Created
March 3, 2020 23:20
-
-
Save balamuru/1535fef9e4bbba8dd72f47f9e3be1a44 to your computer and use it in GitHub Desktop.
Egress Gateway with SNI Proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Source: istio/charts/gateways/templates/serviceaccount.yaml | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: istio-egressgateway-with-sni-proxy-service-account | |
| namespace: istio-system | |
| labels: | |
| app: istio-egressgateway-with-sni-proxy | |
| chart: gateways | |
| heritage: Tiller | |
| release: istio-egressgateway-with-sni-proxy | |
| --- | |
| --- | |
| # Source: istio/charts/gateways/templates/service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: istio-egressgateway-with-sni-proxy | |
| namespace: istio-system | |
| annotations: | |
| labels: | |
| chart: gateways | |
| heritage: Tiller | |
| release: istio-egressgateway-with-sni-proxy | |
| app: istio-egressgateway-with-sni-proxy | |
| istio: egressgateway-with-sni-proxy | |
| spec: | |
| type: ClusterIP | |
| selector: | |
| release: istio-egressgateway-with-sni-proxy | |
| app: istio-egressgateway-with-sni-proxy | |
| istio: egressgateway-with-sni-proxy | |
| ports: | |
| - | |
| name: https | |
| port: 443 | |
| --- | |
| --- | |
| # Source: istio/charts/gateways/templates/deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: istio-egressgateway-with-sni-proxy | |
| namespace: istio-system | |
| labels: | |
| app: istio-egressgateway-with-sni-proxy | |
| chart: gateways | |
| heritage: Tiller | |
| istio: egressgateway-with-sni-proxy | |
| release: istio-egressgateway-with-sni-proxy | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: istio-egressgateway-with-sni-proxy | |
| istio: egressgateway-with-sni-proxy | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: | |
| maxUnavailable: | |
| template: | |
| metadata: | |
| labels: | |
| app: istio-egressgateway-with-sni-proxy | |
| chart: gateways | |
| heritage: Tiller | |
| istio: egressgateway-with-sni-proxy | |
| release: istio-egressgateway-with-sni-proxy | |
| annotations: | |
| sidecar.istio.io/inject: "false" | |
| spec: | |
| serviceAccountName: istio-egressgateway-with-sni-proxy-service-account | |
| containers: | |
| - name: istio-proxy | |
| image: "docker.io/istio/proxyv2:1.4.5" | |
| imagePullPolicy: IfNotPresent | |
| ports: | |
| - containerPort: 443 | |
| - containerPort: 15090 | |
| protocol: TCP | |
| name: http-envoy-prom | |
| args: | |
| - proxy | |
| - router | |
| - --domain | |
| - $(POD_NAMESPACE).svc.cluster.local | |
| - --log_output_level=default:info | |
| - --drainDuration | |
| - '45s' #drainDuration | |
| - --parentShutdownDuration | |
| - '1m0s' #parentShutdownDuration | |
| - --connectTimeout | |
| - '10s' #connectTimeout | |
| - --serviceCluster | |
| - istio-egressgateway-with-sni-proxy | |
| - --zipkinAddress | |
| - zipkin.istio-system:9411 | |
| - --proxyAdminPort | |
| - "15000" | |
| - --statusPort | |
| - "15020" | |
| - --controlPlaneAuthPolicy | |
| - NONE | |
| - --discoveryAddress | |
| - istio-pilot.istio-system:15010 | |
| readinessProbe: | |
| failureThreshold: 30 | |
| httpGet: | |
| path: /healthz/ready | |
| port: 15020 | |
| scheme: HTTP | |
| initialDelaySeconds: 1 | |
| periodSeconds: 2 | |
| successThreshold: 1 | |
| timeoutSeconds: 1 | |
| resources: | |
| requests: | |
| cpu: 10m | |
| env: | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: spec.nodeName | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| - name: INSTANCE_IP | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: status.podIP | |
| - name: HOST_IP | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: status.hostIP | |
| - name: SERVICE_ACCOUNT | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.serviceAccountName | |
| - name: ISTIO_META_POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: ISTIO_META_CONFIG_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: ISTIO_METAJSON_LABELS | |
| value: | | |
| {"app":"istio-egressgateway-with-sni-proxy","chart":"gateways","heritage":"Tiller","istio":"egressgateway-with-sni-proxy","release":"istio-egressgateway-with-sni-proxy"} | |
| - name: ISTIO_META_CLUSTER_ID | |
| value: "Kubernetes" | |
| - name: SDS_ENABLED | |
| value: "false" | |
| - name: ISTIO_META_WORKLOAD_NAME | |
| value: istio-egressgateway-with-sni-proxy | |
| - name: ISTIO_META_OWNER | |
| value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-egressgateway-with-sni-proxy | |
| volumeMounts: | |
| - name: istio-certs | |
| mountPath: /etc/certs | |
| readOnly: true | |
| - name: egressgateway-certs | |
| mountPath: "/etc/istio/egressgateway-certs" | |
| readOnly: true | |
| - name: egressgateway-ca-certs | |
| mountPath: "/etc/istio/egressgateway-ca-certs" | |
| readOnly: true | |
| - image: nginx | |
| name: sni-proxy | |
| volumeMounts: | |
| - mountPath: /etc/nginx | |
| name: sni-proxy-config | |
| readOnly: true | |
| volumes: | |
| - name: istio-certs | |
| secret: | |
| secretName: istio.istio-egressgateway-with-sni-proxy-service-account | |
| optional: true | |
| - name: egressgateway-certs | |
| secret: | |
| secretName: "istio-egressgateway-certs" | |
| optional: true | |
| - name: egressgateway-ca-certs | |
| secret: | |
| secretName: "istio-egressgateway-ca-certs" | |
| optional: true | |
| - name: sni-proxy-config | |
| configMap: | |
| name: "egress-sni-proxy-configmap" | |
| optional: true | |
| affinity: | |
| nodeAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| nodeSelectorTerms: | |
| - matchExpressions: | |
| - key: beta.kubernetes.io/arch | |
| operator: In | |
| values: | |
| - "amd64" | |
| - "ppc64le" | |
| - "s390x" | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| - weight: 2 | |
| preference: | |
| matchExpressions: | |
| - key: beta.kubernetes.io/arch | |
| operator: In | |
| values: | |
| - "amd64" | |
| - weight: 2 | |
| preference: | |
| matchExpressions: | |
| - key: beta.kubernetes.io/arch | |
| operator: In | |
| values: | |
| - "ppc64le" | |
| - weight: 2 | |
| preference: | |
| matchExpressions: | |
| - key: beta.kubernetes.io/arch | |
| operator: In | |
| values: | |
| - "s390x" | |
| --- | |
| --- | |
| # Source: istio/charts/gateways/templates/autoscale.yaml | |
| --- | |
| # Source: istio/charts/gateways/templates/role.yaml | |
| --- | |
| # Source: istio/charts/gateways/templates/rolebindings.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment