tools/run_tests/xds_k8s_test_driver/kubernetes-manifests/client-secure.deployment.yaml

   1 ---
   2 apiVersion: apps/v1
   3 kind: Deployment
   4 metadata:
   5   name: ${deployment_name}
   6   namespace: ${namespace_name}
   7   labels:
   8     app: ${deployment_name}
   9     owner: xds-k8s-interop-test
  10 spec:
  11   replicas: 1
  12   selector:
  13     matchLabels:
  14       app: ${deployment_name}
  15   template:
  16     metadata:
  17       labels:
  18         app: ${deployment_name}
  19         owner: xds-k8s-interop-test
  20     spec:
  21       serviceAccountName: ${service_account_name}
  22       containers:
  23       - name: ${deployment_name}
  24         image: ${image_name}
  25         imagePullPolicy: Always
  26         args:
  27           - "--server=${server_target}"
  28           - "--stats_port=${stats_port}"
  29           - "--secure_mode=${secure_mode}"
  30           - "--qps=${qps}"
  31           - "--rpc=${rpc}"
  32           - "--print_response=${print_response}"
  33         ports:
  34           - containerPort: ${stats_port}
  35         env:
  36           - name: GRPC_XDS_BOOTSTRAP
  37             value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
  38           - name: GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT
  39             value: "true"
  40           - name: GRPC_XDS_EXPERIMENTAL_V3_SUPPORT
  41             value: "true"
  42         volumeMounts:
  43           - mountPath: /tmp/grpc-xds/
  44             name: grpc-td-conf
  45             readOnly: true
  46           - mountPath: /var/run/gke-spiffe/certs
  47             name: gke-spiffe-certs-volume
  48             readOnly: true
  49         resources:
  50           limits:
  51             cpu: 800m
  52             memory: 512Mi
  53           requests:
  54             cpu: 100m
  55             memory: 512Mi
  56       initContainers:
  57         - name: grpc-td-init
  58           image: ${td_bootstrap_image}
  59           imagePullPolicy: Always
  60           args:
  61             - "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
  62             - "--vpc-network-name=${network}"
  63             % if xds_server_uri:
  64             - "--xds-server-uri=${xds_server_uri}"
  65             % endif
  66             - "--include-v3-features-experimental"
  67             - "--include-psm-security-experimental"
  68           resources:
  69             limits:
  70               cpu: 100m
  71               memory: 100Mi
  72             requests:
  73               cpu: 10m
  74               memory: 100Mi
  75           volumeMounts:
  76             - mountPath: /tmp/bootstrap/
  77               name: grpc-td-conf
  78       volumes:
  79         - name: grpc-td-conf
  80           emptyDir:
  81             medium: Memory
  82         - name: gke-spiffe-certs-volume
  83           csi:
  84             driver: certs.spiffe.gke.io
  85 ...