Created
August 25, 2019 04:53
-
-
Save mgenov/5e1cc94e68f67267468aaa5ee677d267 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2019-08-24T11:55:43.941586Z info FLAG: --caCertFile="/etc/istio/certs/root-cert.pem" | |
| 2019-08-24T11:55:43.941617Z info FLAG: --healthCheckFile="/health" | |
| 2019-08-24T11:55:43.941622Z info FLAG: --healthCheckInterval="2s" | |
| 2019-08-24T11:55:43.941628Z info FLAG: --help="false" | |
| 2019-08-24T11:55:43.941631Z info FLAG: --injectConfig="/etc/istio/inject/config" | |
| 2019-08-24T11:55:43.941634Z info FLAG: --injectValues="/etc/istio/inject/values" | |
| 2019-08-24T11:55:43.941637Z info FLAG: --kubeconfig="" | |
| 2019-08-24T11:55:43.941640Z info FLAG: --log_as_json="false" | |
| 2019-08-24T11:55:43.941642Z info FLAG: --log_caller="" | |
| 2019-08-24T11:55:43.941645Z info FLAG: --log_output_level="default:info" | |
| 2019-08-24T11:55:43.941648Z info FLAG: --log_rotate="" | |
| 2019-08-24T11:55:43.941652Z info FLAG: --log_rotate_max_age="30" | |
| 2019-08-24T11:55:43.941655Z info FLAG: --log_rotate_max_backups="1000" | |
| 2019-08-24T11:55:43.941658Z info FLAG: --log_rotate_max_size="104857600" | |
| 2019-08-24T11:55:43.941661Z info FLAG: --log_stacktrace_level="default:none" | |
| 2019-08-24T11:55:43.941671Z info FLAG: --log_target="[stdout]" | |
| 2019-08-24T11:55:43.941674Z info FLAG: --meshConfig="/etc/istio/config/mesh" | |
| 2019-08-24T11:55:43.941677Z info FLAG: --port="443" | |
| 2019-08-24T11:55:43.941681Z info FLAG: --tlsCertFile="/etc/istio/certs/cert-chain.pem" | |
| 2019-08-24T11:55:43.941684Z info FLAG: --tlsKeyFile="/etc/istio/certs/key.pem" | |
| 2019-08-24T11:55:43.941687Z info FLAG: --webhookConfigName="istio-sidecar-injector" | |
| 2019-08-24T11:55:43.941690Z info FLAG: --webhookName="sidecar-injector.istio.io" | |
| 2019-08-24T11:55:43.941706Z info version [email protected]/istio-1.2.3-c562694ea6e554c2b60d12c9876d2641cfdd917d-dirty-Modified | |
| 2019-08-24T11:55:43.946181Z info New configuration: sha256sum 5b8d2f71fc7cc3fba59d4d36a16b2aa1fdd18f82ff2c725bd998c0583a7f1e16 | |
| 2019-08-24T11:55:43.946197Z info Policy: enabled | |
| 2019-08-24T11:55:43.946200Z info AlwaysInjectSelector: [] | |
| 2019-08-24T11:55:43.946203Z info NeverInjectSelector: [] | |
| 2019-08-24T11:55:43.946252Z info Template: | | |
| rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} | |
| {{- if or (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} | |
| initContainers: | |
| {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} | |
| {{- if not .Values.istio_cni.enabled }} | |
| - name: istio-init | |
| {{- if contains "/" .Values.global.proxy_init.image }} | |
| image: "{{ .Values.global.proxy_init.image }}" | |
| {{- else }} | |
| image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" | |
| {{- end }} | |
| args: | |
| - "-p" | |
| - "15001" | |
| - "-u" | |
| - 1337 | |
| - "-m" | |
| - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" | |
| - "-i" | |
| - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" | |
| - "-x" | |
| - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" | |
| - "-b" | |
| - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" | |
| - "-d" | |
| - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" | |
| {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") -}} | |
| - "-o" | |
| - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" | |
| {{ end -}} | |
| {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} | |
| - "-k" | |
| - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" | |
| {{ end -}} | |
| imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" | |
| resources: | |
| requests: | |
| cpu: 10m | |
| memory: 10Mi | |
| limits: | |
| cpu: 100m | |
| memory: 50Mi | |
| securityContext: | |
| runAsUser: 0 | |
| runAsNonRoot: false | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| {{- if .Values.global.proxy.privileged }} | |
| privileged: true | |
| {{- end }} | |
| restartPolicy: Always | |
| env: | |
| {{- if contains "*" (annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` "") }} | |
| - name: INBOUND_CAPTURE_PORT | |
| value: 15006 | |
| {{- end }} | |
| {{- end }} | |
| {{ end -}} | |
| {{- if eq .Values.global.proxy.enableCoreDump true }} | |
| - name: enable-core-dump | |
