhMXFJQy00YTg2TkwxZ3J6Nkc4ZUdwWDBSbFFqS3NOS0ZOM19NcUVGOVQzS2NzVWVVX2IxTE83SWhpZWxLWHd3SmxmN0cxQy1ycy1rMThmczBvcWxZTk9NNnBlN1BUdERobzBTNHlfY3BvbmNGNjMybVlidS14NGN3MGdPU29tT3NlcEZabUFRaF9nWVFRbzJIMlZVeG5mZGRUejh3WVpfbUJybjFqdTR6NVpLTVRDdV9UMThVMVFGY09ld3RqYUptRTNWZUM0RkpONTJ6WjQxM0ZCVDZoX0VkZ1BjUHd0amp5bklCOGlSU2o3MWppTXoyenpiUkZwMk9PSjZLMDdHNlBWa1RlNVNQSWprRGZLLW45bXJvUThNVG5naHRqSjgxZkFLOUlxRlVnN0VJWDJhanlLc3JFM293akE=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-ingressgateway-service-account
kubernetes.io/service-account.uid: 1fdc562c-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:22Z"
name: istio-ingressgateway-service-account-token-pk9tg
namespace: istio-system
resourceVersion: "43421"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-ingressgateway-service-account-token-pk9tg
uid: 1fde6629-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRhVzVwZEMxelpYSjJhV05sTFdGalkyOTFiblF0ZEc5clpXNHRaRFYyYkhBaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNXVZVzFsSWpvaWFYTjBhVzh0YVc1cGRDMXpaWEoyYVdObExXRmpZMjkxYm5RaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJd01UaGtaamhoWlMweE5XSmlMVEV4WldFdFlqVmhaaTB3TWpkbE1HSTROR1JoT1RnaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZhWE4wYVc4dGMzbHpkR1Z0T21semRHbHZMV2x1YVhRdGMyVnlkbWxqWlMxaFkyTnZkVzUwSW4wLnV1emIyR1ZTLW9NUVM4aXgxaUJ3Ukl3TzFSV3luT2Z2OXhTcFlfd3g3LVp1VmpueFRGc1U4Qjd6WWpRQjZLZlo2ejNia3BUTHBMRDVDM2FLeXZkc091OXo0WERKTDdSTk84U2tQVVk0WXVKOW1IUU1ZeDFhMER0c3Y1VVBLTkdWTmNYQ3VqeE82dXF3cHRGYTdYRkZqQ0dqUlRNdi1EVnZyaldOS250YWVaRk92R1Vra3JFUDl4UUt2SE9zOVc5dm96dkNYV281WEkwMVo1eFMwd2JVLXU5VlhYeVdDaG1EdE1nX0tDSXhjdTVMaS1VNnZWZDltNE44RG9EZzRxTnBRZm1Fc0ItLU1YLVBqWWZMdFJBV2thTlVMWTZ0cl9nNWFEZ2d4TUg2R3lNVmRuMHdfQV9oSVc0MnNSRkVQc3ZTakRiNEhQTmpLT051MU9jWDV1bXVSZw==
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-init-service-account
kubernetes.io/service-account.uid: 018df8ae-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:52:31Z"
name: istio-init-service-account-token-d5vlp
namespace: istio-system
resourceVersion: "43268"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-init-service-account-token-d5vlp
uid: 018fb58c-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRiV2w0WlhJdGMyVnlkbWxqWlMxaFkyTnZkVzUwTFhSdmEyVnVMWEpuTWpSbUlpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltbHpkR2x2TFcxcGVHVnlMWE5sY25acFkyVXRZV05qYjNWdWRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqSXdNRFUxWlRWbUxURTFZbUl0TVRGbFlTMWlOV0ZtTFRBeU4yVXdZamcwWkdFNU9DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBwYzNScGJ5MXplWE4wWlcwNmFYTjBhVzh0YldsNFpYSXRjMlZ5ZG1salpTMWhZMk52ZFc1MEluMC5lcDlUUERZYWZvd3pQb3ljaVM0WEVhN09jeDBFdjJhSFJHUEI3QmJycnU4ZXhPVHB4d2F0andrY0R2QU5DRy1SWC1semRTQzNqS2RlN1lMbFVpdVl6ZWhwZHB1RjJpeWt6dE92SUVsemlWdXhpU0gtQ3dTZ0NzeEtFandrU1JKMXUtTGlzSnlJdkFTZnNfSmk1enY2Mk1lOW4zTzg1RzAtWi03cnEzUEZaMkd4RTdxRGVUdDZKeXlVMTBNUWRGTXNUREhZVVE4ZTlLelRkZnk4Q0p6SHJqekN4bVoxVEQtWTA3cmw0WGRJaGpCUW1EYlNuenREajgyeEJMWlNSYTI2LS1OODZhMDQwLThFRmg3Y2JSRjFyNU9fdWNZcTFrdHc0WWpmTFpjZEpkemJWWWNReDRtUy1RY0laR2ZXZWtidXg3MWROOVptUUhkdjdXbWVNQUV5QlE=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-mixer-service-account
kubernetes.io/service-account.uid: 20055e5f-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:22Z"
name: istio-mixer-service-account-token-rg24f
namespace: istio-system
resourceVersion: "43424"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-mixer-service-account-token-rg24f
uid: 20068801-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRiWFZzZEdrdGRHOXJaVzR0Y1RZMU1uQWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhWE4wYVc4dGJYVnNkR2tpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl5TVROaFlqUTNNeTB4TldKaUxURXhaV0V0WWpWaFppMHdNamRsTUdJNE5HUmhPVGdpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmFYTjBhVzh0YzNsemRHVnRPbWx6ZEdsdkxXMTFiSFJwSW4wLk5pdFBhamRyWllpNzd2UFlSb0RuMFpLWUl2RURQZDR4Q3BzOHZwWURDeGN3UlpDZmJuWHYwQ0NhNi1jdTVWTlk3QlgwYm44ZjJtbm9ueVdma0lab3NsdEk2MExKVHloZ2h4bURLUGp3UHVld2M5T01rZWttMlprOGxaX3ZSQVY0M09aMDNhcTk0OHJLa1NzelRhNTdhMDZrd0swU2czYldxbEx0TGFsdGJiZEZmVnpCekNHRlJpTHRjMGx3QXd1QlBwVTVpUk5uSWtQWktLMW9TX1RhaFRkS0lSZktKdVk1SnVMUWZnb3FXZGVyYzd5THhkamFyZ3Jpa01lNlBYN0s2Wm45TjRpWDRNSlZxUnlxaVJteWlwelV5MGhrX3hka3BDWWY3X3JINTA3a3RiTm1rNjZWSzU3S1N3Y2dGTWk0MEExVkxNVWRQeDk0WGZKOVc1SVJwdw==
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-multi
kubernetes.io/service-account.uid: 213ab473-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:24Z"
name: istio-multi-token-q652p
namespace: istio-system
resourceVersion: "43453"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-multi-token-q652p
uid: 213be688-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRjR2xzYjNRdGMyVnlkbWxqWlMxaFkyTnZkVzUwTFhSdmEyVnVMV00zZUdwNklpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltbHpkR2x2TFhCcGJHOTBMWE5sY25acFkyVXRZV05qYjNWdWRDSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqSXdNbVF4TkRreExURTFZbUl0TVRGbFlTMWlOV0ZtTFRBeU4yVXdZamcwWkdFNU9DSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBwYzNScGJ5MXplWE4wWlcwNmFYTjBhVzh0Y0dsc2IzUXRjMlZ5ZG1salpTMWhZMk52ZFc1MEluMC5sRGlOZ3VFTHluNEhQOE1WaXdGNXZiVjNaMVlsNzQxalhrcVd4bnRkYzluZFRwUTdkbnN6RW9rVlVGWU5MRlpDcHVkSEpMNUxpdl9aRkdtUlFhZzQtRkJzVmRVcG5OaGhOcFdxekJfdTdiVEdvZGtiUWxBUnpLbC03YnR2SDRCMlQzOGE5Y2FvN0dlWUZrc1VWT3ZET0d4TFdYOEZlV0l1b0xCZmlENHpqTkZ5Zi1ES2szNDQ0VE40a0lDZmsxMm5Pek51MTNiR0xUblQyVXNtOVFTbFhVcUNMbEpaajNRVWdWbUpTc0UySEVwWXB4RVRuWXREWXJtei01c0J3ZHF2VFFXc0ZmSERBaDl4SElnWmdXVUxiemJIdWlERENpTjFSLWlycTYxTWt1TV9YMXRvMlZ0ZE1HbFl5dUhLd3RfaDVETG9wOTdoNTBwRFFURnY4cnNwSnc=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-pilot-service-account
kubernetes.io/service-account.uid: 202d1491-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:23Z"
name: istio-pilot-service-account-token-c7xjz
namespace: istio-system
resourceVersion: "43428"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-pilot-service-account-token-c7xjz
uid: 202e0527-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRjMlZqZFhKcGRIa3RjRzl6ZEMxcGJuTjBZV3hzTFdGalkyOTFiblF0ZEc5clpXNHRkamx0WTNJaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNXVZVzFsSWpvaWFYTjBhVzh0YzJWamRYSnBkSGt0Y0c5emRDMXBibk4wWVd4c0xXRmpZMjkxYm5RaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJeU1EVTRZMkl4TmkweE5XSmlMVEV4WldFdFlqVmhaaTB3TWpkbE1HSTROR1JoT1RnaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZhWE4wYVc4dGMzbHpkR1Z0T21semRHbHZMWE5sWTNWeWFYUjVMWEJ2YzNRdGFXNXpkR0ZzYkMxaFkyTnZkVzUwSW4wLnFwT09wTW1GYTg0b0ZPX2loMmg1Zk9DWWFieVlfSnpFelI0TVBaYzd5VHdBdEhrVThPVDVBMnMzSzRSdGdOTEhsMS1vTnUyUVFmWkNyOUN4M0c4aGlkUmYyaHRiSGZ4UzdjZUduY1pkZ2xUcW1SN3NtRmhwZGhBclY4cElYSlBndnJ5QTg3N21FM01TeklZX2pqel9vMGs5bHlLa3ozSV9zWVpObi1iSjl3b0F4UXdBYnZxZUZ3ZURNalZLOGNqc0tGMFk0WjJuWDFpdmF2OHlLcVNKS3owQkl6eXRXM2FWVUxTVmtvOFkyNmNmbWNlUVlrUUN5QW9ReVo0Y0R4ejVZOWQxckJFTk5Eajc5YzZuNnlpWWZaMXhsY2xLbmJlTHgxdzhWajlQbnptVFFsblQweWJ4RXdFUTFfcmtrTHFvWVB5b3J5bXIyeWo2OUlqTVItZS11QQ==
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-security-post-install-account
kubernetes.io/service-account.uid: 2058cb16-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:23Z"
name: istio-security-post-install-account-token-v9mcr
namespace: istio-system
