Skip to content

Instantly share code, notes, and snippets.

@nmittler

nmittler/pod dump

Created October 15, 2020 23:49
Show Gist options
  • Save nmittler/8124a772596c4dde14200724072a360b to your computer and use it in GitHub Desktop.
Save nmittler/8124a772596c4dde14200724072a360b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pod dump
apiVersion: v1
kind: Pod
metadata:
annotations:
prometheus.io/path: /stats/prometheus
prometheus.io/port: "15020"
prometheus.io/scrape: "true"
sidecar.istio.io/status: '{"version":"5e54f078d186ad0db07340b20c2f6b00cfac7c859a65bd21f650b3ff62a2eb3d","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null}'
creationTimestamp: "2020-10-15T23:34:44Z"
generateName: sleep-8f795f47d-
labels:
app: sleep
istio.io/rev: default
pod-template-hash: 8f795f47d
security.istio.io/tlsMode: istio
service.istio.io/canonical-name: sleep
service.istio.io/canonical-revision: latest
topology.istio.io/network: network1
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:generateName: {}
f:labels:
.: {}
f:app: {}
f:pod-template-hash: {}
f:ownerReferences:
.: {}
k:{"uid":"3e333e5a-def5-4fcd-8b14-eee469d160af"}:
.: {}
f:apiVersion: {}
f:blockOwnerDeletion: {}
f:controller: {}
f:kind: {}
f:name: {}
f:uid: {}
f:spec:
f:containers:
k:{"name":"sleep"}:
.: {}
f:command: {}
f:image: {}
f:imagePullPolicy: {}
f:name: {}
f:resources: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:volumeMounts:
.: {}
k:{"mountPath":"/etc/sleep/tls"}:
.: {}
f:mountPath: {}
f:name: {}
f:dnsPolicy: {}
f:enableServiceLinks: {}
f:restartPolicy: {}
f:schedulerName: {}
f:securityContext: {}
f:serviceAccount: {}
f:serviceAccountName: {}
f:terminationGracePeriodSeconds: {}
f:volumes:
.: {}
k:{"name":"secret-volume"}:
.: {}
f:name: {}
f:secret:
.: {}
f:defaultMode: {}
f:optional: {}
f:secretName: {}
manager: kube-controller-manager
operation: Update
time: "2020-10-15T23:34:44Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:conditions:
k:{"type":"ContainersReady"}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
k:{"type":"Initialized"}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
k:{"type":"Ready"}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
f:containerStatuses: {}
f:hostIP: {}
f:initContainerStatuses: {}
f:phase: {}
f:podIP: {}
f:podIPs:
.: {}
k:{"ip":"10.8.3.29"}:
.: {}
f:ip: {}
f:startTime: {}
manager: kubelet
operation: Update
time: "2020-10-15T23:34:49Z"
name: sleep-8f795f47d-srdf7
namespace: sample
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: sleep-8f795f47d
uid: 3e333e5a-def5-4fcd-8b14-eee469d160af
resourceVersion: "43831048"
selfLink: /api/v1/namespaces/sample/pods/sleep-8f795f47d-srdf7
uid: e6e71ec1-258b-4ac1-81d1-c77dc3d2b362
spec:
containers:
- command:
- /bin/sleep
- 3650d
image: governmentpaas/curl-ssl
imagePullPolicy: IfNotPresent
name: sleep
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/sleep/tls
name: secret-volume
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: sleep-token-prfht
readOnly: true
- args:
- proxy
- sidecar
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --serviceCluster
- sleep.$(POD_NAMESPACE)
- --proxyLogLevel=warning
- --proxyComponentLogLevel=misc:error
- --trust-domain=cluster.local
- --concurrency
- "2"
env:
- name: JWT_POLICY
value: third-party-jwt
- name: PILOT_CERT_PROVIDER
value: istiod
- name: CA_ADDR
value: istiod.istio-system.svc:15012
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: CANONICAL_SERVICE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CANONICAL_REVISION
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['service.istio.io/canonical-revision']
- name: PROXY_CONFIG
value: |
{"proxyMetadata":{"DNS_AGENT":""},"meshId":"mesh1"}
- name: ISTIO_META_POD_PORTS
value: |-
[
]
- name: ISTIO_META_APP_CONTAINERS
value: sleep
- name: ISTIO_META_INTERCEPTION_MODE
value: REDIRECT
- name: ISTIO_META_WORKLOAD_NAME
value: sleep
- name: ISTIO_META_OWNER
value: kubernetes://apis/apps/v1/namespaces/sample/deployments/sleep
- name: ISTIO_META_MESH_ID
value: mesh1
- name: DNS_AGENT
- name: ISTIO_META_NETWORK
value: network1
- name: ISTIO_META_CLUSTER_ID
value: cluster2
image: gcr.io/istio-testing/proxyv2:1.8-alpha.3297fb02a4afe1be027cb91ce4518c96ebb0c1eb
imagePullPolicy: Always
name: istio-proxy
ports:
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 3
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1337
runAsNonRoot: true
runAsUser: 1337
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /var/lib/istio/data
name: istio-data
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /var/run/secrets/tokens
name: istio-token
- mountPath: /etc/istio/pod
name: istio-podinfo
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: sleep-token-prfht
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- args:
- istio-iptables
- -p
- "15001"
- -z
- "15006"
- -u
- "1337"
- -m
- REDIRECT
- -i
- '*'
- -x
- ""
- -b
- '*'
- -d
- 15090,15021,15020
env:
- name: DNS_AGENT
image: gcr.io/istio-testing/proxyv2:1.8-alpha.3297fb02a4afe1be027cb91ce4518c96ebb0c1eb
imagePullPolicy: Always
name: istio-init
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: sleep-token-prfht
readOnly: true
nodeName: gke-cluster2-default-pool-5aa5e75b-2yj2
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1337
serviceAccount: sleep
serviceAccountName: sleep
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: secret-volume
secret:
defaultMode: 420
optional: true
secretName: sleep-secret
- name: sleep-token-prfht
secret:
defaultMode: 420
secretName: sleep-token-prfht
- emptyDir:
medium: Memory
name: istio-envoy
- emptyDir: {}
name: istio-data
- downwardAPI:
defaultMode: 420
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.labels
path: labels
- fieldRef:
apiVersion: v1
fieldPath: metadata.annotations
path: annotations
name: istio-podinfo
- name: istio-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- configMap:
defaultMode: 420
name: istio-ca-root-cert
name: istiod-ca-cert
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2020-10-15T23:34:46Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2020-10-15T23:34:49Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2020-10-15T23:34:49Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2020-10-15T23:34:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://d5873d3116f9bf5efcd752cf0452e3ae84f3d628622c6aa2221a552b4756af89
image: gcr.io/istio-testing/proxyv2:1.8-alpha.3297fb02a4afe1be027cb91ce4518c96ebb0c1eb
imageID: docker-pullable://gcr.io/istio-testing/proxyv2@sha256:00212f4d79fee580b97234cd22bb7203cee02193d004b6230d06e680b7983ce2
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2020-10-15T23:34:46Z"
- containerID: docker://59c4544e37d8cf7b4b4c16a6660d42d4883394b4ec92c3fcdddd057a1ce931db
image: governmentpaas/curl-ssl:latest
imageID: docker-pullable://governmentpaas/curl-ssl@sha256:7570257ca1b0799c4107309bbda5f29272603bef02e75963a79989262ce8cb7e
lastState: {}
name: sleep
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2020-10-15T23:34:46Z"
hostIP: 10.128.0.35
initContainerStatuses:
- containerID: docker://dab340af9cfb58ccb9f4ec12dd29124787d08093a419bf01907046ac0bb5e700
image: gcr.io/istio-testing/proxyv2:1.8-alpha.3297fb02a4afe1be027cb91ce4518c96ebb0c1eb
imageID: docker-pullable://gcr.io/istio-testing/proxyv2@sha256:00212f4d79fee580b97234cd22bb7203cee02193d004b6230d06e680b7983ce2
lastState: {}
name: istio-init
ready: true
restartCount: 0
state:
terminated:
containerID: docker://dab340af9cfb58ccb9f4ec12dd29124787d08093a419bf01907046ac0bb5e700
exitCode: 0
finishedAt: "2020-10-15T23:34:45Z"
reason: Completed
startedAt: "2020-10-15T23:34:45Z"
phase: Running
podIP: 10.8.3.29
podIPs:
- ip: 10.8.3.29
qosClass: Burstable
startTime: "2020-10-15T23:34:44Z"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment