values.yaml

{{- if .Values.istio.enabled }}
{{- include "values-secret" (dict "root" $ "package" .Values.istio "name" "istio" "defaults" (include "bigbang.defaults.istio" .)) }}
{{- end }}

{{- define "bigbang.defaults.istio" -}}
# hostname is deprecated and replaced with domain. But if hostname exists then use it.
{{- $domainName := default .Values.domain .Values.hostname }}
domain: {{ $domainName }}

enterprise: {{ .Values.istio.enterprise }}

{{- if or .Values.jaeger.enabled .Values.tempo.enabled }}
tracing:
{{- if .Values.jaeger.enabled }}
  enabled: {{ .Values.jaeger.enabled }}
{{- else if .Values.tempo.enabled }}
  enabled:  {{ .Values.tempo.enabled }}
  address: 'tempo-tempo.tempo.svc'
  sampling: 100
  max_path_tag_length: 99999
{{- end }}
{{- end }}

{{- if .Values.tempo.enabled }}
meshConfig:
  accessLogFormat: |
    [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% "%UPSTREAM_TRANSPORT_FAILURE_REASON%" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME% traceID=%REQ(x-b3-traceid)%
{{- end }}

imagePullSecrets:
  - private-registry

openshift: {{ .Values.openshift }}

authservice:
  enabled: {{ or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled) }}

monitoring:
  enabled: {{ .Values.monitoring.enabled }}

kiali:
  enabled: {{ .Values.kiali.enabled }}

networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}

imagePullPolicy: {{ .Values.imagePullPolicy }}

{{- if .Values.istio.ingressGateways }}
ingressGateways:
  istio-ingressgateway:
    enabled: false
{{- end }}

{{- range $name, $values := .Values.istio.ingressGateways }}
  {{ $name | nindent 2 }}:
    {{- toYaml (merge (dict "k8s" $values.kubernetesResourceSpec) (fromYaml (include "istio.ingressgateway.k8s" $values))) | nindent 4 }}
    {{- if $values.extraLabels }}
    {{- toYaml (dict "extraLabels" $values.extraLabels) | nindent 4 }}
    {{- end}}
{{- end }}

{{- if .Values.istio.gateways }}
gateways:
  main: null
{{- end }}
{{- range $name, $values := .Values.istio.gateways }}
  {{ $name | nindent 2 }}:
    selector:
      app: {{ $values.ingressGateway }}
    autoHttpRedirect:
      enabled: {{ dig "autoHttpRedirect" "enabled" "true" $values }}
    servers:
    {{- if $values.servers }}
      {{- range $index, $servervalues := $values.servers}}
    - hosts:
      {{- tpl ( $servervalues.hosts | default (list) | toYaml) $ | nindent 8 }}
      port:
      {{- if $servervalues.port }}
      {{- tpl ( $servervalues.port | default (dict) | toYaml) $ | nindent 8 }}
      {{- else }}
        name: https
        number: 8443
        protocol: HTTPS
      {{- end }}
      tls:
        credentialName: {{ $index }}-{{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $servervalues }}
      {{- end }}
    {{- else if ($values.ports) }}
    {{- range $values.ports }}
    - hosts:
      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
      port:
      {{- tpl ( . | default (list) | toYaml) $ | nindent 8 }}
      tls:
        credentialName: {{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
    {{- end }}
    {{- else }}
    - hosts:
      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
      port:
        name: https
        number: 8443
        protocol: HTTPS
      tls:
        credentialName: {{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
    {{- end }}
    {{- end }}

{{- end }}

{{- define "istio.ingressgateway.k8s" -}}
k8s:
  service:
    type: {{ .type }}
    {{- if .nodePortBase }}
    ports: # Pulled from Istio gateway defaults (https://github.com/istio/istio/blob/master/manifests/charts/gateways/istio-ingress/values.yaml)
    # Ports default to "protocol: TCP" and "targetPort = port"
    # AWS ELB will by default perform health checks on the first port on this list. https://github.com/istio/istio/issues/12503
    - port: 15021
      name: status-port
      nodePort: {{ add .nodePortBase 0 }}
    - port: 80
      targetPort: 8080
      name: http2
      nodePort: {{ add .nodePortBase 1 }}
    - port: 443
      targetPort: 8443
      name: https
      nodePort: {{ add .nodePortBase 2 }}
    # SNI Routing port
    - port: 15443
      name: tls
      nodePort: {{ add .nodePortBase 3 }}
    {{- end }}
{{- end }}