| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: istiod |
| namespace: istio-system |
| labels: |
| istio.io/rev: default |
| app: istiod |
| istio: pilot |
| release: istio |
| spec: |
| ports: |
| - port: 15010 |
| name: grpc-xds # plaintext |
| - port: 15012 |
| name: https-dns # mTLS with k8s-signed cert |
| - port: 443 |
| name: https-webhook # validation and injection |
| targetPort: 15017 |
| - port: 15014 |
| name: http-monitoring # prometheus stats |
| - name: dns |
| port: 53 |
| targetPort: 15053 |
| protocol: UDP |
| - name: dns-tls |
| port: 853 |
| targetPort: 15053 |
| protocol: TCP |
| selector: |
| app: istiod |
| # Label used by the 'default' service. For versioned deployments we match with app and version. |
| # This avoids default deployment picking the canary |
| istio: pilot |