stefanprodan
diff --git a/‎apps/backend/deployment.patch.yaml
Lines changed: 149 additions & 149 deletions b/‎apps/backend/deployment.patch.yaml
Lines changed: 149 additions & 149 deletions
@@ -1,153 +1,153 @@
 - op: add
   path: /status
   value: {}
-- op: add
-  path: /spec/template/spec/volumes
-  value:
-  - emptyDir:
-      medium: Memory
-    name: istio-envoy
-  - emptyDir: {}
-    name: istio-data
-  - downwardAPI:
-      items:
-      - fieldRef:
-          fieldPath: metadata.labels
-        path: labels
-      - fieldRef:
-          fieldPath: metadata.annotations
-        path: annotations
-    name: istio-podinfo
-  - name: istio-token
-    projected:
-      sources:
-      - serviceAccountToken:
-          audience: istio-ca
-          expirationSeconds: 43200
-          path: istio-token
-  - configMap:
-      name: istio-ca-root-cert
-    name: istiod-ca-cert
 - op: add
   path: /spec/template/spec/securityContext
   value:
     fsGroup: 1337
+- op: add
+  path: /spec/template/spec/volumes
+  value:
+    - emptyDir:
+        medium: Memory
+      name: istio-envoy
+    - emptyDir: {}
+      name: istio-data
+    - downwardAPI:
+        items:
+          - fieldRef:
+              fieldPath: metadata.labels
+            path: labels
+          - fieldRef:
+              fieldPath: metadata.annotations
+            path: annotations
+      name: istio-podinfo
+    - name: istio-token
+      projected:
+        sources:
+          - serviceAccountToken:
+              audience: istio-ca
+              expirationSeconds: 43200
+              path: istio-token
+    - configMap:
+        name: istio-ca-root-cert
+      name: istiod-ca-cert
 - op: add
   path: /spec/template/spec/initContainers
   value:
-  - args:
-    - istio-iptables
-    - -p
-    - "15001"
-    - -z
-    - "15006"
-    - -u
-    - "1337"
-    - -m
-    - REDIRECT
-    - -i
-    - '*'
-    - -x
-    - ""
-    - -b
-    - '*'
-    - -d
-    - 15090,15021,15020
-    image: docker.io/istio/proxyv2:1.13.2
-    name: istio-init
-    resources:
-      limits:
-        cpu: "2"
-        memory: 1Gi
-      requests:
-        cpu: 10m
-        memory: 40Mi
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-        - NET_ADMIN
-        - NET_RAW
-        drop:
-        - ALL
-      privileged: false
-      readOnlyRootFilesystem: false
-      runAsGroup: 0
-      runAsNonRoot: false
-      runAsUser: 0
+    - args:
+        - istio-iptables
+        - -p
+        - "15001"
+        - -z
+        - "15006"
+        - -u
+        - "1337"
+        - -m
+        - REDIRECT
+        - -i
+        - '*'
+        - -x
+        - ""
+        - -b
+        - '*'
+        - -d
+        - 15090,15021,15020
+      image: docker.io/istio/proxyv2:1.13.3
+      name: istio-init
+      resources:
+        limits:
+          cpu: "2"
+          memory: 1Gi
+        requests:
+          cpu: 10m
+          memory: 16Mi
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          add:
+            - NET_ADMIN
+            - NET_RAW
+          drop:
+            - ALL
+        privileged: false
+        readOnlyRootFilesystem: false
+        runAsGroup: 0
+        runAsNonRoot: false
+        runAsUser: 0
 - op: replace
   path: /spec/template/spec/containers/0/resources/limits/cpu
   value: "2"
 - op: add
   path: /spec/template/spec/containers/1
   value:
     args:
-    - proxy
-    - sidecar
-    - --domain
-    - $(POD_NAMESPACE).svc.cluster.local
-    - --proxyLogLevel=warning
-    - --proxyComponentLogLevel=misc:error
-    - --log_output_level=default:info
-    - --concurrency
-    - "2"
+      - proxy
+      - sidecar
+      - --domain
+      - $(POD_NAMESPACE).svc.cluster.local
+      - --proxyLogLevel=warning
+      - --proxyComponentLogLevel=misc:error
+      - --log_output_level=default:info
+      - --concurrency
+      - "2"
     env:
-    - name: JWT_POLICY
-      value: third-party-jwt
-    - name: PILOT_CERT_PROVIDER
-      value: istiod
-    - name: CA_ADDR
-      value: istiod.istio-system.svc:15012
-    - name: POD_NAME
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.name
-    - name: POD_NAMESPACE
-      valueFrom:
-        fieldRef:
-          fieldPath: metadata.namespace
-    - name: INSTANCE_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.podIP
-    - name: SERVICE_ACCOUNT
-      valueFrom:
-        fieldRef:
-          fieldPath: spec.serviceAccountName
-    - name: HOST_IP
-      valueFrom:
-        fieldRef:
-          fieldPath: status.hostIP
-    - name: PROXY_CONFIG
-      value: |
-        {}
-    - name: ISTIO_META_POD_PORTS
-      value: |-
-        [
-            {"name":"http","containerPort":9898,"protocol":"TCP"}
-        ]
-    - name: ISTIO_META_APP_CONTAINERS
-      value: backend