| args: | |
| - -c | |
| - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited | |
| command: | |
| - /bin/sh | |
| {{- if contains "/" .Values.global.proxy_init.image }} | |
| image: "{{ .Values.global.proxy_init.image }}" | |
| {{- else }} | |
| image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" | |
| {{- end }} | |
| imagePullPolicy: IfNotPresent | |
| resources: {} | |
| securityContext: | |
| runAsUser: 0 | |
| runAsNonRoot: false | |
| privileged: true | |
| {{ end }} | |
| {{- end }} | |
| containers: | |
| - name: istio-proxy | |
| {{- if contains "/" .Values.global.proxy.image }} | |
| image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" | |
| {{- else }} | |
| image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" | |
| {{- end }} | |
| ports: | |
| - containerPort: 15090 | |
| protocol: TCP | |
| name: http-envoy-prom | |
| args: | |
| - proxy | |
| - sidecar | |
| - --domain | |
| - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} | |
| - --configPath | |
| - "{{ .ProxyConfig.ConfigPath }}" | |
| - --binaryPath | |
| - "{{ .ProxyConfig.BinaryPath }}" | |
| - --serviceCluster | |
| {{ if ne "" (index .ObjectMeta.Labels "app") -}} | |
| - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" | |
| {{ else -}} | |
| - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" | |
| {{ end -}} | |
| - --drainDuration | |
| - "{{ formatDuration .ProxyConfig.DrainDuration }}" | |
| - --parentShutdownDuration | |
| - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" | |
| - --discoveryAddress | |
| - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" | |
| {{- if eq .Values.global.proxy.tracer "lightstep" }} | |
| - --lightstepAddress | |
| - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" | |
| - --lightstepAccessToken | |
| - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" | |
| - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} | |
| - --lightstepCacertPath | |
| - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" | |
| {{- else if eq .Values.global.proxy.tracer "zipkin" }} | |
| - --zipkinAddress | |
| - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" | |
| {{- else if eq .Values.global.proxy.tracer "datadog" }} | |
| - --datadogAgentAddress | |
| - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" | |
| {{- end }} | |
| {{- if .Values.global.proxy.logLevel }} | |
| - --proxyLogLevel={{ .Values.global.proxy.logLevel }} | |
| {{- end}} | |
| {{- if .Values.global.proxy.componentLogLevel }} | |
| - --proxyComponentLogLevel={{ .Values.global.proxy.componentLogLevel }} | |
| {{- end}} | |
| - --dnsRefreshRate | |
| - {{ .Values.global.proxy.dnsRefreshRate }} | |
| - --connectTimeout | |
| - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" | |
| {{- if .Values.global.proxy.envoyStatsd.enabled }} | |
| - --statsdUdpAddress | |
| - "{{ .ProxyConfig.StatsdUdpAddress }}" | |
| {{- end }} | |
| {{- if .Values.global.proxy.envoyMetricsService.enabled }} | |
| - --envoyMetricsServiceAddress | |
| - "{{ .ProxyConfig.EnvoyMetricsServiceAddress }}" | |
| {{- end }} | |
| - --proxyAdminPort | |
| - "{{ .ProxyConfig.ProxyAdminPort }}" | |
| {{ if gt .ProxyConfig.Concurrency 0 -}} | |
| - --concurrency | |
| - "{{ .ProxyConfig.Concurrency }}" | |
| {{ end -}} | |
| - --controlPlaneAuthPolicy | |
| - "{{ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy }}" | |
| {{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} | |
| - --statusPort | |
| - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" | |
| - --applicationPorts | |
| - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" | |
| {{- end }} | |
| {{- if .Values.global.trustDomain }} | |
| - --trust-domain={{ .Values.global.trustDomain }} | |
| {{- end }} | |
| env: | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: INSTANCE_IP | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| {{ if eq .Values.global.proxy.tracer "datadog" }} | |
| - name: HOST_IP | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.hostIP | |
| {{ end }} | |
| - name: ISTIO_META_POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: ISTIO_META_CONFIG_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: ISTIO_META_INTERCEPTION_MODE | |
| value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" | |