resourceVersion: "43431"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-security-post-install-account-token-v9mcr
uid: 2059d214-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMwekNDQWJ1Z0F3SUJBZ0lNRmR6Q21kRHBvZ3hGV3JpZU1BMEdDU3FHU0liM0RRRUJDd1VBTUJVeEV6QVIKQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13SGhjTk1Ua3hNakF4TURRek9EVTFXaGNOTWpreE1UTXdNRFF6T0RVMQpXakFWTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9vNHJaNWFqY3dySURZSUczMkRJNk1SbEFoV3FwSkFtcnZGQ3VhdllWbUw5L1I5N0srUHcKeHU5aTVtbDV5TmxzZFlVeEZ1MnN4OEpVdW5SUFVQOStQUlNNY0FNdUhKUU9LdjZka0FXTG1IVjhzSjBWOVE5KwpqNXYxZzhya0hQd2E2TWNicS9TOUpiRUQ3TWVpOG1GbFlyb0tlNjJpVzRpQVBkbHNVWHVPeURuTUhyNTY5eWNOCmJMdmhLeWxxTU50NFQzV3ZLUnh0bFdsS3VIWWQyMktKVTFCTy9FbFlNQ0pvZXdKd0JXZ3FwcktLOEpyZk5PTTQKMHpCNlVGSDNrNE53RzRybjlUbFg3TjNwdE1JTGJORFFDazN4RUExM2hyUWJzcTZrei9Nb1ZiU3FmSjM1WWY5Ngp6STNGb1B4Rmd5QzQ3Y2ZZeGdBNnJGMVNUYVdycUNESUZ3SURBUUFCb3lNd0lUQU9CZ05WSFE4QkFmOEVCQU1DCkFRWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmRllXbUhZaTFZV3gKN0FHUlBNaXNNZDlGZEkrSlNhMzdRYnZ0WGtpVVhEU0FtQXVqV0dGNlFDQ09QcWNJMFJ3TFVWVUVqUFhDL295VQovM25pak1mdDVwQlZZYmhpa2lMRy9pMllEM1IyaVRQRDFHTlpCYzgwYWUzYVM1eDIyQkJERE16dHkrVXhNSkhLClNPaGpMMUgwQjRJZFJYam9YQ1pNQjNOTU53WFRVUWdnMGxUUExaZi9TTlhtdURPUjhQbnRuUnhyOStGV3R2T20KcXczc2VGYXNNWm90VW5ITGVVV0J2SlI3N0U0WFAxbW9qVytsWWx5TDZXcndKV1ErdTBEMEpZamhRb01TWGVCVgp1TExpSmNkb1d6cjNVM0QxUEZvZ2JpN2IvNGc0bXdkZjUxRmxDbE93dnFJZVdzWTBIUm1hSGNoV1NyTHorWm5pCmZMcFFzaS9rdEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: aXN0aW8tc3lzdGVt
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnBjM1JwYnkxemVYTjBaVzBpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pYVhOMGFXOHRjMmxrWldOaGNpMXBibXBsWTNSdmNpMXpaWEoyYVdObExXRmpZMjkxYm5RdGRHOXJaVzR0YldOak9XUWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzV1WVcxbElqb2lhWE4wYVc4dGMybGtaV05oY2kxcGJtcGxZM1J2Y2kxelpYSjJhV05sTFdGalkyOTFiblFpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUl5TVRFek0yWXhaQzB4TldKaUxURXhaV0V0WWpWaFppMHdNamRsTUdJNE5HUmhPVGdpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmFYTjBhVzh0YzNsemRHVnRPbWx6ZEdsdkxYTnBaR1ZqWVhJdGFXNXFaV04wYjNJdGMyVnlkbWxqWlMxaFkyTnZkVzUwSW4wLkExZXVGQW1PTkJnTWJLLXdkbDI4bU41UXNrUlJmeXhKVTV6WkxGM2tON2JJV2E4UGZCbnYtYkd1TFFqMTMtWktmUTBuVVdsZ2hrMGJZSTlyc28tRG5Cb3otS2VwZHdNT3l4STVHcTJVYWVPVDRscHJOQ2Q3RnIwcHYtYVdDcnFPaGlRTkhTNzU4ZWdIbndtT2NCdDFRbXBxUzJfOFU2Z2JTeFVPYzNoQzRxZllLcnowTmQ3VElNM2VNNUtEYm1fWlRxcDhjRTFFeGRRd3N4UFdOVHEwbTlSdWxqQWpoMWVKcGpvRmtQQmhHWXBHQ2VQTmpZZ0lHMmdwamFZMjY3UEl4SF9td1NGbFVyRTR1M0dTTHpXWW1faGxUeUgwTVAyZU1OSVFRVFNWTUk3bVRlZ2o0RHViOC1rUXB3LTl3UW5kektaaklEWFJqZ0lTZFQwd1pNQ1JRQQ==
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: istio-sidecar-injector-service-account
kubernetes.io/service-account.uid: 21133f1d-15bb-11ea-b5af-027e0b84da98
creationTimestamp: "2019-12-03T10:53:24Z"
name: istio-sidecar-injector-service-account-token-mcc9d
namespace: istio-system
resourceVersion: "43449"
selfLink: /api/v1/namespaces/istio-system/secrets/istio-sidecar-injector-service-account-token-mcc9d
uid: 21144902-15bb-11ea-b5af-027e0b84da98
type: kubernetes.io/service-account-token
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRakNDQWlxZ0F3SUJBZ0lRVkhENWp5bmFPaFNLaWJ2UTRZdG51akFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNek9Wb1hEVEl3TURNdwpNakV3TlRNek9Wb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMZkFYTlZDCnJEakxsTGdVbVFuU0dObUFvdkd5NEwwOUlmV3ZpQnY0SWl0eDFjY0w0d2RWaGlsb2M2aHVkaVV1VmZhMFlnTmkKMG5Wa3Y1Q0tUWXUraGpyU2pWYVBEK0UvR2tPM2d2R3VtYnRyTWNnOGQ2NDBzdnp0TnpsYkZpd0lid2pXaDFkdwpSSG1FT2tDTDhEUi9mU0JIMnZVWUg3ajB1RXZidmk4elpTUkNxc2JvY1VZb0tMOFFYckpWYUR0MFBWWFNXK2h5CjhuTUJVTitKQTM5VmdIS1dWMzR0aitVeldWdWxGNTgzUTdBUnJ0L2NZRVhIUnJGWUhGSDV3SzY1MWV4ZXJMMTMKWTBKbXE4clVHZU0zTE1LZTdSWWR3RWUrbnYxb0JvZGZHKzJ4dDArY0liUjNPaXFLbnhOZDZhOG8rZTd5RFpIQQpkbld1MlBLT2NkdjgzVGtDQXdFQUFhT0JuekNCbkRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1hRWURWUjBSQVFIL0JGTXcKVVlaUGMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2WTJ4MQpjM1JsY2kxc2IyTmhiQzFuWVhSbGQyRjVMWE5sY25acFkyVXRZV05qYjNWdWREQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBZGsyUjVZaC9IQmRKeDBwcnNweWtHL1M0M0ZuYlM3M3Vmbzl6ejBvRkRwU1JKZ0Y1Z3dWUWYrcVUKWU5WODZDVXNCN2MwRllwaHQrWnNTZGF1MG9uQVpleGphU04wNVlLUjVNRlREZDh4bFBqM0Jta2VBTGlWenM5YgoyV2VPVFZWdkRNc21YeTVWVG9qQ21vbEI5OFRVZlk1aFRlamRPQitIaVhCdXk5K3VIM09NdmZuT1NmRWdxRW9sCnRQZ0gzNWJ1cmdKOExDVDBJeDFMeURuZlIwdjJMbDdCSnNKdGlzKzJITVRwaDRYbEpycXF2S2RqQ1kxSEVHdzMKaFBjd1Q5UmowTHRDRW1XdEhEK2kweTVZVnlQejRxUzFzcE5OSTlZdzZTeGNZUVRoamR0cEdrNVNVOGs1enZySQpOWGEySEhDRkZHMEgza0FpbjJQaVJLUXQxbFpaWHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdDhCYzFVS3NPTXVVdUJTWkNkSVkyWUNpOGJMZ3ZUMGg5YStJRy9naUszSFZ4d3ZqCkIxV0dLV2h6cUc1MkpTNVY5clJpQTJMU2RXUy9rSXBOaTc2R090S05WbzhQNFQ4YVE3ZUM4YTZadTJzeHlEeDMKcmpTeS9PMDNPVnNXTEFodkNOYUhWM0JFZVlRNlFJdndOSDk5SUVmYTlSZ2Z1UFM0Uzl1K0x6TmxKRUtxeHVoeApSaWdvdnhCZXNsVm9PM1E5VmRKYjZITHljd0ZRMzRrRGYxV0FjcFpYZmkyUDVUTlpXNlVYbnpkRHNCR3UzOXhnClJjZEdzVmdjVWZuQXJyblY3RjZzdlhkalFtYXJ5dFFaNHpjc3dwN3RGaDNBUjc2ZS9XZ0doMThiN2JHM1Q1d2gKdEhjNktvcWZFMTNwcnlqNTd2SU5rY0IyZGE3WThvNXgyL3pkT1FJREFRQUJBb0lCQUNOQWYwN1duSzNFdU1KYwpDVVF1RDJCaTRsL1dQbkZ2c2YwdGNNSlU1MUZJWklmc1N1RFVVb25OSlNzeURlNXlKa0hQTjJLSTZmRmxvNjY2CktjaGVnK2Z6RHZTRk83bXQzbjhSVE1qTEEybEdWbVdnM0NFS3NTLyszbkpkZkRKMFo4RGRUMWZDRFJEM0FpbngKN3VKVGR4RGpXQ2xmT0c3R1hEa0pia0lsN1FoNGdqSnN1eUluaktNZ1liT244RzM0QXBXTlhlVUF4dTNkVU5aQwpNNFNIQlVMVzlCdFBJUGE5MFNWRGM1SmlpakdHRjEvZjZQbksvZ0wwWldxbXBiZ3drRjUzdThHZXh5dDB3andTClBuRTdNRXRyeFJGa1RKQkxvV2EwOFQzUDVzcjU1Rm5jMkpKOStJcFp3ZXcySzNTRC9SZDZrSTN5ZmNqZXJUMEkKSU55RllLVUNnWUVBeGRCSkRkMUZVOGlrZWJJNFYwUU15aGZpbElKWGZmdGVRYWVmRWZ3VGJtRThzMmkxZzdpcQpsS1Z5UFc2RXpCNm9HNEF5Z0FaOHdFcEpiYUZjK0RFZWF0L00xZ2lNVkZucmJzNUlvMnpwZ3pMdXBDNGFVYWh4CkNjRGxRc0FMbHluQTNlT3BOVW5sdUdkYm1Jd3JTTzl3T3hDOXN1MS9QZTBMWUpoQzJKZlJleGNDZ1lFQTdjMHIKUEw4UGgxcEt6NjUrUkxTeE5RY0EzNFRybG1BM2VqNjJzdmdQQjVXc0ttRlpsUEVxY0JHck92MThtYWEwVFk1aQo4T05tOC95dXhpcFBNeXB0SUVNZGJnWHNrYmt2SFVtcHNFSHhNU0lsQm53eHB4ZUMwQ0pXL1UyL1RFUVBLUW5kCms0Tkx5ak5lQTJuYkJWd0dWRThTc2s1WnMwaU5oTWRuSmtEdFhDOENnWUVBcG1iU0xZR0hnalYwZHBML1pobHUKa01xSzVkYkhkc2p2djFjY0x1cllCYkJ5ZVpHSnIrYTJTQmp0QXRSbmpiWDBRRDRWUFRFMzNDSWhwc0ZwRGJkMApHUDl1dGxXMmhuYWw0QzVUV0hhVDhMUDFuOUxRZlFTdklqOU1IRnlrNDJKU1JkWHZUMDU4bWlVSUhrazdXRDFqCk1heWhoMVRXQnVmUy9FelpYbzVIdjcwQ2dZRUF2WjFvU1pMTGJoRDRNQ3VoOFdUbkhESk9adXhVOGQ0Y3ZuUDkKT0MyRnhuVjVCMzRDY1RudnJkYlk0enUydThucVlTRVZFYUV4dVlFVlYxdnJOUkF5WFpSR2hqRmhGajFFTFNWTQprZ2V5cTR2ZlhCRnhnaHZFS2ZRSHl3alFiWjZqUEFUcTBqSFNJQlBmZGZkVk5pdlB2REFrNTFxRU9lbXpObG5OCmpQb2VpZThDZ1lCM1g4blp6S2NVaEErNmJBYTJwZGFqM1NISEN3c014Z25KNGhGS0hOSDd2WktXeHNQYkdRT1cKNnVyQllYQXUxdDdnTGY0dXJYVkNDTDYxbnlqdm5WbWgzOGxNSXlYVUZDbGdKbVdpMVBMQjFaRm9nZnVoZklhNAowcVRtbmdMMXBjalFYM1BJSEpncjVOcnA0R2tKUDdGWUtRa2l5czVGTVBySUpVaTBOSW96RHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: cluster-local-gateway-service-account
creationTimestamp: "2019-12-03T10:53:39Z"
name: istio.cluster-local-gateway-service-account
namespace: istio-system
resourceVersion: "43654"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.cluster-local-gateway-service-account