-    - name: ISTIO_META_CLUSTER_ID
-      value: Kubernetes
-    - name: ISTIO_META_INTERCEPTION_MODE
-      value: REDIRECT
-    - name: ISTIO_META_WORKLOAD_NAME
-      value: backend
-    - name: ISTIO_META_OWNER
-      value: kubernetes://apis/apps/v1/namespaces/prod/deployments/backend
-    - name: ISTIO_META_MESH_ID
-      value: cluster.local
-    - name: TRUST_DOMAIN
-      value: cluster.local
-    - name: ISTIO_PROMETHEUS_ANNOTATIONS
-      value: '{"scrape":"true","path":"","port":""}'
-    image: docker.io/istio/proxyv2:1.13.2
+      - name: JWT_POLICY
+        value: third-party-jwt
+      - name: PILOT_CERT_PROVIDER
+        value: istiod
+      - name: CA_ADDR
+        value: istiod.istio-system.svc:15012
+      - name: POD_NAME
+        valueFrom:
+          fieldRef:
+            fieldPath: metadata.name
+      - name: POD_NAMESPACE
+        valueFrom:
+          fieldRef:
+            fieldPath: metadata.namespace
+      - name: INSTANCE_IP
+        valueFrom:
+          fieldRef:
+            fieldPath: status.podIP
+      - name: SERVICE_ACCOUNT
+        valueFrom:
+          fieldRef:
+            fieldPath: spec.serviceAccountName
+      - name: HOST_IP
+        valueFrom:
+          fieldRef:
+            fieldPath: status.hostIP
+      - name: PROXY_CONFIG
+        value: |
+          {}
+      - name: ISTIO_META_POD_PORTS
+        value: |-
+          [
+              {"name":"http","containerPort":9898,"protocol":"TCP"}
+          ]
+      - name: ISTIO_META_APP_CONTAINERS
+        value: backend
+      - name: ISTIO_META_CLUSTER_ID
+        value: Kubernetes
+      - name: ISTIO_META_INTERCEPTION_MODE
+        value: REDIRECT
+      - name: ISTIO_META_WORKLOAD_NAME
+        value: backend
+      - name: ISTIO_META_OWNER
+        value: kubernetes://apis/apps/v1/namespaces/prod/deployments/backend
+      - name: ISTIO_META_MESH_ID
+        value: cluster.local
+      - name: TRUST_DOMAIN
+        value: cluster.local
+      - name: ISTIO_PROMETHEUS_ANNOTATIONS
+        value: '{"scrape":"true","path":"","port":""}'
+    image: docker.io/istio/proxyv2:1.13.3
     name: istio-proxy
     ports:
-    - containerPort: 15090
-      name: http-envoy-prom
-      protocol: TCP
+      - containerPort: 15090
+        name: http-envoy-prom
+        protocol: TCP
     readinessProbe:
       failureThreshold: 30
       httpGet:
@@ -162,55 +162,55 @@
         memory: 1Gi
       requests:
         cpu: 10m
-        memory: 40Mi
+        memory: 16Mi
     securityContext:
       allowPrivilegeEscalation: false
       capabilities:
         drop:
-        - ALL
+          - ALL
       privileged: false
       readOnlyRootFilesystem: true
       runAsGroup: 1337
       runAsNonRoot: true
       runAsUser: 1337
     volumeMounts:
-    - mountPath: /var/run/secrets/istio
-      name: istiod-ca-cert
-    - mountPath: /var/lib/istio/data
-      name: istio-data
-    - mountPath: /etc/istio/proxy
-      name: istio-envoy
-    - mountPath: /var/run/secrets/tokens
-      name: istio-token
-    - mountPath: /etc/istio/pod
-      name: istio-podinfo
+      - mountPath: /var/run/secrets/istio
+        name: istiod-ca-cert
+      - mountPath: /var/lib/istio/data
+        name: istio-data
+      - mountPath: /etc/istio/proxy
+        name: istio-envoy
+      - mountPath: /var/run/secrets/tokens
+        name: istio-token
+      - mountPath: /etc/istio/pod
+        name: istio-podinfo
 - op: add
   path: /spec/template/metadata/creationTimestamp
   value: null
 - op: add
   path: /spec/template/metadata/labels/security.istio.io~1tlsMode
   value: istio
-- op: add
-  path: /spec/template/metadata/labels/service.istio.io~1canonical-revision
-  value: latest
 - op: add
   path: /spec/template/metadata/labels/service.istio.io~1canonical-name
   value: backend
 - op: add
-  path: /spec/template/metadata/annotations/sidecar.istio.io~1status
-  value: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}'
+  path: /spec/template/metadata/labels/service.istio.io~1canonical-revision
+  value: latest
 - op: add
   path: /spec/template/metadata/annotations/kubectl.kubernetes.io~1default-logs-container
   value: backend
 - op: add
-  path: /spec/template/metadata/annotations/kubectl.kubernetes.io~1default-container
-  value: backend
+  path: /spec/template/metadata/annotations/sidecar.istio.io~1status
+  value: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}'
 - op: add
   path: /spec/template/metadata/annotations/prometheus.io~1path
   value: /stats/prometheus
 - op: add
   path: /spec/template/metadata/annotations/prometheus.io~1port
   value: "15020"
+- op: add
+  path: /spec/template/metadata/annotations/kubectl.kubernetes.io~1default-container
+  value: backend
 - op: add
   path: /metadata/creationTimestamp
   value: null