################################################################################################## # Details service ################################################################################################## apiVersion: v1 kind: Service metadata: name: istio-ui labels: app: istio-ui spec: ports: - port: 9100 name: http selector: app: istio-ui type: LoadBalancer --- apiVersion: apps/v1 kind: Deployment metadata: name: istio-ui spec: replicas: 1 selector: matchLabels: app: istio-ui template: metadata: labels: app: istio-ui spec: serviceAccountName: istio-ui-service-account containers: - name: istio-ui image: registry.cn-shenzhen.aliyuncs.com/jukylin/istio-ui:v0.1.2 imagePullPolicy: IfNotPresent ports: - containerPort: 9100 volumeMounts: - mountPath: /data/www/istio_config name: istio-config - mountPath: /data/www/istio_upload name: istio-upload - mountPath: /data/www/istio_back_up name: istio-back-up volumes: - name: istio-config hostPath: path: /data/www/istio_config - name: istio-upload hostPath: path: /data/www/istio_upload - name: istio-back-up hostPath: path: /data/www/istio_back_up --- apiVersion: v1 kind: ServiceAccount metadata: name: istio-ui-service-account --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: istio-ui-cluster-role rules: - apiGroups: [""] resources: ["namespaces", "configmaps"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["get", "list", "watch", "update", "create"] - apiGroups: ["config.istio.io"] # istio CRD watcher resources: ["*"] verbs: ["create", "get", "list", "watch", "patch"] - apiGroups: ["networking.istio.io"] resources: ["*"] verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: istio-ui-cluster-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: istio-ui-cluster-role subjects: - kind: ServiceAccount name: istio-ui-service-account namespace: default ---