mirror of https://github.com/istio/istio.io.git
154 lines
4.4 KiB
YAML
154 lines
4.4 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: my-ingressgateway-service-account
|
|
labels:
|
|
app: my-ingressgateway
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: my-ingressgateway
|
|
labels:
|
|
app: my-ingressgateway
|
|
istio: my-ingressgateway
|
|
spec:
|
|
replicas: 3
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: my-ingressgateway
|
|
istio: my-ingressgateway
|
|
annotations:
|
|
sidecar.istio.io/inject: "false"
|
|
scheduler.alpha.kubernetes.io/critical-pod: ""
|
|
spec:
|
|
serviceAccountName: my-ingressgateway-service-account
|
|
containers:
|
|
- name: ingressgateway
|
|
image: "gcr.io/istio-release/proxyv2:1.0.0"
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 80
|
|
- containerPort: 443
|
|
- containerPort: 31400
|
|
- containerPort: 15011
|
|
- containerPort: 8060
|
|
- containerPort: 15030
|
|
- containerPort: 15031
|
|
args:
|
|
- proxy
|
|
- router
|
|
- -v
|
|
- "2"
|
|
- --discoveryRefreshDelay
|
|
- '1s' #discoveryRefreshDelay
|
|
- --drainDuration
|
|
- '45s' #drainDuration
|
|
- --parentShutdownDuration
|
|
- '1m0s' #parentShutdownDuration
|
|
- --connectTimeout
|
|
- '10s' #connectTimeout
|
|
- --serviceCluster
|
|
- my-ingressgateway
|
|
- --zipkinAddress
|
|
- zipkin.istio-system:9411
|
|
- --statsdUdpAddress
|
|
- istio-statsd-prom-bridge.istio-system:9125
|
|
- --proxyAdminPort
|
|
- "15000"
|
|
- --controlPlaneAuthPolicy
|
|
- NONE
|
|
- --discoveryAddress
|
|
- istio-pilot.istio-system:8080
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
volumeMounts:
|
|
- mountPath: /etc/certs
|
|
name: istio-certs
|
|
readOnly: true
|
|
- mountPath: /etc/istio/ingressgateway-certs
|
|
name: ingressgateway-custom-certs
|
|
readOnly: true
|
|
- mountPath: /etc/istio/ingressgateway-ca-certs
|
|
name: ingressgateway-ca-certs
|
|
readOnly: true
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
- name: INSTANCE_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: status.podIP
|
|
- name: ISTIO_META_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
volumes:
|
|
- name: istio-certs
|
|
secret:
|
|
defaultMode: 420
|
|
optional: true
|
|
secretName: istio.istio-ingressgateway-service-account
|
|
- name: ingressgateway-custom-certs
|
|
secret:
|
|
defaultMode: 420
|
|
optional: true
|
|
secretName: istio-customingressgateway-certs
|
|
- name: ingressgateway-ca-certs
|
|
secret:
|
|
defaultMode: 420
|
|
optional: true
|
|
secretName: istio-ingressgateway-ca-certs
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: beta.kubernetes.io/arch
|
|
operator: In
|
|
values:
|
|
- amd64
|
|
- ppc64le
|
|
- s390x
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 2
|
|
preference:
|
|
matchExpressions:
|
|
- key: beta.kubernetes.io/arch
|
|
operator: In
|
|
values:
|
|
- amd64
|
|
- weight: 2
|
|
preference:
|
|
matchExpressions:
|
|
- key: beta.kubernetes.io/arch
|
|
operator: In
|
|
values:
|
|
- ppc64le
|
|
- weight: 2
|
|
preference:
|
|
matchExpressions:
|
|
- key: beta.kubernetes.io/arch
|
|
operator: In
|
|
values:
|
|
- s390x
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- my-ingressgateway
|
|
topologyKey: kubernetes.io/hostname |