| - name: ISTIO_META_INCLUDE_INBOUND_PORTS | |
| value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" | |
| {{- if .Values.global.network }} | |
| - name: ISTIO_META_NETWORK | |
| value: "{{ .Values.global.network }}" | |
| {{- end }} | |
| {{ if .ObjectMeta.Annotations }} | |
| - name: ISTIO_METAJSON_ANNOTATIONS | |
| value: | | |
| {{ toJSON .ObjectMeta.Annotations }} | |
| {{ end }} | |
| {{ if .ObjectMeta.Labels }} | |
| - name: ISTIO_METAJSON_LABELS | |
| value: | | |
| {{ toJSON .ObjectMeta.Labels }} | |
| {{ end }} | |
| {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} | |
| - name: ISTIO_BOOTSTRAP_OVERRIDE | |
| value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" | |
| {{- end }} | |
| {{- if .Values.global.sds.customTokenDirectory }} | |
| - name: ISTIO_META_SDS_TOKEN_PATH | |
| value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" | |
| {{- end }} | |
| imagePullPolicy: {{ .Values.global.imagePullPolicy }} | |
| {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz/ready | |
| port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} | |
| initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} | |
| periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} | |
| failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} | |
| {{ end -}} | |
| securityContext: | |
| {{- if .Values.global.proxy.privileged }} | |
| privileged: true | |
| {{- end }} | |
| {{- if ne .Values.global.proxy.enableCoreDump true }} | |
| readOnlyRootFilesystem: true | |
| {{- end }} | |
| {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} | |
| capabilities: | |
| add: | |
| - NET_ADMIN | |
| runAsGroup: 1337 | |
| {{ else -}} | |
| {{ if and .Values.global.sds.enabled .Values.global.sds.useTrustworthyJwt }} | |
| runAsGroup: 1337 | |
| {{- end }} | |
| runAsUser: 1337 | |
| {{- end }} | |
| resources: | |
| {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} | |
| requests: | |
| {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} | |
| cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" | |
| {{ end}} | |
| {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} | |
| memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" | |
| {{ end }} | |
| {{ else -}} | |
| {{- if .Values.global.proxy.resources }} | |
| {{ toYaml .Values.global.proxy.resources | indent 4 }} | |
| {{- end }} | |
| {{ end -}} | |
| volumeMounts: | |
| {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} | |
| - mountPath: /etc/istio/custom-bootstrap | |
| name: custom-bootstrap-volume | |
| {{- end }} | |
| - mountPath: /etc/istio/proxy | |
| name: istio-envoy | |
| {{- if .Values.global.sds.enabled }} | |
| - mountPath: /var/run/sds | |
| name: sds-uds-path | |
| readOnly: true | |
| {{- if .Values.global.sds.useTrustworthyJwt }} | |
| - mountPath: /var/run/secrets/tokens | |
| name: istio-token | |
| {{- end }} | |
| {{- if .Values.global.sds.customTokenDirectory }} | |
| - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" | |
| name: custom-sds-token | |
| readOnly: true | |
| {{- end }} | |
| {{- else }} | |
| - mountPath: /etc/certs/ | |
| name: istio-certs | |
| readOnly: true | |
| {{- end }} | |
| {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} | |
| - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} | |
| name: lightstep-certs | |
| readOnly: true | |
| {{- end }} | |
| {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} | |
| {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} | |
| - name: "{{ $index }}" | |
| {{ toYaml $value | indent 4 }} | |
| {{ end }} | |
| {{- end }} | |
| volumes: | |
| {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} | |
| - name: custom-bootstrap-volume | |
| configMap: | |
| name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} | |
| {{- end }} | |
| - emptyDir: | |
| medium: Memory | |
| name: istio-envoy | |
| {{- if .Values.global.sds.enabled }} | |
| - name: sds-uds-path | |
| hostPath: | |
| path: /var/run/sds | |
| {{- if .Values.global.sds.customTokenDirectory }} | |
| - name: custom-sds-token | |
| secret: | |
| secretName: sdstokensecret | |
| {{- end }} | |
| {{- if .Values.global.sds.useTrustworthyJwt }} | |
| - name: istio-token | |
| projected: | |
| sources: | |
| - serviceAccountToken: | |
