values.yaml

# The istio profile to use
profile: default

# The hub to use for the image (note: the image is built as ".Values.hub/<component>:.Values.tag"
hub: registry1.dso.mil/ironbank/opensource/istio
# The tag to use for the image
tag: 1.10.3

# The domain to use for the default gateway
domain: bigbang.dev

# Openshift feature switch toggle
openshift: false

imagePullSecrets: []

monitoring:
  enabled: false

# Ingress gateways
# The following items are automatically set for every ingress gateway:
# - label: "app: {name of ingress gateway}"
ingressGateways:
  istio-ingressgateway:  # This becomes the name
    enabled: true
    # Labels to use for selecting the ingress gateway from the service
    extraLabels: {} # Automatic labels: 'app: {ingress gateway name}' and `istio: ingressgateway`
    k8s: # Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
      # hpaSpec:  By default, HPA is set from 1-5 instances with a target average utilization of 80%
      resources: 
        requests:
          cpu: 120m
          memory: 128Mi
        limits:
          cpu: 120m
          memory: 128Mi
      service:
        type: "LoadBalancer" # or "NodePort"
        # ports: By default ports 15021 (status), 80, 443, and 15443 (SNI Routing) are setup
      podAnnotations:   # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
          sidecar.istio.io/proxyCPULimit: 150m
          sidecar.istio.io/proxyCPU: 150m
          sidecar.istio.io/proxyMemory: 256Mi
          sidecar.istio.io/proxyMemoryLimit: 256Mi
      
      serviceAnnotations:  # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
          sidecar.istio.io/proxyCPULimit: 150m
          sidecar.istio.io/proxyCPU: 150m
          sidecar.istio.io/proxyMemory: 256Mi
          sidecar.istio.io/proxyMemoryLimit: 256Mi
      nodeSelector: {} # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
      affinity: {} # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
      tolerations: [] # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

  # # Complete example of an additional ingressgateway defined below
  # private-ingressgateway:  # This becomes the name
  #   # Labels to use for selecting the ingress gateway from the service
  #   extraLabels: {} # Automatic labels: 'app: {ingress gateway name}'
  #   k8s: # Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
  #     # hpaSpec:  By default, HPA is set from 1-5 instances with a target average utilization of 80%
  #     resources: {}
  #       # requests:
  #       #   cpu: 500m
  #       #   memory: 1Gi
  #       # limits:
  #       #   cpu: 1.5
  #       #   memory: 3Gi
  #     service:
  #       type: "LoadBalancer" # or "NodePort"
  #       # ports: By default ports 15021 (status), 80, 443, and 15443 (SNI Routing) are setup
  #     podAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  #     serviceAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  #     nodeSelector: {} # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  #     affinity: {} # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  #     tolerations: [] # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

# See https://istio.io/latest/docs/reference/config/networking/gateway/#Gateway for spec
gateways:
  main: # This becomes the name of the gateway
    selector:
      app: "istio-ingressgateway"
    servers:  # HTTP redirect to HTTPS is automatically added
    - hosts:
      - "*.{{ .Values.domain }}"
      port:
        name: https
        number: 8443
        protocol: HTTPS
      tls:
        credentialName: "wildcard-cert"
        mode: "SIMPLE"
  # # Example of adding additional gateways
  # private:
  #   selector:
  #     app: "private-istio-ingressgateway"
  #   servers:
  #   - hosts:
  #     - "mypackage.{{ .Values.domain }}"
  #     port:
  #       name: http2
  #       number: 8443
  #       protocol: HTTPS
  #     tls:
  #       credentialName: "some-secret"
  #       mode: "SIMPLE"

# istiod / pilot configuration
istiod:
  replicaCount: 1
  resources:
    requests:
      cpu: 500m
      memory: 2Gi
    limits:
      cpu: 500m
      memory: 2Gi
  hpaSpec:
    maxReplicas: 3
    minReplicas: 1
    metrics:
      - type: Resource
        resource:
          name: cpu
          targetAverageUtilization: 60
  strategy: {}
  #  k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  podAnnotations:
    sidecar.istio.io/proxyCPULimit: 300m
    sidecar.istio.io/proxyCPU: 300m
    sidecar.istio.io/proxyMemory: 512Mi
    sidecar.istio.io/proxyMemoryLimit: 512Mi

  #  k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  serviceAnnotations: {}

  #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}

  #  k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

tracing:
  enabled: false
  address: jaeger-collector.jaeger.svc
  port: 9411
  # percent of traces to send to jaeger
  sampling: 10

cni:
  image:
    name: install-cni
    hub: registry1.dso.mil/ironbank/opensource/istio
    tag: 1.10.3
  #  k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  podAnnotations: {}
  #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}

  #  k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}
  #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

# global istiooperator values:
meshConfig: {}

values:
  global: 
    proxy:
      resources:
        requests:
          cpu: 500m
          memory: 512Mi
        limits:
          cpu: 500m
          memory: 512Mi
    proxy_init:
      resources:
        limits:
          cpu: 500m
          memory: 512Mi
        requests:
          cpu: 500m
          memory: 512Mi
networkPolicies:
  enabled: false
  # See `kubectl cluster-info` and then resolve to IP
  controlPlaneCidr: 0.0.0.0/0