values.yaml

# The istio profile to use
profile: default

# The hub to use for the image (note: the image is built as ".Values.hub/<component>:.Values.tag"
hub: registry1.dso.mil/ironbank/opensource/istio

# The tag to use for the image
tag: 1.7.3

proxy:
  image: registry1.dso.mil/ironbank/opensource/istio-1.7/proxyv2-1.7:1.7.7

# The domain to use for the default gateway
domain: bigbang.dev

# Openshift feature switch toggle
openshift: false

## A little odd to have `.Values.istio` inside the `isito` chart, 
##bbut keeping it this way for consistency with other bigbang package charts.
istio:
  kiali:
    # Toggle vs creation
    enabled: true
    annotations: {}
    labels: {}
    gateways:
      - istio-system/main
    hosts:
      - kiali.{{ .Values.hostname | default .Values.domain }}
    service: kiali
    namespace: ""
    port: ""


monitoring:
  enabled: true

imagePullSecrets: [ ]

gateway:
  # Sets the default hosts to match for HTTPS using the tls mode below 
  hosts: [] # Defaults to "*.{{ .Values.domain }}"
  # Examples:
  # - *.admin.bigbang.dev
  # - myapp.bigbang.dev

# Sets the default gateway TLS mode for HTTPS
tls:
  credentialName: wildcard-cert
  mode: SIMPLE

extraServers:
  []
# Example below of complete values capable of being set
# NOTE: hosts[] is capable of dynamic templating from the .Values context
#  - port:
#      name: https-other                          # required: must not be equal to "http"
#      protocol: HTTPS
#      number: 443
#    hosts:
#      - "*.sub.{{ .Values.hostname | default .Values.domain }}"
#    tls:
#      credentialName: "another-credential"       # required
#      mode: SIMPLE

ingressGateway:
  minReplicas: 1
  maxReplicas: 5
  resources: {}
#    limits:
#      cpu: 1.5
#      memory: 3Gi
#    requests:
#      cpu: 500m
#      memory: 1Gi
  # Only "LoadBalancer" and "NodePort" are allowed
  type: LoadBalancer

  labels:
    # These are the default labels tied to the default gateway
    app: istio-ingressgateway
    istio: ingressgateway

  ports:
    # NOTE: Below are ripped directly from istio gateway helm chart defaults: https://github.com/istio/istio/blob/master/manifests/charts/gateways/istio-ingress/values.yaml
    ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces.
    # Note that AWS ELB will by default perform health checks on the first port
    # on this list. Setting this to the health check port will ensure that health
    # checks always work. https://github.com/istio/istio/issues/12503
    - port: 15021
      targetPort: 15021
      name: status-port
      protocol: TCP
    - port: 80
      targetPort: 8080
      name: http2
      protocol: TCP
    - port: 443
      targetPort: 8443
      name: https
      protocol: TCP
    - port: 15012
      targetPort: 15012
      name: tcp-istiod
      protocol: TCP
    # This is the port where sni routing happens
    - port: 15443
      targetPort: 15443
      name: tls
      protocol: TCP

  #  k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  podAnnotations: {}

  #  k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  serviceAnnotations: {}

  #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}

  #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

extraIngressGateways:
  []
# Complete example of an additional ingressgateway defined below
#  - name: private-ingressgateway
#    k8s:
#      hpaSpec:
#        minReplicas: 1
#        maxReplicas: 3
#      serviceAnnotations:
#        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
#      resources:
#        limits:
#          cpu: 1.5
#          memory: 3Gi
#        requests:
#          cpu: 500m
#          memory: 1Gi
#    labels:
#      app: private-ingressgateway

kiali:
  enabled: true

  image:
    name: kiali
    hub: registry1.dso.mil/ironbank/opensource/kiali
    tag: v1.23.0

  dashboard:
    auth:
      strategy: ""

tracing:
  enabled: false
  address: jaeger-collector.jaeger.svc
  port: 9411
  # how to access tracing for users. Provided as link in kiali
  externalAddress: https://tracing.{{ .Values.hostname | default .Values.domain }}
  # percent of traces to send to jaeger
  sampling: 10
  image:
    name: all-in-one
    hub: registry1.dso.mil/ironbank/opensource/jaegertracing
    tag: 1.19.2

sso:
  enabled: false

  namespace: istio-addons-sso
  selector:
    key: protect
    value: keycloak

cni:
  image:
    name: install-cni-1.7
    hub: registry1.dso.mil/ironbank/opensource/istio-1.7
    tag: 1.7.3