Skip to content

Instantly share code, notes, and snippets.

@Neutrollized

Neutrollized/istio-ingressgateway.yaml

Created February 28, 2023 00:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Neutrollized/e7cf179359e043f03dc18acfe65ecce6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Neutrollized/e7cf179359e043f03dc18acfe65ecce6 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Neutrollized created this gist Feb 28, 2023.
    82 changes: 82 additions & 0 deletions istio-ingressgateway.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,82 @@
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: istio-ingressgateway
    spec:
    replicas: 2
    selector:
    matchLabels:
    app: istio-ingressgateway
    istio: ingressgateway
    template:
    metadata:
    annotations:
    # This is required to tell Anthos Service Mesh to inject the gateway with the
    # required configuration.
    inject.istio.io/templates: gateway
    labels:
    app: istio-ingressgateway
    istio: ingressgateway
    spec:
    containers:
    - name: istio-proxy
    image: auto # The image will automatically update each time the pod starts.
    resources:
    limits:
    cpu: 2000m
    memory: 1024Mi
    requests:
    cpu: 100m
    memory: 128Mi
    serviceAccountName: istio-ingressgateway
    ---
    apiVersion: v1
    kind: Service
    metadata:
    name: istio-ingressgateway
    labels:
    app: istio-ingressgateway
    istio: ingressgateway
    spec:
    ports:
    # status-port exposes a /healthz/ready endpoint that can be used with GKE Ingress health checks
    - name: status-port
    port: 15021
    protocol: TCP
    targetPort: 15021
    # Any ports exposed in Gateway resources should be exposed here.
    - name: http2
    port: 80
    - name: https
    port: 443
    selector:
    istio: ingressgateway
    app: istio-ingressgateway
    type: LoadBalancer
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: istio-ingressgateway
    ---
    # Role and RoleBinding allow the gateway to access certificates
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
    name: istio-ingressgateway
    rules:
    - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "watch", "list"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
    name: istio-ingressgateway
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: istio-ingressgateway
    subjects:
    - kind: ServiceAccount
    name: istio-ingressgateway