uid: 29fe6b7c-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJekNDQWd1Z0F3SUJBZ0lRSmpPNE5FWFRBMlJyRExYa21oOVAvVEFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME5sb1hEVEl3TURNdwpNakV3TlRNME5sb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPNkFGWTQ0CjFOTnBrL0QrczVJVjdPNDczb0ZEUjEvWHJaUGJCNXpHV2F2NmdnWU40UC9McngycU83Q0hrem91ZTI5QUhPdjMKVkJZQmppVzFUVUo1ZXBZcHc3dlczMG93cngyR3grckFMZnJPZXFhcjh3Rm9YVFAza3FTeHhFQVZiZVJIcENNRwpkVUxnVUE5Zm94L21uQS9MTlE1Qk5uT1RCbUtLMTloY2Z2OHdYSWhPR0Y5M1duUDVId0svWDhtWTVUUnhBZk41CkJxRGhHZDljblZocFlrWEtLamZ3bkNSaldTRm8zS2grMkRjR0gxWHV4T3pqemJwZmtYQUJxTmFyUkNHeEJDOTEKbEp4QXp5UWs2YmdPRXZDRlBEemdvWmJ1TkM5WUxpUFRNS25icVIwN05vY05ic29qalEwZ25kZUJEL1B0SDVPdQpaODVLcGZiWDBaczNrTDhDQXdFQUFhT0JnREIrTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVCkJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBL0JnTlZIUkVCQWY4RU5UQXoKaGpGemNHbG1abVU2THk5amJIVnpkR1Z5TG14dlkyRnNMMjV6TDJsemRHbHZMWE41YzNSbGJTOXpZUzlrWldaaApkV3gwTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCYlZMRlhaWGYwVGQvMjV4MmxYdmNka3MxK3FpWFBwcWhBCmZPVXpYZlNkZFg4cXhQZ01rMThURjAyS2tnajhiRjBmL3JRMFIwdTdsRzlOMURYUlVpWUhCZEFUeVNsTWpNZjgKU2x0YXdPNXJlMi9YazA1cWE2eVhXZTNyRTF4UnZtR1JOV1RQYmZsaDFiMkRYeXRuT1F5WVBvWDU1cHUyMi9VUApzdFFZK2t4MUZTaW5PSG5oVmc0eklVMXgyb0N2aERrZUNSMkRMVzJWeXhmeTh4MjRjTjBhYXBZV2tMM3NFc0plCjVBc0lyazBxUzV2bTlFWE55OFViVnczM2Y3cFE3NkNlOFVNYWkvNEYxNmhaOUgrRk80QXcrcTJGMTF6Wm9ocXUKa0FTYWhWeS8zN1NjeFVXS2d3SE1BSTIzeGZsUlRPdW1hR1d5NU5GRmljelp6dlEvOTBhYQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBN29BVmpqalUwMm1UOFA2emtoWHM3anZlZ1VOSFg5ZXRrOXNIbk1aWnEvcUNCZzNnCi84dXZIYW83c0llVE9pNTdiMEFjNi9kVUZnR09KYlZOUW5sNmxpbkR1OWJmU2pDdkhZYkg2c0F0K3M1NnBxdnoKQVdoZE0vZVNwTEhFUUJWdDVFZWtJd1oxUXVCUUQxK2pIK2FjRDhzMURrRTJjNU1HWW9yWDJGeCsvekJjaUU0WQpYM2RhYy9rZkFyOWZ5WmpsTkhFQjgza0dvT0VaMzF5ZFdHbGlSY29xTi9DY0pHTlpJV2pjcUg3WU53WWZWZTdFCjdPUE51bCtSY0FHbzFxdEVJYkVFTDNXVW5FRFBKQ1RwdUE0UzhJVThQT0NobHU0MEwxZ3VJOU13cWR1cEhUczIKaHcxdXlpT05EU0NkMTRFUDgrMGZrNjVuemtxbDl0ZlJtemVRdndJREFRQUJBb0lCQUUwbGsxTm80TGJ1RE5QRQpuN05lY2tCeGp6ekMxWUNVRkdxaVMra1RaQWcwUlFET1ZueUhsMEtDUVVLTjZEckd0Rmk5SlYzU3FCbGlNV2ZUCktJV2JJK01VNldLR1U3MzgxM2cyazg1RWtkcnlGVXg2akdWbEs5aldlVkhheXI5cjd4c0xiWFdDN2tWT3A3Y0IKV1pQRkZiQXFMQ1JMUmVER3F5Y1BBRmpWT3FNeWtwMlFuSHJrQ3hld3NmTXY0bXgwdVNnTG02dTdIQlhWUUg3awpLV1FTUlV6ZU9EM0dsMU9TUHg0ZzgwYkhBRU82NU5vN2tCREc1QXQwL2kxOGlSU3JBb1F2cW8veHlJWDIwQ2JPCjJxdXkvSjJuWXlxcldkcXN2d0laZ2hZeEN4ZngvTjdmaXpWZ0lic01yWEVGcmxNMEpUdHN1b09yOEhxcFhobjgKaysyM2Z5RUNnWUVBL3NPZ3plcCtrVE9SUFI3dUQzVUhiRHdUVktNdDNhYXJwS1c3WXlPTUN6UDAxdEx6Y2pXQgorcVpKOG13aTVxMk11REZFOU93ZlVzbmxuWjVvRG9KZjdKL1Y4L0J0STRXYktWM3ZJQmc2aFR1S09yM2hpUWRUCmZMbnVlT09NK3BBZkZDb3lvSVIranNSa1ZtMEFMSVVkMnF5a2VValdSeUUybUNVVXgxV2pBeEVDZ1lFQTc2aEMKWG5rU1JFd3V0Ly9pWk40WnV5K1hyb0ZOQW9vL2JjS3BLRzJCWFUreFRUWXNFTitWelF0dHV2eEsydnR5TEtVMQpNTW5TY1RuY3JhLzR3VlVhTUtzWDIzZHZuU0lCclh1OHNnSk1ibEJIUVpJa2o4TmtLVEZTYkZQVi9EaGZZWlJkClRHVTZNbFNmYVVhcWVzMkxueEhjSDNoNVlKQXJqb3V6VjZDYXRzOENnWUVBMVRkaTRKTnR4QlkxYXNMMUdHaW8KZ3JRd3RYZ3dUYjVORHVwSnp5b1Q3ZGhaQkdYZXEyb08wM2pTa0pwaUIwK2VZeFdSRWE2QWRLaFdqTGpqZTZrdgpvUGtRZGkxMUdmS2FybDlZWHpNSDN6TzZkM2t0UmFLbEE5RVV2WVlzR2hQK2ZzRG1TQ003VEQ4ZmZwbVJPTEZjCkVBVEhUbDVnUDMyVGxIZ01VTnZpSnhFQ2dZQVdvZEFxdGNwSTB0enltV0thM2ZLV0g4ZDJQbFcwY0xQT3ZMeFcKeWdpV2RFa3RIbm1JMm1SK0taOGlNbU1yVE9XYVc3dXJNTlFEeDFBVXd2Sjk1M2lDc2hXZHJ5akdNUWp4aGlicQp0SmJkTUEyYW5wOS9TQmQwWUdrRk8rR1FZUTU0MjViMytQTkcvNERTWTA4RUs5Y01uWllwRHFwL3VQMjBCM05YClNoNXlOd0tCZ1FDR1ZFbWdVWDRXYm5nSjZWYXVtazNMSTJiL2Q5dHdIeTFtWEdQSXVNMFg0TzJDb1N6Y3BoUHYKMmUyUjU0SUZjMEVhcDMvRnAwc3licVNmZHJhRkRzNXNLeWpod0tIb2ZYWjE0L0RldFZuc1NGM3hFYmI5VStVOApTVFdWK3hiekZzRnVveHN0bE1DNFdKWExZWE1KZmlFdDhuc21BNk1XeWNGTk9wSHYvNEk2UHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: default
creationTimestamp: "2019-12-03T10:53:46Z"
name: istio.default
namespace: istio-system
resourceVersion: "43685"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.default
uid: 2e0f7974-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPakNDQWlLZ0F3SUJBZ0lRVlUrU3ovV1c2N1dZY0RxUlUyUlA2VEFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME1Gb1hEVEl3TURNdwpNakV3TlRNME1Gb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOeDNTcFVWCmlWcjl1OFRnN2hHUFAzenM1aVdyZ1QrV0lXdW5JVHJ0dkloOWdENmtISjQ3MW9EbGd2YjRMaVhHQzRvNGFQbjQKb3lJYlNWWit2Szl1Ujd0RFZta3ltKzVWZFdCREUrdmRFYmFhd2VuTCt5cERDRGM5ZTE4ZnpreksydCtjdU11QwpXWjhGWGdwYVVObDlSbTV2L0ZaMU9wVmlsWTZGNzJ1Vkc4aW9mRTZ4dEd3bVZKa2ZwUkhQSjF3R3dVRlR3dE1mCmJSYjF3NzlmenluMk04b1RtejRuQ2NYYnFmSGFPeWEyY0d2WWtOQTU3L3JWTU5sTGZuOUhhQzRiUGlRYTJYRHQKT1ZBSmRLR0lzY1R4dGRtWnJqV1RvUWVaUTI4SnZaUjVjUk1Rbjl5TVVFNkpoWEJ4MUpIQUQrRWFPVEI3STFLOApXWXlZZFlqL0NlNmZ1ZGtDQXdFQUFhT0JsekNCbERBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1ZRWURWUjBSQVFIL0JFc3cKU1laSGMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2YVhOMAphVzh0WTJsMFlXUmxiQzF6WlhKMmFXTmxMV0ZqWTI5MWJuUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSkNsClpTZ3RkM2pGYUphK0E5RDFQSjM3Tzk5UHE5VkpDMWNLdHROa0xsR3VoMm9CMzNvZUNxWU9JUjJWZDNPMGloWngKUnMzY3FjclpxcDA3MG5XR3o5N3RiOGJ3bDkzN011b3FheXV2MTExb3luT0pWR3BxSDZHamZMQVJUcmlDWGJLMAp5UVJXcWxJL0tNSnRGcmhDNnFRS1NiTHp6ZGo3bVBqUWFxa0U1NVcybWtHN0pHaW5kYUlaL3FGMytHZ1g2WFVtCnlMNGwwM3dOcElWK0t4WE5uNFV3WFFkRGxYM2g0bTEzcW45TSs3dm1pOWlaZjlmd0pxS3lWL0M4WUxZQkNFbVIKWm5ZdVhsM2xRenpFQUNMNjNsMU9oM3A3aVNRcjhaNy9GYXBoSG51c0dOZ0pXbzkyUWFSd1RMNS9jd2Jyd2ZReQpPL25XeHdTQ2lGL0E3SGNqemQ4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBM0hkS2xSV0pXdjI3eE9EdUVZOC9mT3ptSmF1QlA1WWhhNmNoT3UyOGlIMkFQcVFjCm5qdldnT1dDOXZndUpjWUxpamhvK2ZpaklodEpWbjY4cjI1SHUwTldhVEtiN2xWMVlFTVQ2OTBSdHByQjZjdjcKS2tNSU56MTdYeC9PVE1yYTM1eTR5NEpabndWZUNscFEyWDFHYm0vOFZuVTZsV0tWam9YdmE1VWJ5S2g4VHJHMApiQ1pVbVIrbEVjOG5YQWJCUVZQQzB4OXRGdlhEdjEvUEtmWXp5aE9iUGljSnhkdXA4ZG83SnJad2E5aVEwRG52Cit0VXcyVXQrZjBkb0xocytKQnJaY08wNVVBbDBvWWl4eFBHMTJabXVOWk9oQjVsRGJ3bTlsSGx4RXhDZjNJeFEKVG9tRmNISFVrY0FQNFJvNU1Ic2pVcnhaakpoMWlQOEo3cCs1MlFJREFRQUJBb0lCQURKclpiY3FzYnNKaEVQRwpYU3ZPNHVvakU0OVI1Y0V4Q0h1aVFVdEV5M1U3bm5TMCs0YUVrTTN4cnoza0RFbS9QU3hqTWo3WXloWW12MkwwCm9ScE4wa0hWYUpHdWJWTFlZSHVmVzVMNWYrK08vUUlIRUczZDNxY2pmRytJeXBsdFd4a0FzcEo0UVI3SkQzUzIKcXY3U1U2VTJIek4ybytzK0hJMzN1NFdUR0VPUE9BLy9pcE4vSTdINDErQWwzdllvTFB0OHNqZ3UrRXd6OURnMAp2cUZFME9MTnpCSE5teVo4QU9YcGlndEJDUU9uVDZRbTgvQVFzSFV2OS9HZGk0TUNYaXVUQnhWV3FOLzlJNTNlCjR6THFNc2JNM3lPWnVIVmN6VUdoeU83T3JjRUsrbnJBdnZoSUU3QVlKL3FRWFNvemc4M2thL3d2LzdlK2xlaW0KTGJSMlVnRUNnWUVBNlVBTGRkTHVzMWxuK3dSUm5BT21Wbjc4TCtjdTA0Q0lMeFU0OGxhdmR2SzV0QUpmM2JJQgpVMGh0QkpROG5ZY0FjTlhNSEc2d29xVWM0OEM4Yzk4WjNUWG1TdkQySXFjNnV3SGIwWjFwOEc4S1FNQnJkMktUCnd5dzJUMVlrYVY5ZGxFS3NMZndiTVljeTV6R0N6VzlBeW95YkhTRXpXVzFMcmRoRXltcFJpdkVDZ1lFQThmZ0sKczROQndWZEhjdmdCOTF4YW45bS9aS2N3TXVvdmlhbUZPL1puSjByV012QzdpcEI4UlVhR0pyVkVaRmFYKzdWeQp6L0Z6M2h1VVAwMm1pWEhSTVNRRnBJKzN0NExKVlo1RUh1a3lpNnJzeWlsZnRQZXJOQzJHcVhmTUNVY3hUN0FYCjJ0Y2dsQ0ZYSEp1YXk4dUxLNFpKd09lL2wwRGY2bnFkbE00WGpXa0NnWUFBckRPY1FtQjMyZkVuMHlwZEZkR2IKL0QvRDc1bTkrR2ZzSXRhSU5HSExLUVlLRTl1czZ2OS8rdng5ZitQdzNGdk85MzdnTWgyR1NvMmJ4b21FbUFjZQpFVEs1MHBvVEhZSlkyYmVGa2p1ayt0ei90TTVhaU1rK1RkbFdQenhacFhIQ3BMS1VhMTYwdE53YnVKUFUvZFlrCi8yVFBIN0pqTnFKNlBONXQ2d0tUTVFLQmdRRExSTE5Bc0lBNXVtZGtWcUhZT2paTFdQSW16U2g1YlRBNE5qZWQKOHRZZk5RZ1NUUmRQUlNlUVRybDlwUU5xUXpCMEhLN3hyd1hHVFdiUmN4cjNGYTFGMmR2L3JWZ0ppbzQySmJsVwpPbExpNzlqeHo2WDk4WjFhUFBDR1J3UVp1enZhbExURmU3bDdsektGN3RZd1k3SnJBdW5NYXlNUkhrZTh3L3JECk9ncWhHUUtCZ1FDOGkyT0ZXYTJxendYSEk5Q1IvUzg2MGdHSzNmOFE0MENDeFVXSGtZNDU0cXhta2hCSlJnaFgKTm53ZlRQbG1EaStrZ1VGeEpzVDVWOEx4czlxT3A3WHR3Nk9hUWJmRlBXSjRVa29GM0VlYmNKTytFcTFmT1pHVQpNNHh4TTlzMXJPd2JWZldvNzRZL2p5b2VpczI5K2gwdDdpT3dNaS9oSzNmcENzYnJTS2haTEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-citadel-service-account
creationTimestamp: "2019-12-03T10:53:40Z"
name: istio.istio-citadel-service-account
namespace: istio-system
resourceVersion: "43659"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-citadel-service-account
uid: 2a4ca5ed-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURkakNDQWw2Z0F3SUJBZ0lRSUlldzQ1elZuOER0ZHVuZUtKc1JBekFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME5Wb1hEVEl3TURNdwpNakV3TlRNME5Wb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNQmN6cHliCjZvZGFHSllDQW9vejlETUk1L1NVNDhSUFRHQUxEZkdtL0ZxeWVjd0FFaGkwSFhrSUFTSXRvOTJLTWVlT0s0RUsKR1BVRENyR1JQeHRaYXJCdjZoZDg2QzQzOEkxeWdSSFlSaEhBbnBIelpIcVQrOE0zSlVtY1d4M3lCVElGWXVJagpVSFpuUXdMRnY1dXNqWlphWjN4Q3h4MnVYcmt5Q3FKSVgzb25uWXE2dk9zZ1Z4OWNTRWMzaVlNMUFoWFlBVHFKCkVMVE1NM21rVDFxZnptYjV2NE55V05WdStuWHBjWVNsS090TmdEeWJKVlNpV1pnSTBqK0c0aTJYUDR2d1RDSXEKdG8wVTFQaEpWMC9ldHorU1JOeTRyRTI1ZWRQZlV4T3Rwd3htMklGVjBHRWVmK04xemlsR05FMS9FRXpoVng0ZAplZFBKejVBbExZMDdaNzBDQXdFQUFhT0IwekNCMERBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd2daQUdBMVVkRVFFQi93U0IKaFRDQmdvWkdjM0JwWm1abE9pOHZZMngxYzNSbGNpNXNiMk5oYkM5dWN5OXBjM1JwYnkxemVYTjBaVzB2YzJFdgphWE4wYVc4dFoyRnNiR1Y1TFhObGNuWnBZMlV0WVdOamIzVnVkSUlkYVhOMGFXOHRaMkZzYkdWNUxtbHpkR2x2CkxYTjVjM1JsYlM1emRtT0NHV2x6ZEdsdkxXZGhiR3hsZVM1cGMzUnBieTF6ZVhOMFpXMHdEUVlKS29aSWh2Y04KQVFFTEJRQURnZ0VCQURENUxmeUtXZXEyU3J3YTl2SnVjQzhRdUNwRmsxeDNpTHRuL0FuMEZtTjliSWxBOGRvdwpVM29HekdRdFRyeEUzSDRhYjJWRFZKMitMYjRoY3VKUkY2RUEzbVczM2I5L2JYdHB3NzQ1aXZkNmd0VEdqTzlJCjI3TmxLYmhKMzNjMyt3eE5Wd0dHNVJmdXBVd0ZmeW44V0tMWkFsbmVoaTlibVd2c3FzK1QvaFpaL0dmTjc5dlIKamc3ellRMWRuMXJQY3p1eC85KzRFcGFYNEtWdnZqWHlVYzNDaEtXL2lLcUYrMWNma2FuU1BuY2FoNjlrR1JoYwpKOHZSN0NzQjBBNXNIL1MySmJ5cWQ5UjFyb3hIektDcG5VSmFQTE9ZNkkzRHh1TjN1eHltVURTVEZNWnVzNlJXCmJFaXZkYmxiSkdqb1AwZnBNdC9wMHF3K2hUeFlaWHZ4S3hNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd0Z6T25KdnFoMW9ZbGdJQ2lqUDBNd2puOUpUanhFOU1ZQXNOOGFiOFdySjV6QUFTCkdMUWRlUWdCSWkyajNZb3g1NDRyZ1FvWTlRTUtzWkUvRzFscXNHL3FGM3pvTGpmd2pYS0JFZGhHRWNDZWtmTmsKZXBQN3d6Y2xTWnhiSGZJRk1nVmk0aU5RZG1kREFzVy9tNnlObGxwbmZFTEhIYTVldVRJS29raGZlaWVkaXJxOAo2eUJYSDF4SVJ6ZUpnelVDRmRnQk9va1F0TXd6ZWFSUFdwL09adm0vZzNKWTFXNzZkZWx4aEtVbzYwMkFQSnNsClZLSlptQWpTUDRiaUxaYy9pL0JNSWlxMmpSVFUrRWxYVDk2M1A1SkUzTGlzVGJsNTA5OVRFNjJuREdiWWdWWFEKWVI1LzQzWE9LVVkwVFg4UVRPRlhIaDE1MDhuUGtDVXRqVHRudlFJREFRQUJBb0lCQVFDSjc0S3dSaFZNYlV5SAo5SFVCeVBOb3pSQVhEOVNyWmZsc1BVRUljU2N2bWg5QUt5VE8xZ2owU3NzVlNRamh5VUN6dS94eUVWMklBMkJkCnA3dEt6emx6dnl4ckgwUVdNRUtzQ3RtR2hFRHFaZWJPM1dyRmd1dmJOZVhrL050Umc4UTU5Q2JONVdqREhwU3MKbmtRaFN3QlVPZ3RPelV1ZWV2U3RjN2F3VzVrcks1SUpDQ24wYS9kaWtZZ3BZUEFoNlF6ck9yazBZaWNDU3Y0SQoybHRuS2xLOWFEREZpalpFcUxkODAzM3UwSjdwVm1DVmkxdHlIUWFxZitsN0cveDlLSEx2eFU1cHJlcTdrSVNFCmYrbHI5MEpxamhVQXFyckRjS1BqMGw0MSsyamZrMmZ4Qll6RVlhTHJRNi9EdUlxb1BNdDlhekVWZGFXK29KZG8KWHhTNWI3STVBb0dCQU04ckRYZ2MxODE0SVI4Z1NWdmVLVjJINVNydnliOUcwdWVycFp1MTJZRFBYcmp1eFYwSgpGQmVUZEZnV3I3VW1reEdxRmVWYjFXeUl5S0ZObmRmMXA5UXI1dVZUSHlSMXNZQm1iTTJVZ3Axa1pFRG5reTBqCkIwSHNyWGt6S0RqSEkydUJ6VjZEQSsyc0R3QUdLem45OFl1anR6Rlhpc2puVy80b0dibzF1Z2lQQW9HQkFPMjAKV2d3ZHFqRFN4Z0MwY0l6MTVCRk9rd05ielREVVRMcHh2cWpUMTdFcHhKYlZCdlNpcitqOUFOTGNZemlONkkvVApCN2tkeVZaWi9NTVlqc3g3TEpLVng4MC95UElKSHFCQWVUS2dmL2NjN2F3RkdTVVl5YnZEUzFXV2czUS9IZmlyCmV4UG96N2NpZXRpdnpVWEQ3T1VEM0tOQ3hhbUx6MnBRQjR0TzJqanpBb0dCQUsvQnBydXdQS1ZrdFRUaS8xbWgKTVJiWW8rTzVheitMcG9KRmJVcWRETm5yRkVGdzBLQU5nNjQ4dXdmQXQzRElPUjFUWHlBbXVQcExVV3NIbmxJSgpaMGpwdGduNGF3TlRsak9Jc2VYM2lKaGZBMjdOQ0YvU3grVjJGZll0SUlLSzc5SFZYWlpCTUtRQ3hQY1FSTHYrClpWNUNscmlWdkhpVlQ4WmYzdlBMZ1BpaEFvR0FFY3BpeHU5ZGNvUUQ3NytSZ090U1kzMDNBWlJZV2lRNWplYS8KZDFGTG5tWGE0ZE1Wenk5eDdRVXFqNTJSQzRXTGQyQTYvcjdjOThxS1lXdXdIRnZIclR6cWxGRUcwQjZnblN2VwpKbFRlM3ZiYVR2cWV0Q2tUeUNySXM2SXRPb0VTMUM2NWFuY05QTTZtMVJyclNTSnQwNElqZkZDZURKOTdLYUROCnY3NXFGTU1DZ1lCaTN4ZS9tekM1MWpRVXR1enp4N2c0cG1kVzkwOHZuekhKcWp5a3E0L3JxbjNMU1ltNUtScmIKK2RUei9kNlB3NThjREtON245VlhpOGtidUs1alRkSWhPWjBxK3VRZTZ6R1UxMnJWaDNTa05kdzBjL2xTZ1FaUAprMnZnL0hJVllaR1dhK0RYQ1YrSjd3MzI0RnlhMzd4TUVHSHI0QUthRXNVTXZTaVVTRi9zUkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-galley-service-account
creationTimestamp: "2019-12-03T10:53:45Z"
name: istio.istio-galley-service-account
namespace: istio-system
resourceVersion: "43678"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-galley-service-account
uid: 2d5020a7-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRakNDQWlxZ0F3SUJBZ0lSQUxtV0NBT2J3alFRbm8zMmJjUmFDdVV3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5EWmFGdzB5TURBegpNREl4TURVek5EWmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFhWQ09CCmRpaGNEYUhxcGRhUVRuc0hISnJqZFR4U1FiMUZQNndqenNuTGYxdk9nbmE2OWlTU1graThMcEhMS05rbGgxUkkKbTltUnkrRFBsK1BVdmpUMHNiU0ZkQ0hSTGZWZE4xOXVxVU1HL09NU2FzUUhGRUM5NEo0TjYxMEFlUGt6N09xdAphSlRRekMrb1R3bVNJd3EvNlZOSDM3Sk04bnBJZG9SVTdkN011dEVxSkJRMDJRSnp6TjhBejZiTi84WHhvY1lNCkpmTTQ2OW9BOXp6eEFGOG5pN2YrUEF5SmhNRDQ3RmJNd2I0SmFFeVpIUnlvVUY0bDZDc1hOWkR6VTlESFJBbXAKc3ZDbWJZZkk2MXg0L1N5NVJpUEtsY0hZd3BHRFY2eEhnZzZwM0xRaVNvQ3ViVTFHYjFPOTQzMFVWYXkxUWlTdwpORkd2NEZodUtpVHU5ZTl6QWdNQkFBR2pnWjR3Z1pzd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1Gd0dBMVVkRVFFQi93UlMKTUZDR1RuTndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFdsdVozSmxjM05uWVhSbGQyRjVMWE5sY25acFkyVXRZV05qYjNWdWREQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBTkpIQklPNkZ0TlA5L0p1VWUwM2VYZnFkTkxEY1pORm5mUTFLZWpQQXo5cm83QUI4NjI5YmZqYmwKY3JmdVk5NzFBSmsrQ1pxSXhvRytIUThWc2J3ZWJvYllmZzVlV2NmMnE2WWZycTdoMWhWeHFXWDBJYzBXRS9VMwp3Q1plYU9VOW5OekFXdXFQWDRUWVJoUDVDSmxzU2V0S2VvSUx6czRxSHVYQm9laC8yZ25DSnVZVThQZkNqMHorCmJ2cDRRTTJuV3VYTCtEenVzWnFtTGY4L0pxenhyWno2UDc3ZzVyWFBPenlZWHF5akRZWFBISnlZeXd6U3NoeVEKVzBQQk14TFJGSFJSdUthN0hpcnZFaDNySVJFenlZT0hyWFJYQXpuWnhlWlJLeUY2MzlsbUdFSU14NWt6Wi8wdQo2dFRqZlRvRW03T2w5MUpxcEZrNnhLZlJvY1RvcGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMTFRamdYWW9YQTJoNnFYV2tFNTdCeHlhNDNVOFVrRzlSVCtzSTg3SnkzOWJ6b0oyCnV2WWtrbC9vdkM2Unl5alpKWWRVU0p2Wmtjdmd6NWZqMUw0MDlMRzBoWFFoMFMzMVhUZGZicWxEQnZ6akVtckUKQnhSQXZlQ2VEZXRkQUhqNU0renFyV2lVME13dnFFOEpraU1LditsVFI5K3lUUEo2U0hhRVZPM2V6THJSS2lRVQpOTmtDYzh6ZkFNK216Zi9GOGFIR0RDWHpPT3ZhQVBjODhRQmZKNHUzL2p3TWlZVEErT3hXek1HK0NXaE1tUjBjCnFGQmVKZWdyRnpXUTgxUFF4MFFKcWJMd3BtMkh5T3RjZVAwc3VVWWp5cFhCMk1LUmcxZXNSNElPcWR5MElrcUEKcm0xTlJtOVR2ZU45RkZXc3RVSWtzRFJScitCWWJpb2s3dlh2Y3dJREFRQUJBb0lCQVFEUGJVSDJ5SGdBbFRGUQo5UWhJWXhHb3ZDbUl5N3FjRXEvZE1ZVUZ5WUlqQWtEU0ltTjFuditEOGRna3owZXF5V0xGQUNSMC9ZME5JYlVpCnhWSzM4YkxadFFZTk9ONEt2NWNKZ1BueGhDUUphenJpMXU2WFV5ODZ1bElIWHA5c2dSeXVwSjg5Qk8yMlpidlQKQ3JCUmttZ2Nqd3VteFJyaGZRUEhJa1EvL0JVUWFYR1Z1M2VxcDQ5VVZyY2o1RU5TTFJqUGVVWnpkQ0pTTEliaApRdmt3NHlNUFFIYS9pZlROb1JUY2ZuOWR2MDFzL1l2TFNLU0ZzNWlyWkhGcHFRZkZHWEhEWjZaeGVNVkF5NmxtCmVXaXJHdWovTFc4TnlNcTJ6ZG83VmhhZ0U3VGJDdlpVT3FnMlFhbWJwbGNuakdSbmZhd2pnUjJIME9EZDRsdnAKVG82Q0tBMGhBb0dCQVBZQ0k2UkZ3VmJxdWZoWHFyenBIWVRpL0JTOG9iekxML2F5S0RldzdPNUhyaE50b3lrSwpXZEpGMzNZR1FOU1BKZWU4WkhMMEREdEVyOUtNR3pWMDkxOFJ2ZmYyQVlUZjRURUZxV0tyTzZEZWtkN1lkRHFUCm5hbDFNYlVpeTVUSERpTm5xdUJlVmY3c3k0dHlBdlY0U2ZpeStSMHdNcGNGNHpPMjZQZCtuTk1uQW9HQkFPQVQKQWorS2lCMTdNb3hlcGZKaUtrNnlKd1hnN3pGQzV0Rmt5Nk1GeTlSMG10K09rUjR1clM5Y3NwMUlkcVhyajJNWApRZXJOT20xVlpqcWI1WjdVa0wzMHJiZ3lETWJ4RnVuZWkyZzZNRGIveGZDblc0TklHQW94aWZ4d1JiSGR2enRkCjB6UTRIRHpMZU1tL24rejhKQVMyL0sxNXIvcElwK1p1dFhXVkc4RFZBb0dBZG9VMVVyRmdvbFZYMzNPdENISnYKREZTbkNmNlBGWHYyMGEybmZwMDRxTnZUMi94WVBTK0ZjcTdES0FOL1BHank1Q0I1YklCelhDS05hcXloZHpHdwo5QmFDSlhKWjdRQkhaK3pJWEljT3BVUlZscjFGMGVySWJKblBwdXJxbGZVSXRMbi9NelYvek4rY2VNUW05TWhOCkt3cGV4bGN3S0Y1bnhjUjduTEZkTU1VQ2dZQlNXQ24zVjkxMW1CU1hhU0RxMWhCZUl6SWNBdkZqMVFZbDVUakEKakJ5LzBxb25oYWptd3BoNlUwS0FjbVRIeksxQTZRY2NWcGNtSHNBV3didThocms2VlhTUndETFoyVGRtY3BZZwprMkdzbElvVlNpdGpMMWRHUjdaQndyQ2FFTGQ2Qlp6Y0Q5S3d0TVdLdnBUeTdpWCtaWkN0MzQ1QUYvczd2MnVICjdtZm9rUUtCZ1FEVUVXZkJRWmNydThvU2FnVEpTUEpLazZuZ0NyN0tjMDJXalNRMkVRSU1PZ3NNWlBQNnZ5TTgKbllSbktkV2tnZk1mSHViRThJeUNtaWxWS01jck03RWUzQlpTeHRwdDdaRjVOQU9pSFJ5UDQrUTVEM0k2aktIUwpOamhvQWJURUk1MDk3c3BIQ1RaMmJiM3hUSjNTNjMzNjV6engzcGhEN1kvdXU1RUlQVVZCUWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-ingressgateway-service-account
creationTimestamp: "2019-12-03T10:53:46Z"
name: istio.istio-ingressgateway-service-account
namespace: istio-system
resourceVersion: "43686"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-ingressgateway-service-account
uid: 2e2aaed3-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPRENDQWlDZ0F3SUJBZ0lSQUlSWFk0M205V2duejAvMFlpVzJZaUF3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5EUmFGdzB5TURBegpNREl4TURVek5EUmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzNoNkQyClJTNG1ZbEFFKzMxeE8xTkFCQVFvVnlSTW5TbnhXcEVqSFU0Wll5cVR0OU9tSWZVUm14cE5HemlUVFI2QVhUVWUKcVRTRjVSamF5YmFmOXNhQklad05MOCsxSEZVMGhmcTJ6eHgrUC9jNWI2MGxmVW5qdTE4emt3MzIvTVIzRytkTwpHNmd4YW5HNG93blJVbGhmVDJLWTFuOUdnT0NQcFNDUWZJLzAvSnhWTUx5S2VIbnMyVVRQd29aQ1I2YmRGcGlvCllMaXF0QzdHcndnMzFtSDRhVFRYMGFCWG80TmpZZ0lreGhLWTZxSXU5cko1UFNRRDZWM0RZZnJpRy8vaktxUGcKaXV0TGF3TmU1S2pRRmwzenRCTUNqT0trYTREU2ppV2xxNFVtME5uejdTRndrMWpRYjdMeWo4V1ZxME5HRzlDZgphMk52dkJMZ29vdGNrN3FaQWdNQkFBR2pnWlF3Z1pFd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1GSUdBMVVkRVFFQi93UkkKTUVhR1JITndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFdsdWFYUXRjMlZ5ZG1salpTMWhZMk52ZFc1ME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVJSSC8vCnphNFViTktob054cUd2QU9vdGZGbUo2TFFOcEkySVJTelhxY0Jvc052ODRySDBXV0MzMVd0TmFmZ0hvMTFIOEoKMnJXQStMcjNqSmNjd3hvR1V2L00wQjd3bnJWNHJTY1RGTE1NUGw3dkxzRGxyUzhGWjU5RmNzZERYMkN1YXhNOAo1RjRDWlBORGJFTnNPQll5WkFYVlNDdGRaQS9aZFMyMi9rakthREt5Z1pHdlBVWHMzOTdoSXQ2UjFkWHZpU0w0Ck9ZcGxnVUtGV04zY0FlUEcvM21qK0V3SkY5MklaQjlxT1FKN0pLbXpTbEJsYmtxUDA2T1JXMVBRN3VkaG1rWlUKbWZ0SXRmTFNGVEZxSldreENaVTFGRXNCL2tGOHRhL2dRL1NHVE5IbExER1BlS3dhZlBYQWJuVGluLytETFRTdwprS2dBQjVGU2JEQnd2U0NDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdDRlZzlrVXVKbUpRQlB0OWNUdFRRQVFFS0Zja1RKMHA4VnFSSXgxT0dXTXFrN2ZUCnBpSDFFWnNhVFJzNGswMGVnRjAxSHFrMGhlVVkyc20ybi9iR2dTR2NEUy9QdFJ4Vk5JWDZ0czhjZmovM09XK3QKSlgxSjQ3dGZNNU1OOXZ6RWR4dm5UaHVvTVdweHVLTUowVkpZWDA5aW1OWi9Sb0RnajZVZ2tIeVA5UHljVlRDOAppbmg1N05sRXo4S0dRa2VtM1JhWXFHQzRxclF1eHE4SU45WmgrR2swMTlHZ1Y2T0RZMklDSk1ZU21PcWlMdmF5CmVUMGtBK2xkdzJINjRodi80eXFqNElyclMyc0RYdVNvMEJaZDg3UVRBb3ppcEd1QTBvNGxwYXVGSnREWjgrMGgKY0pOWTBHK3k4by9GbGF0RFJodlFuMnRqYjd3UzRLS0xYSk82bVFJREFRQUJBb0lCQVFDUTZCeVY5YjlmZlNaVApHTUpOd2hxVUk5ZW9oazFaMUltR1VBemlYY1FKVlh3TGtBd2pVeEp0YVRwV0FSVWxjTEdSaG9abmhBKzlYRXJJCmpKV09MY2xEc2ViRm5xZHdCMFBiS2FIdjd3MC9QWUFVc0hGVWRWeisyelZxd2tRM2JCSXZQUy9mUXdVRXAxZk4KQWFYQnlUT1BaVjJpOFZFaXVLVVZwYnBWZXBRclNHWktXTDN4SkRxL1dzWlluZThlVTFZd3BvdzFHOTY5bUs3YgpKSldpVFl5WEVhRUx4bDBCblMxV3FxYy9WdERDbW4yb24xQ3plZndBZkxLWCtVays3bnRLU3Mya2VKanViR2pRCnhyaUQ4NjFHenhOanVDZHVZdG9FbU93eER1SitSVEh5U2xMQVlHdHZxZXd6Qk5IbmI1MUtRNWV2S3JFUHV6K2YKNGxHY0RoRFJBb0dCQU56S0hrY2VqaWRXUm5uejBaUzZ5eW8xVEFBT0k2bDZNOHQ2S1BxMTRGVmE5TUVTek1jKwptVXJ1ZTNJT2ZqejRIbjhoUkM5ajZXMGtOZHQ2eHhvUW1tdkU0SjhOY1ZabjFxOFk4TE9RNVdpc25PdXNIWGlFCitwNS9BRjdadTdqd0FqckRialpzWW5VUHFaV0VPR1NFMEcycWFwbnhsNlR6MFlmUlF4U3pjQml0QW9HQkFOVE0KVzJWV25Ib1BZb05JdU13bFYvdWhBVVBQMEJjTEpGNi9qQXpQaGt0ZE1WMmlHb0l4WjVlRlFHcTBlZk5WdGQ0ZgpKdEtHRkJIR0hYU3MxQ21PMmg2NEYyMTlOOGg1aXB0Qy9lYVVZT1dOZXJ1U0gwV1pVVFdRS0xRWFFTMit3YTJ6CjJLU0xBOVhPV2tEMzBWNzZEMU8zWnlIbGZONGhUSmtCaFVpUng0c2RBb0dBVkdiYmpqcHJBelNpK21tdmU1aXcKbzdEK0hhTktGTGFIYUVpSnM5V2xMVnY0NW5ubVdHQmd2MWxOVFh1bTNHM0pVcllIMThuczZQRUh1YUJFem56OApXeWhHNmVaOHBoaEo1R08zV0IyUzVTSGZWdVJUMjhlUit0YjM4RXB4emEvS1dtWnRFbGI2aUY5MVo1ZkU2d0F1Cm9VMmROTDQ3Unk2QnNkYllPdWloZUgwQ2dZQSswcVlZNE4wSlhBbGxZTTdOMWlpSGJSMEdmQStlL2ZjYTBjbnkKN2tGamRudmdmTDcrdUw4d2lISmdEakFDbXNjNmNFL3h6d3VWdzd0bWVxK1lKVWhYMFZsNVJZSjJlUXRta3Z5SwpXanZSQ1ZlMmtJa1M3eFIrajdTMGxqanozR0VwZXZMMmdPUDg5eExHSTJONGVyS1RzSTJPQUVaQS9ldXpNRE85CkhPeWdNUUtCZ0JhVG02RXBVdU1UT255dmRlS3BrVFVTSUwvbWlFSnNZcyt0clQxMXZNZDZFMk42TlRSQXU5SnYKN0FQSFJQL0NpNUpXTTU3YnRRWURWREZsYzY2UzhnNVhBRDAxYVduYmNZYzQ3bm13bWxwZGlDQlZVRXlPbzVidwpyYzJnSHFheVZpaWFsbGFTT1FkRE53U3RNSEJPd1RndDNEV2hJeXVSdmQvSXdmaVE5UXBlCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-init-service-account
creationTimestamp: "2019-12-03T10:53:44Z"
name: istio.istio-init-service-account
namespace: istio-system
resourceVersion: "43675"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-init-service-account
uid: 2cc9c7d6-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPRENDQWlDZ0F3SUJBZ0lRZlhRMWFCRTFoSzF5MGkyU3ZyZjRWREFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME1sb1hEVEl3TURNdwpNakV3TlRNME1sb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKdnhEOS9HCm44bmZjRnN5Z3BtbXBRSFFPWUNKRy9KcmJ4cEhPWUVyQWN4dzlhYnZtTGtBK2dtdFVNdURrZnZqQUN2aHdyTmUKZWd5QnQ0bEpxUEFjUTBvb1JrWU1vb2tZMHU4R29KQjlpUE85U3VDQThINnR5c1JIWE0zV0RHQ3FBRkRJVjhWQgp5eW9qdkpEelA0ejNpK3BTRlpUK203QmNaai82TnZLSHpvZlpRR0hHcGl6TFpnVHg1MjNMRFZzR3Q1aFAycnZECldNYktrbSs3Y0ZsVHZjeG9RdUlLeUMvL0o1bkxuNm1tRERDSHpibm5kWDNWWmplbUFGYVVpMTZsQ0JvTE9hRFcKTGx4ZGNqNlR0MzNnOGpBVXZTMGwyOEFOTkEwMFBDOTBxZHFzcFZOanZSS1g5dndNNmlybjM0RFhWQkl3NUwwegpOb2owOW54a3NRUTZOMmtDQXdFQUFhT0JsVENCa2pBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1V3WURWUjBSQVFIL0JFa3cKUjRaRmMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2YVhOMAphVzh0YldsNFpYSXRjMlZ5ZG1salpTMWhZMk52ZFc1ME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVhSNFhhCkRkK3lsS3NkNENKRm14dys5TGlZdmh2bER1WVUxeUVBUFJNRU5KMFhXbnJRcWtqY1Bsd2pLSXlVeWtxVmgvdEUKenJCdkNDU1YxTXArZ1FCbFFBR056RmswblNhZVQ1L2JUR3JiZXcrK2lsY1cwbXR3ZXRWUStqVVRzU2I1RTFTNQo3RklncjNsOUcwV2dSK1R0b0hNcENYK3JWTkN3NUVtSHhvUGUwVDBpT0E5eXFVdmZtSmx0WmhzWXV6djNCQWJrCmZtaEM4d1lxRUJXb1VFUTloeDRleUVuUXl1bWNUN2pGd1UwNUdxcURaWmlaazVBV3dYbko0R1JvTkhUYlRSOWgKRVRBWDExbFpsVFVxUGROSVRDTTVORmpZa3hKQllobThBZGZVdkJyWHhRbFVKb3FWTXBiY0k1MzNCaUtrSU0vaQpKSzZJbXFEVDluYStJK2FiCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbS9FUDM4YWZ5ZDl3V3pLQ21hYWxBZEE1Z0lrYjhtdHZHa2M1Z1NzQnpIRDFwdStZCnVRRDZDYTFReTRPUisrTUFLK0hDczE1NkRJRzNpVW1vOEJ4RFNpaEdSZ3lpaVJqUzd3YWdrSDJJODcxSzRJRHcKZnEzS3hFZGN6ZFlNWUtvQVVNaFh4VUhMS2lPOGtQTS9qUGVMNmxJVmxQNmJzRnhtUC9vMjhvZk9oOWxBWWNhbQpMTXRtQlBIbmJjc05Xd2EzbUUvYXU4Tll4c3FTYjd0d1dWTzl6R2hDNGdySUwvOG5tY3VmcWFZTU1JZk51ZWQxCmZkVm1ONllBVnBTTFhxVUlHZ3M1b05ZdVhGMXlQcE8zZmVEeU1CUzlMU1hid0EwMERUUThMM1NwMnF5bFUyTzkKRXBmMi9BenFLdWZmZ05kVUVqRGt2VE0yaVBUMmZHU3hCRG8zYVFJREFRQUJBb0lCQUhpNTByRkt3MC8xSkxYbAp6OGdHaEg1MzV0eUV5VmNQSjI5dnJxdzZVR1VuR25jSHpQT0ZOdzRnMklrR0xoR1V0d0JDQW9yODNINHNPcHdWCm82MW9KQXdZUy9kVk5zdnVwUGFaNmRxUzVXRFZyazlLWTJXZlJIaGFTeFdyM2Q5RUhZUnM1YzUzMWtLa2NnckIKMXZSYWZUNkdGK0ZHajkra1dTQzBwSzkweGtiU2pCcXk2UTNUVnhmQS9TTjMybnNXVGxqaGtaVGxSYjVYR1NtRgpBTGE4OGJkU3J3QnBTVlk4QWQxRFpPeFRjRlpUVXhGTjN4b3ZwbExaY3ZrTGlKTlNLdUk3Vm42L1lKaEpKNUpqClBKdWxoT2RzWVp4S2tRQTFJeWpvcyt3amNac1o5a29XbWxaeUVreTdxOURoUVN0cStvOTRsL0JHSkNadVc2ajYKbk9JTU5RRUNnWUVBd3pZYjhBRUdOcHkvMlp1MjZHSXJoeFpsMUtTajZrSEVQc1Rqa1JIUHFoOE5XZ0ZHY2RwKwpNaTNwenJLZjk4MzZ5a0ErSEhidTdvL3hhK1hGdXhZakdWTlFWcjhaYzVqWkU2R2srV2pKSmtzd1ZCTGtCa3lVCjc1UlFIeDR6clcwc1VLdWJqZHJmRWlvdmkwV2RMZ0NtczBxc3ppRW5rSnZDR1o0MUxaYVFFTWtDZ1lFQXpJQngKZ3JUNERqeVF5VU5zZCtoSmxlc3BUSFdYd2JHV3A0cnhwM2RIa1VHbUxjQVZ2KzBmaEZ1Tm1wTVJhem40ZHBrZwpXTW9kNlVacXNBSHBtazVMMG9kaTEyaFlXYUNFVGdGUHJ5WGVlR1k4Um1LZ0xqVzNOYmFxVmtBVFR5eGNBQXpRCjc3dTc1YkxlblR0TFRIQkFCRzdyUlBNQzg5QWlJRDdhZUZSbjRhRUNnWUE2eXQ4Yko1UFJldUFsRDhyRXJseGgKc1JNMk9lZk1NOGFCQ1Jkb3A2NmRsQUNYYk83a2QyT3VoVGwzc1VDUWg0N1N2d3AxMURRZDBXaHFrS2MrczJvYQp4SWJidVc1VzdGL2trN2gyRFdNWGoybWN5SnU0Y2ZRaE84L3RyMUR0R0laU1BYejUra05ZMnkrNmlGclFjZzNDCnplakJwQ2FnWE9qV2dsbU53MXpjVVFLQmdRQ2h3VjhIb2hrck9hRFVjVzVVa2ZuU2lZWExJcUI4NXZsaFlMZXcKWE5yUS9IcHphYUpLZzBjUXJGSWZXQURKTGJ0b0k4ckFNRzdrVzN4NzU2ZGRGRjFKRXltTmRNMmRaeWYvZzI0QgovaFF3YTcxMWR3RjRTNmkwNWQxcUI1aStZVG9NR0JjVDZRekFyWEVFTVNob044bUxPQ2tFQ3F2bEtsWXo1ME5yCk5taE13UUtCZ1FDWXdxdlF1YzJnRjk1K3NlWkk4OU80YkszRHdkbldOMklhUmJPZ0tTcXltWE80bll2ZjNoRHQKSkF6R0VSQnlwODFRb1RnTWU3ekZTaS9lNERWaFEzaXVHVjV0OUVCcG12ZFc3Y09iemdkS3U1b0xwam9MeWdlcwpSM2xyck9XeDM1dUpkVEhLNTl5bjhDWUVDdmxPZUtsRmJIbVdNc2ZoSjNXRllDWUxobERQRmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-mixer-service-account
creationTimestamp: "2019-12-03T10:53:42Z"
name: istio.istio-mixer-service-account
namespace: istio-system
resourceVersion: "43669"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-mixer-service-account
uid: 2bfe8e6d-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lSQUxDNkdMSXNhZThLa0Z3Ry9UV1BCTVV3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5ERmFGdzB5TURBegpNREl4TURVek5ERmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzN1V3laCjU1ZmRYSkNhVFlLd3N2ZDZ2MUREaEhxRlFnVzZ5Y1owMXBwb3RvU3ZZVmhxWXRzdTBpd3B5TnJUeHNidGU1d2oKZEdEVXMzRVlGaENpdnRSOFJaRlo5L291WXZ0ZEkzZzQxUy9SVjkyQ1dyek1FaGNlcytPTHpOWDdwQi9qM3h5VApuMVpDMVBvQ2ZMNHB0NXR5TFFqZnlnL1FKSzVjdVA0N0hsZTZGYjZNL0x1UlJvUjV5OHNFa2RPQmV4NkpRZkVZCmxQclMwdzRaVGh4YlZtNTdybWVuaEUwY1BVcUcxTTNGc1NXekpxa0hsakV1WlcrdTZGY3JVVmUycm1ZR01DNTkKalk4UmRhNVNOSG92TTFHMXZZdktKSnRoUFVLdkcyVzN4YUVzSGVIanhlTGlTaFgvZVFtdVJTNExyMjJ3RkxNQwpIQVBtenUzTDRiRXdYcThGQWdNQkFBR2pnWVV3Z1lJd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1FTUdBMVVkRVFFQi93UTUKTURlR05YTndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFcxMWJIUnBNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJvemRGdEJUdDdqRlZJT1k3cXNFc0pHUXgzCkc2Sm1xWEhiN21IMFArVnVYZ2RtZXdWbWNpVCs0SktTOWZ4YjN4b0VNMHpsY3lGS1BqTTZ6UHFTcld4T2JzSkgKVVJnbFFsejdWOFpxRzJzNGpuKyt5MU1CcHpNcHF0TG5MZVlkUnhJRVVVNEFPN05KbjRDdXB2Q29TVFlRNE1qSAp2K0lWT2FUa05IYk5TdUlYdGhYcDN5Nit5azB6ckZhOHlPdWRPbFY2TzdpcFJWalF4RlVqSGZsRjdnQXh5MnozClBmTVNkeVh4bUdDeE81T2xZcU1FWTdMQ1pWZnRyRFprSUhsOE8zSC9sRitCaGk3c0lRRm9JWTZMQnNlSk9vZmEKMDBWczFRNWdvQitocXN1bDljZ01VUXRUeWdKZE9HbStiUUV0QXNyUWVPcDlKU0RtbXdVV084SjBHK1RXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdDdsc21lZVgzVnlRbWsyQ3NMTDNlcjlRdzRSNmhVSUZ1c25HZE5hYWFMYUVyMkZZCmFtTGJMdElzS2NqYTA4Ykc3WHVjSTNSZzFMTnhHQllRb3I3VWZFV1JXZmY2TG1MN1hTTjRPTlV2MFZmZGdscTgKekJJWEhyUGppOHpWKzZRZjQ5OGNrNTlXUXRUNkFueStLYmViY2kwSTM4b1AwQ1N1WExqK094NVh1aFcralB5NwprVWFFZWN2TEJKSFRnWHNlaVVIeEdKVDYwdE1PR1U0Y1cxWnVlNjVucDRSTkhEMUtodFROeGJFbHN5YXBCNVl4CkxtVnZydWhYSzFGWHRxNW1CakF1ZlkyUEVYV3VValI2THpOUnRiMkx5aVNiWVQxQ3J4dGx0OFdoTEIzaDQ4WGkKNGtvVi8za0pya1V1QzY5dHNCU3pBaHdENXM3dHkrR3hNRjZ2QlFJREFRQUJBb0lCQUZRRnhSa054WEpESnc2cQpiQjZMZW9yMGUrY3U2eW1PYkRoa2x4SlFJd1hJa3gzeUV4RjBiSEVaUllGR2ptMVQ5eDRjN2VkNURkKzR3UHdXCit6eXlzVkswTGlsTE0ydUxjUkhEYXZQeTY0OTk4NXZ1QzNINHhBSVNtdm9Rajd3cDd6dXppY29wa0xXMzJTN1MKQmRYbVZuejlBNVgxUHc0ZCtIQUhXcDJHM3ZBR3cwbGQxMXJGQm0zODdLMEI1MjR4Q3paVzRZOXd3a3RHdklXVQpNN0U4ZE1vSmJlUURGMXRFc2N5eEdWYXBabjdraE1QeU8rall6NGI0UjlHbTBzV2pQcVhjT3owTjJYQzdsZUMzCitqMS8zSkxvMjFnQWcxL1htOEZkaHgyWG5jYlEvOFdSVjVOcHFSeVpDS2M5SWRHR0VBWUYyblN3YTlmVXlnMXAKbThhY2V3RUNnWUVBNEJrWms1T0hPdjJ0TkE4R2s0Tmd2Yzk1UzdMeU9QQ0swN0V6eEdQTDN2SEM1eXBJTUU4WQpEelNFeVFHUUJJa2I2cFRET2JJWkRZUzJvYUE1dlo3NkpEWDNzTFQ2WjVwKzJRdmNCSGpDOVlIVzhyS1R6VTZCClVFc2xXSkt0R1dFN2taMERNS3hFZStRUlVBdHh3M25FajM5NThTeUxITEFQMVZYb0I1dkZBQlVDZ1lFQTBlRDMKblhJdDFlRFBWbmtPMmNUNWlIY1RURVkzMXUzc2RrdXIxNm9Ob3FabEQvaUhXWWJtdkFLVWtpVFQ2QURZM1pwdQpITHZGYlhteXd2UXBicnVsVXc2dkxBUGdXS1A4Tlh0QWFwaXB2WEtNTFhiYWlmSFhmTWtVU0pEVVlFK1htemFGCnhSQlR1NzJSdEJsVWFrWWoxNkVnOUQyS1ZzTGFSbVR1QUg2eXZ6RUNnWUVBc3lMZFV4N0hKdHpKcTZlbk5odjcKSlQvSVVqN0ZhY2ErOHVIZjQ4bHltdERmWURKb2FsV1BnZmdWZlNpR20xbU91MElYblBORkc0MVBBSHc0SzkvOQpUUnptMXBhVTVHU1hxYURWUzYzTkNydXp1MllNeUQxTkdZWTRZRWsvbmQ0ZjVCS0REbEZtblRKK3RHR3htdlNuCnI1M1RPSHJHNlRQRU5HRHJqY2x5L05FQ2dZQmZJMmViaTRLVGpWRHZsZmpSWnFUbTQzTndBL1NVRFU0L1laWUkKTVNIMU5SQmk2UG9SNzBEd3dRcXdKTm1hTmFnWTdFUTE2amhZbys0UXliVnVhTWxNbVQ5MjZGcnVVNGVraHJadwptN3QyRVZMUjJTcS9sVTFsVjVGR1E4REIxOUtWbldXT0t4U0o2aWorUnUwcEw1cFh5TWF6Y0tJaEtqcmY1aWl0Ck9NRzJRUUtCZ0ZhVExUekxsRGRvSERqVFI5ZlFmU2JzU2dZZ2tpWndqS0dlb2o4SHBWVndKVmxsYXE4eTNzQ0YKRGtiQk1oUW5aYzFwOTVrTEphWDl3b1crZVc1VkYxUjhGc280TVc3Y2w0YTZCMUR4T2xyV1c1YUZZdGFWejVqZwprT3A1SnZSVUQzaGNlZ214d2dOQXJaOUpNKzdLT1NNcEVEb0NlQVhoUG9RZHJvWnR3ck1nCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-multi
creationTimestamp: "2019-12-03T10:53:41Z"
name: istio.istio-multi
namespace: istio-system
resourceVersion: "43665"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-multi
uid: 2b113d09-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWp1Z0F3SUJBZ0lSQUpQVHhOUzhFaUNsWVpKaTlLMkVvMHd3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek5ESmFGdzB5TURBegpNREl4TURVek5ESmFNQUF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzRPbE1hCi9PU2dSMVozN1NyS1pmNzd3TkxrQUJXWXYwcXlmYlpTbk9oak1aWHhMc2xZK3E4YUlibXMyc2tBZ3FiUzF0aVcKaXZ4ajZlTkFtTHJWNHdoWWdLb3ZUSG53K3NTL1VLSjg4My9qWTlHNTJBTmxyRUhyTWFCWWNLb2k3cWJ5eWUzTApkb0ZVRTVoZkY2S0t3ZE1zZnVGb2ZHWFdpZU56TDFEeGxSNzdsOFgrOUo4Q2dwQTFZR1dhR05nSWRGeVQ2UE1LCnpRNURsQThpc2MwQ0xXUjhIMUNkandsM2UvWWtiVU5sUnFUbjRDVUwzZEZpK0tmcWN6dW52cGtpM2ovN1gxRmwKaGFtTU9yQXNYUHBXUUkrNEZudTJmdTZ2ekFod0JUTUZBQWpOdmRhVk9vZDBQOHppelc3anZXRFlUVVM4VWwvVwpGQTJMbWFzNUhWSm9WR3FUQWdNQkFBR2pnYTh3Z2F3d0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1HMEdBMVVkRVFFQi93UmoKTUdHR1JYTndhV1ptWlRvdkwyTnNkWE4wWlhJdWJHOWpZV3d2Ym5NdmFYTjBhVzh0YzNsemRHVnRMM05oTDJsegpkR2x2TFhCcGJHOTBMWE5sY25acFkyVXRZV05qYjNWdWRJSVlhWE4wYVc4dGNHbHNiM1F1YVhOMGFXOHRjM2x6CmRHVnRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJmZUVhQjc4UldaVjBKdGhpKzQveDl4Mk4wdVlTVUZ1QVgKSTBJNkFkN1ptZUxGOUJEMHNtMysxNnNSMEJwNERPaEVDLzRWcmh5YmJ4YnIxYm91bEVPS3NhcHpBaTVlM09Jcgp4RnA1Ti9wUUh3QVpwejduVXJvN3MyeVVza1NDZy9lNEJIYmR5MUQ4MHdPOTFWdExZTkJmdTZuQ1lQa3FZOUllCk9CUEdueFFiY0szWUdHUERuOHBXcWJ1MVJGOEV5V2xOK3ptZkpwZEtxWmxJTE9acFFTNDk0YzhYaHJmaGlmRDAKc3NXdWY3NzBiY0FMaGV0bld1cmJEUWlwd