| path: istio-token | |
| expirationSeconds: 43200 | |
| audience: {{ .Values.global.trustDomain }} | |
| {{- end }} | |
| {{- else }} | |
| - name: istio-certs | |
| secret: | |
| optional: true | |
| {{ if eq .Spec.ServiceAccountName "" }} | |
| secretName: istio.default | |
| {{ else -}} | |
| secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} | |
| {{ end -}} | |
| {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} | |
| {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} | |
| - name: "{{ $index }}" | |
| {{ toYaml $value | indent 2 }} | |
| {{ end }} | |
| {{ end }} | |
| {{- end }} | |
| {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} | |
| - name: lightstep-certs | |
| secret: | |
| optional: true | |
| secretName: lightstep.cacert | |
| {{- end }} | |
| {{- if .Values.global.podDNSSearchNamespaces }} | |
| dnsConfig: | |
| searches: | |
| {{- range .Values.global.podDNSSearchNamespaces }} | |
| - {{ render . }} | |
| {{- end }} | |
| {{- end }} | |
| 2019-08-24T14:38:02.022234Z info AdmissionReview for Kind=/v1, Kind=Pod Namespace=dev Name= (payment-service-dev-5dccdbfd6-***** (actual name not yet known)) UID=c660d541-c67c-11e9-adbf-42010a8400b7 Rfc6902PatchOperation=CREATE UserInfo={system:serviceaccount:kube-system:replicaset-controller ebdfca84-b062-11e9-8f1f-42010a840fe4 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} | |
| 2019-08-24T14:38:02.055204Z info AdmissionResponse: patch=[{"op":"add","path":"/spec/initContainers","value":[{"name":"istio-init","image":"docker.io/istio/proxy_init:1.2.3","args":["-p","15001","-u","1337","-m","REDIRECT","-i","*","-x","","-b","8080","-d","15020"],"resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}},"imagePullPolicy":"IfNotPresent","securityContext":{"capabilities":{"add":["NET_ADMIN"]},"runAsUser":0,"runAsNonRoot":false}}]},{"op":"add","path":"/spec/containers/-","value":{"name":"istio-proxy","image":"docker.io/istio/proxyv2:1.2.3","args":["proxy","sidecar","--domain","$(POD_NAMESPACE).svc.cluster.local","--configPath","/etc/istio/proxy","--binaryPath","/usr/local/bin/envoy","--serviceCluster","payment.$(POD_NAMESPACE)","--drainDuration","45s","--parentShutdownDuration","1m0s","--discoveryAddress","istio-pilot.istio-system:15010","--zipkinAddress","zipkin.istio-system:9411","--dnsRefreshRate","300s","--connectTimeout","10s","--proxyAdminPort","15000","--concurrency","2","--controlPlaneAuthPolicy","NONE","--statusPort","15020","--applicationPorts","8080"],"ports":[{"name":"http-envoy-prom","containerPort":15090,"protocol":"TCP"}],"env":[{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"INSTANCE_IP","valueFrom":{"fieldRef":{"fieldPath":"status.podIP"}}},{"name":"ISTIO_META_POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"ISTIO_META_CONFIG_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"ISTIO_META_INTERCEPTION_MODE","value":"REDIRECT"},{"name":"ISTIO_META_INCLUDE_INBOUND_PORTS","value":"8080"},{"name":"ISTIO_METAJSON_LABELS","value":"{\"app\":\"payment\",\"pod-template-hash\":\"5dccdbfd6\",\"release\":\"payment-service-dev\"}\n"}],"resources":{"limits":{"cpu":"2","memory":"256Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"volumeMounts":[{"name":"istio-envoy","mountPath":"/etc/istio/proxy"},{"name":"istio-certs","readOnly":true,"mountPath":"/etc/certs/"},{"name":"default-token-fb4r9","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"}],"readinessProbe":{"httpGet":{"path":"/healthz/ready","port":15020},"initialDelaySeconds":1,"periodSeconds":2,"failureThreshold":30},"imagePullPolicy":"IfNotPresent","securityContext":{"runAsUser":1337,"readOnlyRootFilesystem":true}}},{"op":"add","path":"/spec/volumes/-","value":{"name":"istio-envoy","emptyDir":{"medium":"Memory"}}},{"op":"add","path":"/spec/volumes/-","value":{"name":"istio-certs","secret":{"secretName":"istio.default","optional":true}}},{"op":"add","path":"/spec/securityContext","value":{}},{"op":"add","path":"/metadata/annotations","value":{"sidecar.istio.io/status":"{\"version\":\"761ebc5a63976754715f22fcf548f05270fb4b8db07324894aebdb31fa81d960\",\"initContainers\":[\"istio-init\"],\"containers\":[\"istio-proxy\"],\"volumes\":[\"istio-envoy\",\"istio-certs\"],\"imagePullSecrets\":null}"}}] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment