controlplane.yaml

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istiocontrolplane
  namespace: {{ .Release.Namespace }}
spec:
  profile: {{ .Values.profile }}
  hub: {{ .Values.hub }}
  tag: {{ .Values.tag }}

  components:
    pilot:
      k8s:
{{- if and .Values.istiod.hpaSpec.maxReplicas .Values.istiod.hpaSpec.minReplicas }}
        hpaSpec:
          maxReplicas: {{ .Values.istiod.hpaSpec.maxReplicas }}
          minReplicas: {{ .Values.istiod.hpaSpec.minReplicas }}
          scaleTargetRef:
            apiVersion: apps/v1
            kind: Deployment
            name: istiod
          metrics:
            {{- toYaml .Values.istiod.hpaSpec.metrics | nindent 12 }}
{{- end }}
        replicaCount: {{ .Values.istiod.replicaCount }}
        resources:
          {{- toYaml .Values.istiod.resources | nindent 10 }}
        strategy:
          {{- toYaml .Values.istiod.strategy | nindent 10 }}
        serviceAnnotations:
          {{- .Values.istiod.serviceAnnotations | default (dict) | toYaml | nindent 10 }}
        podAnnotations:
          {{- .Values.istiod.podAnnotations | default (dict) | toYaml | nindent 10 }}
        nodeSelector:
          {{- .Values.istiod.nodeSelector | default (dict) | toYaml | nindent 10 }}
        affinity:
          {{- .Values.istiod.affinity | default (dict) | toYaml | nindent 10 }}
        tolerations:
          {{- .Values.istiod.tolerations | default (list) | toYaml | nindent 10 }}
    {{- if .Values.openshift }}
    {{- with .Values.cni }}
    cni:
      enabled: true
      namespace: kube-system
      k8s:
        podAnnotations:
          {{- .podAnnotations | default (dict) | toYaml | nindent 10 }}
        nodeSelector:
          {{- .nodeSelector | default (dict) | toYaml | nindent 10 }}
        tolerations:
          {{- .tolerations | default (list) | toYaml | nindent 10 }}
        affinity:
          {{- .affinity | default (dict) | toYaml | nindent 10 }}
    {{- end }}
    {{- end }}
    ingressGateways:
    {{- if .Values.ingressgateway }}
    {{- required "`ingressgateway` value has been deprecated.  Please use the new format in the `ingressGateways` value." "" }}
    {{- end }}
    {{- range $name, $values := .Values.ingressGateways }}
    - name: {{ $name }}
      namespace: {{ $.Release.Namespace }}
      enabled: {{ if eq (toString $values.enabled) "<nil>" }}true{{ else }}{{ $values.enabled }}{{ end }}
      label:
        app: {{ $name }}
        istio: ingressgateway
        {{- if $values.extraLabels }}
          {{- toYaml $values.extraLabels | nindent 8 }}
        {{- end }}
      k8s:
        {{- toYaml $values.k8s | nindent 8 }}
    {{- end }}

  meshConfig:
    accessLogFile: /dev/stdout
    enableTracing: {{ .Values.tracing.enabled }}
    defaultConfig:
      tracing:
        sampling: {{ .Values.tracing.sampling }}
      zipkinAddress: {{ .Values.tracing.address }}:{{.Values.tracing.port}}
    {{- if .Values.meshConfig }}
    {{- toYaml .Values.meshConfig | nindent 4 }}
    {{- end }}

  values:
    {{- if .Values.openshift }}
    cni:
      repair:
        enabled: false
      image: {{ .Values.cni.image.name }}
      hub: {{ .Values.cni.image.hub }}
      tag: {{ .Values.cni.image.tag }}
      cniBinDir: {{ .Values.cni.binDir | default "/var/lib/cni/bin" }}
      cniConfDir: {{ .Values.cni.confDir | default "/etc/cni/multus/net.d" }}
      chained: false
      cniConfFileName: {{ .Values.cni.confFileName | default "istio-cni.conf" }}
      excludeNamespaces:
       - istio-system
       - kube-system
      logLevel: {{ .Values.cni.logLevel | default "info" }}
    {{- end }}
    global:
      {{- if .Values.imagePullPolicy }}
      imagePullPolicy: {{ .Values.imagePullPolicy }}
      {{- end }}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.tracing.enabled }}
      tracer:
        zipkin:
          address: {{ .Values.tracing.address }}:{{.Values.tracing.port}}
      {{ end }}
      {{- if .Values.values.global }}
      {{- toYaml .Values.values.global | nindent 6 }}
      {{- end }}
    sidecarInjectorWebhook:
      rewriteAppHTTPProbe: true
      {{- if .Values.openshift }}
      injectedAnnotations:
        k8s.v1.cni.cncf.io/networks: istio-cni
      {{- end }}

      neverInjectSelector:
        - matchExpressions:
            - key: app.kubernetes.io/component
              operator: In
              values: [fluentd-configcheck]