0JKVzZYaGxsWHRXWkw5OWtDemtOZktyTyt6ZlAwLzFsTWNIL0V6SQpwTGMyVEF3c3lyOWR0TFh1by9IOFRHdzdCcTZtTmdLOGFDeXhSaDIxUi8zVmZWYVM3WFR4Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdURwVEd2emtvRWRXZCswcXltWCsrOERTNUFBVm1MOUtzbjIyVXB6b1l6R1Y4UzdKCldQcXZHaUc1ck5ySkFJS20wdGJZbG9yOFkrbmpRSmk2MWVNSVdJQ3FMMHg1OFByRXYxQ2lmUE4vNDJQUnVkZ0QKWmF4QjZ6R2dXSENxSXU2bThzbnR5M2FCVkJPWVh4ZWlpc0hUTEg3aGFIeGwxb25qY3k5UThaVWUrNWZGL3ZTZgpBb0tRTldCbG1oallDSFJjaytqekNzME9RNVFQSXJITkFpMWtmQjlRblk4SmQzdjJKRzFEWlVhazUrQWxDOTNSCll2aW42bk03cDc2Wkl0NC8rMTlSWllXcGpEcXdMRno2VmtDUHVCWjd0bjd1cjh3SWNBVXpCUUFJemIzV2xUcUgKZEQvTTRzMXU0NzFnMkUxRXZGSmYxaFFOaTVtck9SMVNhRlJxa3dJREFRQUJBb0lCQUhXTmNkMzBwSVhKUDFtQwowaDBYL0IzMEtoMG1HS0hBM2c4S3ZEMzJ0U29tUjhELzA2YWRQd0h6cHlDdThqY0xKeHU5ejdJdnVXQ2ZxMHhhCnFFMDJjdXJXSHNIVGtMTzlyN0ZMNklMR2RVSkpQVmZTaUVobUpDSEpKc0dJRW1mNzFEZHp0Zkp3Q1pIMmR2R20KaVNiMUNxU0h5Wmo4VjVjUG9UeXNZbi9rWVVLenZYVkxxNXFJWkhCMWErbTczRXVNZlkvTTNudGIxTUg1RHFTbQpUMzQ0MnRTb3JsZ29xTFRjREFGR3FqaG9JVXlYS0NjZnRESEw4YkR5TmtYblVXVFBCZ2NMaXVqNU1wMngzK25iCjhxejBZMENkSlRycmdpNzJLVm5saEgvRE5NVlV1NXlyL01CSEZML1Ywcm9QK1ZVYTQySmp5d0NiWTI1VjF6bm4KUVN5MmhzRUNnWUVBeG9WQWhkUkgzdnFKcmk0ZWVjdHJMQVlkaW9mQkM3ZEM5QWJ3SWl1R21pR3h2V1pncnRmRwpicXdiQ0dpR2dVRVY2USttVkdBcWR0cUtwTFJ5Q04zZ1FxVkdXSjdzalU1bkNjSnVPSExsYzVXVFN4WnQvcyt1CnZXbWdxcWZSNTgvNVZSNVNNMXpmT2NRWHpndEtzVkZBSnhzdnZ6c1FLckdsRm8rNkh5UVQySEVDZ1lFQTdaR3IKWUI1TTZyNm5TR1B2ZFg0VXVuLytVODZEbmNYV2kxdmgzZkNScHROUzJvRW1mUVRXQjh4eFFqUlZneHdrTlIxbwo2MjBhV1h3ZUV2MG9XZnNjdEJoWUE1VnFTQVRYcE5MaWttQ3Z1VU1kVXlDTGxnRksweWtTeEpnbGw0U0N2V3k1CkxxTUE1YjcyS1JlYnF5QWhlVWJVL3E2d0tpV3NnWGNqR1VrNWxVTUNnWUFXR1BrUXJJdC9mNFhaMUpwaDFrbk0Kc2JXU0dRQmRESDR3YWFGTFBHc1VOeEh3MGplSzNzdmd2OW1XZXdRVjJTZldOSDdBUDZBYWNNTWtDRTMxUExWYwoxY2JaMEg3bVQ4YmFhRUVhbVhkL0FUUlBGR1VVQ3d3WlcydWQ4MlpERm54YmhDK0VOaDlHNzlQeWhJRkE4WmxoCmdQNDBuQjkxa1NhZU4wdHhjZk9ma1FLQmdHRW4rOEE1WkJkMGxSRWozYUJkU2JqajgyenV2aURkOGRuWVg4elcKUDVyTVBjd2ltVXp6bDF4bEhjU0hocGt4L3hUQnpGRExzOFQ0MzR2QWdLb2I2aWMwOVhteHQxOXdxNGc2dm5KQwpuRnJWdWI1dlJ1YTM3SlBpN2t2OE5STjhHOFBBSFJPWGtoeGpObVNqeFFQOUJmT0ZKa0pweXAzUi9uU0w5b3kyCng1ZmxBb0dCQUw2MzQ1dXRGVjBaVlJEQ08xaUsrL2o5eEgwalRhdGE1dFNmVG40a1Fha2tLUWJ3bDBPeVhDeTAKaEhkQnlYRFp1V2VsZS9KN3RxMnhINHJySFF0NmZySExKY2g3TGxGcklvK0ZVVThnUWlnWStRbyt5ZFE3RzNOcApVdG9QVVpTbUF2cVd0VS82RlNMdUN3Mmw4Y3Z6UldyV1krenhWUU5XNzVPRkhhcXU4MXpKCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-pilot-service-account
creationTimestamp: "2019-12-03T10:53:42Z"
name: istio.istio-pilot-service-account
namespace: istio-system
resourceVersion: "43668"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-pilot-service-account
uid: 2bbea611-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lRSnp2N2Mrbm0yUnZYeE0yWGV3ZGlqakFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNME9Gb1hEVEl3TURNdwpNakV3TlRNME9Gb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMSzVJM1FEClVNaGp0VlMzSXF2ak44dUNPZjZHUFd2VkFaTmQxdW9sVUtoeS8vL1dvOVRwQnY4aG9YNzBIcnpNbm9xVDkyTDgKY3QvSjVBTjBHUVVMTldsQWxiakVXS2hQK25uT1ZXQXRIWmxIVC9HWENxQlNxSmlTd25ZT0dteEhPSDMyb082aAoxdW0xRzZJQzNQQ0pBUXM0Wm9KY0w1YVIvVERxWittcFlCWUVNNzUzd3ovQnAwRHMrMWlPaXpkeWhNdnpPMDd3CkZjaUtoZ3lHY2NUMEJuQjZoeklrZVB6emlOaVA0RjlXOG1QQm1uRUszK0RnMytGUmo0VmxXZ0tXazhwVW9MSWkKdkZEUUxVUXBkOFZFQ2x1NndPcHZTV0VsUUJ5NTdJdnpGV3JJWGpqRzdSdURPUEtUc3daRytidnhTYU5Fb29yWgpCNkJhZVdwUEQ1Rk5RV0VDQXdFQUFhT0JuVENCbWpBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd1d3WURWUjBSQVFIL0JGRXcKVDRaTmMzQnBabVpsT2k4dlkyeDFjM1JsY2k1c2IyTmhiQzl1Y3k5cGMzUnBieTF6ZVhOMFpXMHZjMkV2YVhOMAphVzh0YzJWamRYSnBkSGt0Y0c5emRDMXBibk4wWVd4c0xXRmpZMjkxYm5Rd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBR3ExTjYweUVjOVpRdTQxNXp2MWp3Ti9pMFJBLzAxaGRoeHBMQnUvanBIRXVhTUd1MmJzWktHN1Y0cUIKOHZYNWZZU3kyNG9nRUgxUlVUTVR4YUFHVU1QRGpNL2w2bGdIMGJzcWFKaHNYQUZGMmRaY0JCRjI0U2wrRUlpWQpmRG8yTVg1ck5QV1ZkTjkzNlBiL1NsVy9nRGc1M01zc3U3b3VidVV4YTJldWthYTdoZ2d6dEIzb3NSV3JFU0tpCmVPK3laemZuS2t5cmJJQ1pDd28vbXhiSHVuN2NFSkhVdnNKemZ4Q3EzUzJlZnRxS1pTSkxId1RvSEppcHVyNG4KV251MTJWYitSaXZNV3Z0emQyTUl4bk93eHJ0MTVRTStNSG5ZNWh4bW9iakh5NkFYbDVSNUlRd3ZiOVJQdzFYYwpWY2k4YTBJejNWR2JHRWJ1UGFHZHgxWnFnaGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBc3JramRBTlF5R08xVkxjaXErTTN5NEk1L29ZOWE5VUJrMTNXNmlWUXFITC8vOWFqCjFPa0cveUdoZnZRZXZNeWVpcFAzWXZ4eTM4bmtBM1FaQlFzMWFVQ1Z1TVJZcUUvNmVjNVZZQzBkbVVkUDhaY0sKb0ZLb21KTENkZzRhYkVjNGZmYWc3cUhXNmJVYm9nTGM4SWtCQ3pobWdsd3ZscEg5TU9wbjZhbGdGZ1F6dm5mRApQOEduUU96N1dJNkxOM0tFeS9NN1R2QVZ5SXFHRElaeHhQUUdjSHFITWlSNC9QT0kySS9nWDFieVk4R2FjUXJmCjRPRGY0VkdQaFdWYUFwYVR5bFNnc2lLOFVOQXRSQ2wzeFVRS1c3ckE2bTlKWVNWQUhMbnNpL01WYXNoZU9NYnQKRzRNNDhwT3pCa2I1dS9GSm8wU2lpdGtIb0ZwNWFrOFBrVTFCWVFJREFRQUJBb0lCQUZzNUNuS051cTc5emJGVwo1SmlObW80Q2cyMTV3V0lIMEEwVENiNXJtM2JQZEFGMjRocXJjb25JOWJCaUZFcFR1dHlLMSt1clpVcjZ0cXBZCm1PaXRKdTc1S3pLcTdZSERpTnFoU1l5VW1wWUJBem9SMlRlcDJTby9Sb2lSZkVVbU9SeDZSUHhvbU5TalAxNTcKVGFCc25aN0hnL01uOEpaUEg4Zlc3WUVqbGNyR01aREljR1J2SFNhZ2IrUWcwOGR6Q3dOaWlGMHZWcjNuTTM3dworaTczSWJpcEtEQzA0SmZrZHo5VjBsalZtZ3pNK3ZWQ2NuWXhOQ2txalhqbDhhTVFVeW11QjZ4UTdNczBhNVFpCk9DRVhBM3oyL2NlNS9tT3cxTVEyZEVZMXZWTjZHdEJJZE41bjVRRGdPaXdaQWtlUDZGZkQyMnE1N3dSMkNkdFoKK2ZFdVlwRUNnWUVBeVpFMzFwWE1wc0ZRbmg1dlY1UFFRMzFaNDZTdGxIbUhhcVA3ZkNqd0R5M29OUlFtamZBSgpBWER2cXRWR1VIaU5TcGlmeGJpQ2JCaXhmMTZ5a0h2bU5TTkxOeHVXMzBGYkFSMXRlSjhUQUhLd0xsSGVpSnRVCkVpaVVTTFFaVEhtRFRwbER6UHNWcWIzNURzT0pRWXdOWmVTV3k1VjN3b3RsWEVRWVprd2ZxaVVDZ1lFQTR2eXAKTHFvSmo2Qm9NSmNyUld3d2RaYkZKbW1oOGpBMWxVWCtYWTkwWENpWkovRk9PZTU0MjZwcHN3a2MwU0oxYXUxdQpMRlFobTd5eVNhRVkxK1FHYVJkVDJhKzBiR3BFTWV6UmNEWkc2L3pBY0t3a3ZPY1pKdjh1VW9wWlRYSFFUQlliCncxdTF0V2M5K3B0YWhyaXhpcGNPMnUwTERhUC92YzR1dVFxMDc0MENnWUJFbTZRNDZ3WWNvR0l6WDhLZ09aVEMKMUJEYmxqcnE5YTZ0RXFIUDhoTTc1M0ZKVjlHRHNIY3dRV09pYnpPZXdsbTlVVlBZdGVQV3JWVUZPSk5vOEhNOApGUVpOL0pzTzVLejRKUzhVeG5odVI1dEdPT0dZOTkzV3pHOGtqQUNzY2hQS2xncG80L0hNcy9mcEdZOUhlMGM0CkxtVlJhRSs2TFQ1VCtHMmhyRGwrN1FLQmdFTFQvbjkxb25EOTJnOE1Rcm9pdXpXem1RSFJNZFBiSzd0eUt3eWkKc3JCN1ozUWlFRlR3Qi9jc2VnZ3pFNS9qRkV6UjhKRHVpQ0tROExESzFFU2pwdHVEK2JUcWpTVXFPRCsycUlidwpBL3R3bzd2SWd0eDI4YW5Ra1hQTnRiTWVZaVEwa2lIM08wMVlReUFvWXdPdEZ1Qmx6d0xYclZ4cnYxekRlbkFTClhlajFBb0dBWmEyNmVWckxrN0pCUFpjbldUblVJQ2tBVGc5dzkzUkpjaXRZcjl2MEtxMk9ObFRMYTJtbjBLeVMKSzduY3MwNlc2clUzeDNNQlVSWjZ1TDczTnhHYW5mV1JNWUp1UE5NditRYjlzWVpEcGlRdDdMa2o3emxMdk5mYwozMzNNYmtkRnlkeFhYdUp6SlFUSzFJY01zL291MmtvVjFsVFkvQ0NGMjB1ZEhtdlU2Y1k9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-security-post-install-account
creationTimestamp: "2019-12-03T10:53:48Z"
name: istio.istio-security-post-install-account
namespace: istio-system
resourceVersion: "43722"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-security-post-install-account
uid: 2f7f76bb-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
- apiVersion: v1
data:
