istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix indentation and add missing field (#12516)

This commit is contained in:
Peter Jausovec 2023-01-25 01:26:18 -08:00 committed by GitHub
parent 79fb5e9848
commit 5bf14ed2b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
content/en/docs/ops/integrations/spire/index.md
View File

@ -261,39 +261,40 @@ To improve workload attestation security robustness, SPIRE is able to verify aga
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: sleep name: sleep
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: sleep
template:
metadata:
labels:
app: sleep app: sleep
# Injects custom sidecar template template:
annotations: metadata:
inject.istio.io/templates: "sidecar,spire" labels:
spec: app: sleep
terminationGracePeriodSeconds: 0 # Injects custom sidecar template
serviceAccountName: sleep annotations:
containers: inject.istio.io/templates: "sidecar,spire"
- name: sleep spec:
image: curlimages/curl terminationGracePeriodSeconds: 0
command: ["/bin/sleep", "3650d"] serviceAccountName: sleep
imagePullPolicy: IfNotPresent containers:
volumeMounts: - name: sleep
- name: tmp image: curlimages/curl
mountPath: /tmp command: ["/bin/sleep", "3650d"]
securityContext: imagePullPolicy: IfNotPresent
runAsUser: 1000 volumeMounts:
volumes: - name: tmp
- name: tmp mountPath: /tmp
emptyDir: {} securityContext:
# CSI volume runAsUser: 1000
- name: workload-socket volumes:
csi: - name: tmp
driver: "csi.spiffe.io" emptyDir: {}
# CSI volume
- name: workload-socket
csi:
driver: "csi.spiffe.io"
readOnly: true
{{< /text >}} {{< /text >}}
1. Get pod information: 1. Get pod information: