# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: hgate namespace: istio-system spec: selector: matchLabels: app: hgate replicas: 1 template: metadata: annotations: # If Istio is installed in cluster and injection enabled - use the gateway template. # This deployment also works injection-less. inject.istio.io/templates: gateway # If workload certs are enabled, will be configured. The deployment will detect the presence of the files, # may load the config to identify the pool (initially we'll use a hard-coded default name) # Must also configure cas_template. security.cloud.google.com/use-workload-certificates: "" labels: app: hgate istio: hgate version: v2.2 # Turns off injection, regardless of namespace label. # The docker image extends istio-proxy and includes envoy, knows how to start without injection. sidecar.istio.io/inject: "false" # Use default injection. If Istio is not installed in the cluster, will # auto-detect. #sidecar.istio.io/inject: "true" #istio.io/rev: asm-managed spec: containers: - name: istio-proxy # Istio injection should not override this image: gcr.io/wlhe-cr/gate:main imagePullPolicy: Always env: # - name: ENVOY_LOG_LEVEL # value: debug,config:warn,main:warn,upstream:debug # The launcher can't usually auto-detect the namespace, except from # the identity. - name: WORKLOAD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace ports: - containerPort: 15443 name: tls - containerPort: 15441 name: https-h2r resources: requests: cpu: 10m memory: "512Mi" limits: cpu: "4" memory: "8G"