cert-chain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsRENDQW55Z0F3SUJBZ0lRWWNqQmM2UEFZajdqcHU2WXhGbmxPekFOQmdrcWhraUc5dzBCQVFzRkFEQVkKTVJZd0ZBWURWUVFLRXcxamJIVnpkR1Z5TG14dlkyRnNNQjRYRFRFNU1USXdNekV3TlRNek9Gb1hEVEl3TURNdwpNakV3TlRNek9Gb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMb0JyOGtFCnFIRGxzTFl5ZEVDeDBVcEpaR1hKbFVwVjhqOTdneHpYQTlEQkV2K05uWjBQaEpMZHkzMGJIK3N5T1dEUHpsSEYKR1NUS0tNUUQ2d0dNMitBclpBU1NWNVp0WnMxb2JocmdPWW9PZXJjUlBvSng2Ym9xMlplS0RpeWdUQkp4c0hreQp6WmVwU3FLNFRtNUttUVV4aVArQTBxSm51blVlaTZsQ0FCczgvdStFeGxmZ3BHRlc5cHJEQmg3Tjl2ekZ6K0lxCnAxWndSMDRqSmtCNXkrUzg0alkwWVZZdDYzMENtZXAzczRvL0Rxek1leGRpdkdtMTcxcWNRSHE3UUxETURuY1MKQi9nbUpjSnNwQTZ3WHZSSlM5TFdBVnBFeTA1a2hJRGhZZWVkUFBhZ3VIbk5sTi9zRG1KODQxN3dhYU9xd1J3VwpvZTZpVmZtd2N5N21zSDhDQXdFQUFhT0I4VENCN2pBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3CkZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd2dhNEdBMVVkRVFFQi93U0IKb3pDQm9JWlFjM0JwWm1abE9pOHZZMngxYzNSbGNpNXNiMk5oYkM5dWN5OXBjM1JwYnkxemVYTjBaVzB2YzJFdgphWE4wYVc4dGMybGtaV05oY2kxcGJtcGxZM1J2Y2kxelpYSjJhV05sTFdGalkyOTFiblNDSjJsemRHbHZMWE5wClpHVmpZWEl0YVc1cVpXTjBiM0l1YVhOMGFXOHRjM2x6ZEdWdExuTjJZNElqYVhOMGFXOHRjMmxrWldOaGNpMXAKYm1wbFkzUnZjaTVwYzNScGJ5MXplWE4wWlcwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFILzJLbTlVRndlSQo5eFZmaDZKbDdxeGJ4MTdQdXBCYTg4Nml1eHpBY3ZmVUhRZTFvTWpaRmpaK2RwR3Z5ZHNaWWhSdWdQSmFZTlFNCkp3MHdZNlU0LzN6bzFLYk9VQXBYRG5CL1RKRDdwM3djYTB5eXRKNXJzb0l6ZS91elhCbzA3ZUZOKzdWYTNSOEgKWGVCUStrenppc05WV0VRdk9td25PdTNwTkxNZFNNQkxqU09KOW1NaURIak9Sd2lRVXp3aXVScytTNFM2enlHWgpEZVRncWV6NnVMZ0FNbENWTWx0NDZ0Nmg0VVhUREdVYlF1MXpiYWx0OE1lS29DNkJ0RU9XMVpXQUpFc2t1aDN6CnJ1MHZhRU1hZ2ExcjZ1L283QkIvWndzTTBrOFdscTNyL3FEdVNoZjcxSm5JS0Yvdkhjd0RzMXBtcG1LVGZBRkUKN1E0dFhZRlY2Tm89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdWdHdnlRU29jT1d3dGpKMFFMSFJTa2xrWmNtVlNsWHlQM3VESE5jRDBNRVMvNDJkCm5RK0VrdDNMZlJzZjZ6STVZTS9PVWNVWkpNb294QVByQVl6YjRDdGtCSkpYbG0xbXpXaHVHdUE1aWc1NnR4RSsKZ25IcHVpclpsNG9PTEtCTUVuR3dlVExObDZsS29yaE9ia3FaQlRHSS80RFNvbWU2ZFI2THFVSUFHenorNzRURwpWK0NrWVZiMm1zTUdIczMyL01YUDRpcW5WbkJIVGlNbVFIbkw1THppTmpSaFZpM3JmUUtaNm5lemlqOE9yTXg3CkYySzhhYlh2V3B4QWVydEFzTXdPZHhJSCtDWWx3bXlrRHJCZTlFbEwwdFlCV2tUTFRtU0VnT0ZoNTUwODlxQzQKZWMyVTMrd09ZbnpqWHZCcG82ckJIQmFoN3FKVitiQnpMdWF3ZndJREFRQUJBb0lCQVFDY2k5RGJXTzArMzBHRApoaUVyVmJ5MFRlS09mRU1HWmlGVTVtbXB1eGk5OTlFNmZZQ2FjRFgrdVdhS3EycUlzeU54WkZQYnBBdU9XQXBKCk5wYnlIZy9yc2ZraWs5dmRnY1BVdXNCNEpDQ3BIWmlRUEpZa2lTVFNCMEJNZHVlSkRYd1l4ZEJsb0tsQnJEeGgKaU1hUnNuem96eERqSVJPbGxiRnE0c05lTjJzSmdESnppSUdxcnRlS1JTMy90cXNkVUpaeERhb0x1UEpYa2ZBdwpqWjNLQkp0RWZscDdnb2d0S0lwMEw2VG9BOElGVFNTbmFrM1JIUEh4YjZVNjR5VTBDd3Y1RFRyUW5rRjJPMi9JCllLZjJ6WFUrWWNORWZJaEtUYmdEUTZZTk96QXZnTjI5WllrVUZ6UkxtaHZwNk1tZ3M1MytDMW0zZW1LbVBSU0wKN3MyQjFWL0JBb0dCQU1ZWk1VY054ODRQQXI2TjdtMXBWVzlVV3RGbEFsdnhiOWdBU0NMNHczWEFjMWlSM2pWYwpxRUo3a2tOVEk1UHhUc0NCb21XZ0tnRG51TUxPc0FidU1XT0VlMkFUMlg4UGpwNGh3cVBwaVlWTWRJeERkK2hwCkVNUVQ0WnduZ3h5dDM0VitjbjJiNEdkL3VmNUF1UlNlcURVcHU2WDhTdHptTUNPN1N2RGdaYVdoQW9HQkFQQmYKdDlBelJmM0lDSmVvSEhqeHBGaEtYSkJZTUlPU0JWNmR5eUR5OFJnUExpNlZ3T3NkTCtqTkw4Z3lubUVlU3FxOQp4MHdqWkVEdDZqbWpIM05Mak1pRHBSVno4cDloSkFwVHpvbzNpTEtrUDNqTlkrQjdTVkl2Z2lkOVp2UE0wYUxRCmdOQ2lUWldmOUxCU1QwQzlOQ2Z2NVViY0pOcW5aZGVWMFlBck1HSWZBb0dBSHlZYzhvQS9ONjV5andZQVJLSDQKZGgzOGZjcDFPWUhZUlUyZUNpbTFpbEZ0a2JLMkR3djN4U1JyRmp6L2JpYldiRHkyRFdiRzFBZWJyTDRWUGJHOApnRnAzajk3dkp5U0tGMkZWbXJLQkZqMjBZYzNHRC94ZFQ0ZVV4Um9OYXJnSVdwUk1hbVhWUGxEK0xQVitaTGloCjJHSXNpR2dJV1gyMGVobmNLYzRQRGFFQ2dZQTBJeDdVaXZxSWRFWGcxemJ0eU1QejNwVTdQZFd3QkJFa0Y2ZkMKaXM5ZWY1UnR5RStpNzU2L3FSblBHNk9jdnh4RThvcnk2YzVLQXhERjFhcnhzQlptTzUrb0NwRTZuckJaaVJvSQpnc2trcmxtU0UwS3hveXdoSm1yZHMrYUx4UVpIZ1dBZllNVGhTbU9oaHdqbnF1SlFNMG1RMkJrcVVCclg2d2dZCis4VXYwd0tCZ0dtMzZ6ZGFseWxRa001WUJaZCsyVkxEbVB1ZU0zUGtjcDN4SHFsb21OL2JoR1RCUkk3RXRad3AKN2VXdHo5aVdDcUNhVVN5cHFicm9GUHZTektxdk15bCtxNmRxUFpkSlVXUHd2aTI0TDU5UkVTZlpWbVBSTzBtYgpYeE9XV0taVHZIb1o0MkQ1N01nZE03WVpVMEpjbnpuN0Zyb1JkZ1NOQldweDJjaU1JR2dxCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
root-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lSQUpodGJJQmJhT243OFdLNE9HdithZVl3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweE9URXlNRE14TURVek16ZGFGdzB5T1RFeApNekF4TURVek16ZGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2dXckJwKzVYS3pJTXRtUlk2Z0VyWHlhMEhJK3JycUFWUVNnR0kKbHNaUzdTZXc5SXJuMHZvc2lBM2NXK3pqdWIxODRFOXB6MUREZ1lYNS9Bdm1ocGtXME9zR1BlVG93OXhqTm9nWgpUNlBSNFZoVkZ5K3NQTStEcXFKTGNaL0VRYzZPcVVuMi9TR1piNEh4ZDc1dWZ2R05HVDdOVU8xU3ErWVF0NW9uCnRrQTZQL2xiVVBRN3ZiZmdqZHE5TXFYaHcyY0FUODY5MFZyNWp6V3lnWkh3UDB2WkNzNWtWTEFuSzFNOHB5NDAKZ3l0NUJOYUREYmlESE1DRytPbldCQjI3c0xySy9lSTVtY0phMFdWWVlMNWxLbEdvRUJHOFFyRk5KakQ5T0IwagpKaU9WUUh3MStQMGFkV1BZTnZsRkk3SElJcEdZT0lrRGJNaUxsR2VNdStXTDFIK3pBZ01CQUFHakl6QWhNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFCK2tYSXU3QTBOcHJSK2d1SE5sS2ZUdXNBeGdoWE01RWxDYytPRU1MTXZtU2hIUE9ZamtzUlE3aEFkYVdVagpqcGJlb1kxeUwrL3NhbjRhbndXUmlpZi9jbisydjBhWVdrdHNzYlZ6dFBVV3VFd3ZvY1RWaHU5NHBhRklCVE5rCmV0bFNjK3lLMjF6NlN4NXBxa3NrL09uRC9CaHRreml6RGN4eURyMnFlWFFaMGx6NXVadlB0MERkdTNlUEx0WFMKQ1B5c3doU2YvdEJwTnV4eW9iOFlscm4xUWg1NUVERDRuV1VoY3VYMXNWZDcyTTB6em9ESTUyM2tPb0liWktiRQpVbEtDcHU0eW1MbStKdktyMWZyODlocUFaTkZVSlhLaXVBaTNQMjU1VERMSVk0c1VzazBOLzFoU1daQ3BqMlVUCjBUMkJZQlVUS2NpMFB1VUpIeVM3eUdNNAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
istio.io/service-account.name: istio-sidecar-injector-service-account
creationTimestamp: "2019-12-03T10:53:38Z"
name: istio.istio-sidecar-injector-service-account
namespace: istio-system
resourceVersion: "43652"
selfLink: /api/v1/namespaces/istio-system/secrets/istio.istio-sidecar-injector-service-account
uid: 298457ce-15bb-11ea-b5af-027e0b84da98
type: istio.io/key-and-cert
kind: List
metadata:
resourceVersion: ""
selfLink: ""
-------
resource: serviceaccounts
-------
apiVersion: v1
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app":"cluster-local-gateway","chart":"gateways","heritage":"Tiller","release":"RELEASE-NAME"},"name":"cluster-local-gateway-service-account","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:22Z"
labels:
app: cluster-local-gateway
chart: gateways
heritage: Tiller
release: RELEASE-NAME
name: cluster-local-gateway-service-account
namespace: istio-system
resourceVersion: "43419"
selfLink: /api/v1/namespaces/istio-system/serviceaccounts/cluster-local-gateway-service-account
uid: 1fb41b5e-15bb-11ea-b5af-027e0b84da98
secrets:
- name: cluster-local-gateway-service-account-token-226tq
- apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2019-12-03T10:52:28Z"
name: default
namespace: istio-system
resourceVersion: "43258"
selfLink: /api/v1/namespaces/istio-system/serviceaccounts/default
uid: ffb4982e-15ba-11ea-b5af-027e0b84da98
secrets:
- name: default-token-hg4lc
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app":"security","chart":"security","heritage":"Tiller","release":"RELEASE-NAME"},"name":"istio-citadel-service-account","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:24Z"
labels:
app: security
chart: security
heritage: Tiller
release: RELEASE-NAME
name: istio-citadel-service-account
namespace: istio-system
resourceVersion: "43446"
selfLink: /api/v1/namespaces/istio-system/serviceaccounts/istio-citadel-service-account
uid: 20eb3d1f-15bb-11ea-b5af-027e0b84da98
secrets:
- name: istio-citadel-service-account-token-klk7s
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app":"galley","chart":"galley","heritage":"Tiller","release":"RELEASE-NAME"},"name":"istio-galley-service-account","namespace":"istio-system"}}
creationTimestamp: "2019-12-03T10:53:22Z"
labels:
app: galley
chart: galley
heritage: Tiller
release: RELEASE-NAME
name: istio-galley-service-account
namespace: istio-system
resourceVersion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment