23 镜像仓库和k8环境 一篇就够
Harbor
<u>http://harbor.bicisims.com/harbor/projects</u>
admin/Harbor12345
kubesphere
<u>http://121.36.161.70:30880/</u>
xunxingzhe/Admin123
1.工作负载
①discover
kind: Deployment
apiVersion: apps/v1
metadata:
name: discover
namespace: pgxt-test
labels:
io.kompose.service: discover
annotations:
deployment.kubernetes.io/revision: '5'
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/creator: admin
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: discover
template:
metadata:
creationTimestamp: null
labels:
io.kompose.network/energy: 'true'
io.kompose.service: discover
annotations:
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/restartedAt: '2022-05-20T08:46:16.819Z'
spec:
containers:
- name: discover
image: 'harbor.bicisims.com/pgxt-test/pgxtmes-component-discover:latest'
ports:
- containerPort: 31001
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
②gateway
kind: Deployment
apiVersion: apps/v1
metadata:
name: gateway
namespace: pgxt-test
labels:
io.kompose.service: gateway
annotations:
deployment.kubernetes.io/revision: '11'
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/creator: admin
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: gateway
template:
metadata:
creationTimestamp: null
labels:
io.kompose.network/energy: 'true'
io.kompose.service: gateway
annotations:
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/restartedAt: '2022-05-20T08:56:06.051Z'
spec:
containers:
- name: gateway
image: 'harbor.bicisims.com/pgxt-test/pgxtmes-component-gateway:latest'
ports:
- containerPort: 31099
protocol: TCP
env:
- name: COMPONENT_DISCOVER_URL
value: 'http://discover.pgxt-test:31001/eureka/'
- name: EUREKA_INSTANCE_IP_ADDRESS
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
③system-consumer
kind: Deployment
apiVersion: apps/v1
metadata:
name: system-consumer
namespace: pgxt-test
labels:
io.kompose.service: system-consumer
annotations:
deployment.kubernetes.io/revision: '7'
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/creator: admin
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: system-consumer
template:
metadata:
creationTimestamp: null
labels:
io.kompose.network/energy: 'true'
io.kompose.service: system-consumer
annotations:
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/restartedAt: '2022-05-20T09:30:55.232Z'
spec:
containers:
- name: system-consumer
image: 'harbor.bicisims.com/pgxt-test/pgxtmes-consumer-system:latest'
ports:
- containerPort: 32202
protocol: TCP
env:
- name: COMPONENT_DISCOVER_URL
value: 'http://discover.pgxt-test:31001/eureka/'
- name: EUREKA_INSTANCE_IP_ADDRESS
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
④system-provider
kind: Deployment
apiVersion: apps/v1
metadata:
name: stock-provider
namespace: pgxt-test
labels:
io.kompose.service: stock-provider
annotations:
deployment.kubernetes.io/revision: '1'
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/creator: admin
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: stock-provider
template:
metadata:
creationTimestamp: null
labels:
io.kompose.network/energy: 'true'
io.kompose.service: stock-provider
annotations:
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/restartedAt: '2022-05-20T09:47:32.928Z'
spec:
containers:
- name: stock-provider
image: 'harbor.bicisims.com/pgxt-test/pgxtmes-provider-stock:latest'
ports:
- containerPort: 31205
protocol: TCP
env:
- name: COMPONENT_DISCOVER_URL
value: 'http://discover.pgxt-test:31001/eureka/'
- name: EUREKA_INSTANCE_IP_ADDRESS
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harbor
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
⑤Nginx-web
kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx-web
namespace: pgxt-test
labels:
io.kompose.service: nginx-web
annotations:
deployment.kubernetes.io/revision: '10'
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"kompose.cmd":"kompose
convert","kompose.version":"1.26.0
(40646f47)"},"creationTimestamp":null,"labels":{"io.kompose.service":"nginx-web"},"name":"nginx-web","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"io.kompose.service":"nginx-web"}},"strategy":{"type":"Recreate"},"template":{"metadata":{"annotations":{"kompose.cmd":"kompose
convert","kompose.version":"1.26.0
(40646f47)"},"creationTimestamp":null,"labels":{"io.kompose.network/dp":"true","io.kompose.service":"nginx-web"}},"spec":{"containers":[{"image":"nginx:latest","name":"nginx-web","ports":[{"containerPort":80,"name":"java"},{"containerPort":81,"name":"static"}],"resources":{},"volumeMounts":[{"mountPath":"/etc/localtime","name":"timezone","readOnly":true},{"mountPath":"/etc/nginx/nginx.conf","name":"nginx-config","readOnly":true,"subPath":"nginx.conf"},{"mountPath":"/var/log/nginx","name":"nginx-web-log"},{"mountPath":"/opt/dist","name":"nginx-web-dist1","readOnly":true},{"mountPath":"/usr/share/nginx/html","name":"nginx-web-dist"}]}],"volumes":[{"hostPath":{"path":"/usr/share/zoneinfo/Asia/Shanghai"},"name":"timezone"},{"configMap":{"items":[{"key":"nginx.conf","path":"nginx.conf"}],"name":"nginx-config"},"name":"nginx-config"},{"name":"nginx-web-log","nfs":{"path":"/data/nginx-web/log","server":"192.168.0.190"}},{"name":"nginx-web-dist","nfs":{"path":"/data/nginx-web/dist","server":"192.168.0.190"}},{"name":"nginx-web-dist1","nfs":{"path":"/data/nginx-web/build","server":"192.168.0.190"}}]}}}}
kubesphere.io/creator: admin
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nginx-web
template:
metadata:
creationTimestamp: null
labels:
io.kompose.network/nginx: 'true'
io.kompose.service: nginx-web
annotations:
kompose.cmd: kompose convert
kompose.version: 1.26.0 (40646f47)
kubesphere.io/restartedAt: '2022-05-20T09:21:04.979Z'
spec:
volumes:
- name: timezone
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
type: ''
- name: nginx-config
configMap:
name: nginx-config
items:
- key: nginx.conf
path: nginx.conf
defaultMode: 420
- name: nginx-web-build
nfs:
server: 192.168.0.190
path: /data/nginx-web/pgxt/build
containers:
- name: nginx-web
image: 'nginx:latest'
ports:
- name: server
containerPort: 80
protocol: TCP
resources: {}
volumeMounts:
- name: timezone
readOnly: true
mountPath: /etc/localtime
- name: nginx-config
readOnly: true
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: nginx-web-build
mountPath: /usr/share/nginx/build/html
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
strategy:
type: Recreate
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
2.服务
①discover
kind: Service
apiVersion: v1
metadata:
name: discover
namespace: pgxt-test
labels:
app: discover
annotations:
kubesphere.io/creator: admin
spec:
ports:
- name: discover
protocol: TCP
port: 31001
targetPort: 31001
nodePort: 30621
selector:
io.kompose.network/energy: 'true'
io.kompose.service: discover
clusterIP: 10.96.7.13
clusterIPs:
- 10.96.7.13
type: NodePort
sessionAffinity: None
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
②Nginx-web
kind: Service
apiVersion: v1
metadata:
name: nginx-web
namespace: pgxt-test
labels:
app: nginx-web
annotations:
kubesphere.io/creator: admin
spec:
ports:
- name: http-web
protocol: TCP
port: 80
targetPort: 80
nodePort: 30480
selector:
io.kompose.network/nginx: 'true'
io.kompose.service: nginx-web
clusterIP: 10.96.244.71
clusterIPs:
- 10.96.244.71
type: NodePort
sessionAffinity: None
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
③gateway
kind: Service
apiVersion: v1
metadata:
name: gateway
namespace: pgxt-test
labels:
app: gateway
annotations:
kubesphere.io/creator: admin
spec:
ports:
- name: gateway
protocol: TCP
port: 31099
targetPort: 31099
selector:
io.kompose.service: gateway
clusterIP: 10.96.212.251
clusterIPs:
- 10.96.212.251
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
3 应用路由
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: pgxtmes
namespace: pgxt-test
annotations:
kubesphere.io/creator: admin
spec:
ingressClassName: nginx
rules:
- host: pgxtmes.bicitech.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-web
port:
number: 80
4 保密字典
①harbor
kind: Secret
apiVersion: v1
metadata:
name: harbor
namespace: pgxt-test
annotations:
kubesphere.io/creator: admin
secret.kubesphere.io/force-insecure: 'true'
data:
.dockerconfigjson: >-
eyJhdXRocyI6eyJodHRwOi8vaGFyYm9yLmJpY2lzaW1zLmNvbSI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJIYXJib3IxMjM0NSIsImVtYWlsIjoiIiwiYXV0aCI6IllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSJ9fX0=
type: kubernetes.io/dockerconfigjson
②default-token-g4mxn
kind: Secret
apiVersion: v1
metadata:
name: default-token-g4mxn
namespace: pgxt-test
annotations:
kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: 69c66e88-9aea-49a7-8a11-7a6b2c319629
data:
ca.crt: >-
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1ETXhPREF4TlRZeE5Wb1hEVE15TURNeE5UQXhOVFl4TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlp4Ck9VcHVuMEtNRTlrSkV1K3MrbUVlZkl4K2E2bW96cGdyMDJYclJLdTIzWUdJQVB1dGwrTnpjc2pacDZtRHZMZXYKK2FTOHFaMENFVFdYdC96bk5FclViVEEwbEtaV0ZrQmRtNFZUNStHdzR1YzNGbG1VbVRIRnJlNkMvWXJZSXNrZgphWkU3M1FyZDV3cnZUZS9Mcm9obUlZMGpjZGtudHJxSW9YK2Racm1TV3VJWlNvOHVNVkVKYlpjQXVHSTgxUmdjCkZtWlgwaVk2b1VXbDJpN00xRXZlVjFHY0p5L3JiNXFMcFZHMjNSTkFpcVpBYVlSQ21ZUjdSQ3EvTElSck9ra24KejREMXl5OXRZZm9wV1hxRG1oR3VKeXdhRU1CRnVyV3J3VGlITjkwdmdCSjJaQW1FRHNSNllTZk5UZmJ4L3QyUwpoWFhFaC9QQXJNWDBKV3EyVVBjQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFbkVnUEJBZThVTVNoOSt3VUZmK3pMSkNZTE5NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRnNLdVh6Z0gwaVFoQVdrWHlyRApPRmYvdWc4NEZ5OU0xMGtmdXFFdTJvSkx2NUpreDVxQzgzQjduR1lYSTVQdnowM0tEUXdMeW9SOHI2b1Z5Y2Q0CmpGdnpqQjZsZEx6UTlsOGdNTk5rbmhhenJUNFBydzBoaXFwMlQ4aG0wWC91blNUVkZ6ZkxDcDhncUJ1VlBTTkoKc2tPM0Rka2lMTHc0YldMQ1draXFSUzBneXdGbmpFV3Voakw5R0NDWTBoUFMrSnBBVnFLT3R5YXZDemlhbHA0VgpMUFNEZWZtMi84bXkrV2ZuM3JtZGxSbC9sc29wMElRVzNiL3o5dWhYSVJ2RmpIZWhrZ2NxcGE1ZUtWR2JlUHAzCjByR1RSQU44QTd3bFU0bXFjRk5qckNvMlU3ZnZPSm1PZVRCclcrdmFSQ1ZLM1JLTHRrUGJscXlLZnoxR1pja0IKa1pNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
namespace: cGd4dC10ZXN0
token: >-
ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkluVkNSbFJpY1c1U1VIVlRkRE00UlhGNldXRlZaV00zTlhJMU9VcFRPVlF6WVdad2N6Z3haV3M1ZW1NaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUp3WjNoMExYUmxjM1FpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pWkdWbVlYVnNkQzEwYjJ0bGJpMW5ORzE0YmlJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKa1pXWmhkV3gwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWRXbGtJam9pTmpsak5qWmxPRGd0T1dGbFlTMDBPV0UzTFRoaE1URXROMkUyWWpKak16RTVOakk1SWl3aWMzVmlJam9pYzNsemRHVnRPbk5sY25acFkyVmhZMk52ZFc1ME9uQm5lSFF0ZEdWemREcGtaV1poZFd4MEluMC5OaVd1YTJic21nZ3dQaElWc3p4UURmTEMtVFlOMXZVMDJiZjF1aEJZbWlUcVJuYnM1RWpiMk9MaWFOdzdHSVZDdTlLSDl6SjFDQWZOb3Via05ZaF9RNTJ0YmU4b1pKRHZnNXk1T1h4UXZjcXhuRnVtX19ZYU1MdFZsdS1MempGQzhpbVFNZFdDUUlMeF9vOElac1NOY0I2R1RsaktYcEZuUnMtZnRXN1dJOVFMbWR0RDQzMWtzNkd1aHdOQ25KTUx6dlRVNFVWcmplYnRMTEg4d3RONmZObnJzVndvMXI0MWhFMklfb3RrRFhpN2ota3hMV21rNmdGb0tqSTJ5eUdpRkprN0lxdlo0WVpnNU80WFlWaHdFejZ0TTgyc3Z1aU1zNkxDdWVDRHBIWmNtNVl4aUR1VkhtUy1SUXg1MFd3NHFJdVk0bEk5VzNJb0hBSzVQM1NFZ3c=
type: kubernetes.io/service-account-token
5 配置字段
①nginx-config
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config
namespace: pgxt-test
annotations:
kubesphere.io/creator: admin
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
upstream gateway-service{
server gateway:31099;
}
server {
listen 80;
location / {
root /usr/share/nginx/build/html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
index index.html;
try_files $uri $uri/ /index.html;
}
# 静态资源
location ~ .*\.(gif|jpg|jpeg|png|flac|mp3|mkv|apk)$ {
root /usr/share/nginx/build/html;
}
location /api {
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gateway-service/api;
client_max_body_size 20m;
}
}
}
②kube-root-ca.crt
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-root-ca.crt
namespace: pgxt-test
annotations:
kubernetes.io/description: >-
Contains a CA bundle that can be used to verify the kube-apiserver when
using internal endpoints such as the internal service IP or
kubernetes.default.svc. No other usage is guaranteed across distributions
of Kubernetes clusters.
data:
ca.crt: |
-----BEGIN CERTIFICATE-----
MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTIyMDMxODAxNTYxNVoXDTMyMDMxNTAxNTYxNVowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZx
OUpun0KME9kJEu+s+mEefIx+a6mozpgr02XrRKu23YGIAPutl+NzcsjZp6mDvLev
+aS8qZ0CETWXt/znNErUbTA0lKZWFkBdm4VT5+Gw4uc3FlmUmTHFre6C/YrYIskf
aZE73Qrd5wrvTe/LrohmIY0jcdkntrqIoX+dZrmSWuIZSo8uMVEJbZcAuGI81Rgc
FmZX0iY6oUWl2i7M1EveV1GcJy/rb5qLpVG23RNAiqZAaYRCmYR7RCq/LIRrOkkn
z4D1yy9tYfopWXqDmhGuJywaEMBFurWrwTiHN90vgBJ2ZAmEDsR6YSfNTfbx/t2S
hXXEh/PArMX0JWq2UPcCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFEnEgPBAe8UMSh9+wUFf+zLJCYLNMBUGA1UdEQQO
MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBAFsKuXzgH0iQhAWkXyrD
OFf/ug84Fy9M10kfuqEu2oJLv5Jkx5qC83B7nGYXI5Pvz03KDQwLyoR8r6oVycd4
jFvzjB6ldLzQ9l8gMNNknhazrT4Prw0hiqp2T8hm0X/unSTVFzfLCp8gqBuVPSNJ
skO3DdkiLLw4bWLCWkiqRS0gywFnjEWuhjL9GCCY0hPS+JpAVqKOtyavCzialp4V
LPSDefm2/8my+Wfn3rmdlRl/lsop0IQW3b/z9uhXIRvFjHehkgcqpa5eKVGbePp3
0rGTRAN8A7wlU4mqcFNjrCo2U7fvOJmOeTBrW+vaRCVK3RKLtkPblqyKfz1GZckB
kZM=
-----END CERTIFICATE-----
③istio-ca-root-cert
kind: ConfigMap
apiVersion: v1
metadata:
name: istio-ca-root-cert
namespace: pgxt-test
labels:
istio.io/config: 'true'
data:
root-cert.pem: |
-----BEGIN CERTIFICATE-----
MIIC/TCCAeWgAwIBAgIRAKxlx4L9cVO+D1y3AlPLcygwDQYJKoZIhvcNAQELBQAw
GDEWMBQGA1UEChMNY2x1c3Rlci5sb2NhbDAeFw0yMjAzMjMwMjIxMDdaFw0zMjAz
MjAwMjIxMDdaMBgxFjAUBgNVBAoTDWNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCZcjOqmmO1Yal3uaLs3qdAVXCn18GeuzE7cn0d
4eDQI5iiasYRqNsZblsAgFYiSkeBpHFO4Y3//ELvoxAyI4wutuW4mZGpL22ulH3x
i5IqNztQWHbEkLxw3vYVmVN4nGliSzd263QVU8FV+8XMqPOWqKcwUfdeIKo7RAgQ
/0tYWJKdWi4FcrKY0fWBJn1UngxJwTe+FIrBpETvTykSxSsI76sxL6zQ9V8quEDp
rrbu5QOFAf+lGD/b+MD8Cq/lI+H/6RAB93NOtQeXCZEyQblJy1MnFDDFQ9yxnZhX
CwRl/jfghRGvp/Yltn68KSXnmC6+/faQZT+gPZGJ7NTIYhnlAgMBAAGjQjBAMA4G
A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSVqiJ5b94M
vDpLHmiJ3Ign9Vai8DANBgkqhkiG9w0BAQsFAAOCAQEAW4691l4hdC21ViO35a0H
EoL0DwpNO8IKoFS2JTFwm6jOEaDPo+6c9C2fVWtRBfxv0xNPmzFcv28RvhnRHHsw
nflaUAY5VO+A0QW1dGGDKR0z/IBJ8TMX6VaQM9CCXc/Wx8eU5IIbCbdqJCS4CEm3
706c4tYIV5UE21FBvS2EZsLZ1JfyxWuZl9ZR5r1RJ5tpeQhD2mYwJV6SWCh4RcQe
tI9DJMrmeZV9L4Y+cdYQNqd1xFymPjqfnXJNtj72fP3NYGl0c3ggbUpu2pRVef/z
vU8D++0gvBFfAzfocd115dyxsUdabcQhOWQAfx9trJHpcnCllg74N3nvRNkE1x2+
eA==
-----END CERTIFICATE-----