values.yaml

# The istio profile to use
profile: default

# The hub to use for the image (note: the image is built as ".Values.hub/<component>:.Values.tag"
hub: registry1.dso.mil/ironbank/opensource/istio-1.8
# The tag to use for the image
tag: 1.8.4

# The domain to use for the default gateway
domain: bigbang.dev

# Openshift feature switch toggle
openshift: false

monitoring:
  enabled: true

imagePullSecrets: []

gateway:
  # Sets the default hosts to match for HTTPS using the tls mode below
  hosts: [] # Defaults to "*.{{ .Values.domain }}"
  # Examples:
  # - *.admin.bigbang.dev
  # - myapp.bigbang.dev

# Sets the default gateway TLS mode for HTTPS
tls:
  credentialName: wildcard-cert
  mode: SIMPLE

extraServers: []
# Example below of complete values capable of being set
# NOTE: hosts[] is capable of dynamic templating from the .Values context
#  - port:
#      name: https-other                          # required: must not be equal to "http"
#      protocol: HTTPS
#      number: 443
#    hosts:
#      - "*.sub.{{ .Values.hostname | default .Values.domain }}"
#    tls:
#      credentialName: "another-credential"       # required
#      mode: SIMPLE

# istiod / pilot configuration
istiod:
  replicaCount: 1
  resources:
    requests:
      cpu: 500m
      memory: 2Gi
    limits:
      cpu: 500m
      memory: 2Gi
  hpaSpec:
    maxReplicas: 3
    minReplicas: 1
    metrics:
      - type: Resource
        resource:
          name: cpu
          targetAverageUtilization: 60
  strategy: {}
  #  k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  podAnnotations: {}

  #  k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  serviceAnnotations: {}

  #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}

  #  k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

ingressGateway:
  minReplicas: 1
  maxReplicas: 5
  scaleMetrics:
    - type: Resource
      resource:
        name: cpu
        targetAverageUtilization: 60
  resources: {}
  #    limits:
  #      cpu: 1.5
  #      memory: 3Gi
  #    requests:
  #      cpu: 500m
  #      memory: 1Gi
  # Only "LoadBalancer" and "NodePort" are allowed
  type: LoadBalancer

  labels:
    # These are the default labels tied to the default gateway
    app: istio-ingressgateway
    istio: ingressgateway

  ports:
    # NOTE: Below are ripped directly from istio gateway helm chart defaults: https://github.com/istio/istio/blob/master/manifests/charts/gateways/istio-ingress/values.yaml
    ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces.
    # Note that AWS ELB will by default perform health checks on the first port
    # on this list. Setting this to the health check port will ensure that health
    # checks always work. https://github.com/istio/istio/issues/12503
    - port: 15021
      targetPort: 15021
      name: status-port
      protocol: TCP
    - port: 80
      targetPort: 8080
      name: http2
      protocol: TCP
    - port: 443
      targetPort: 8443
      name: https
      protocol: TCP
    - port: 15012
      targetPort: 15012
      name: tcp-istiod
      protocol: TCP
    # This is the port where sni routing happens
    - port: 15443
      targetPort: 15443
      name: tls
      protocol: TCP

  #  k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  podAnnotations: {}

  #  k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  serviceAnnotations: {}

  #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}

  #  k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

extraIngressGateways: []
# Complete example of an additional ingressgateway defined below
#  - name: private-ingressgateway
#    k8s:
#      hpaSpec:
#        minReplicas: 1
#        maxReplicas: 3
#      serviceAnnotations:
#        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
#       metrics:
#         - type: Resource
#           resource:
#             name: cpu
#            targetAverageUtilization: 80
#      resources:
#        limits:
#          cpu: 1.5
#          memory: 3Gi
#        requests:
#          cpu: 500m
#          memory: 1Gi
#    labels:
#      app: private-ingressgateway

kiali:
  enabled: true

  image:
    name: kiali
    hub: registry1.dso.mil/ironbank/opensource/kiali
    tag: v1.23.0

  dashboard:
    auth:
      strategy: ""

tracing:
  enabled: false
  address: jaeger-collector.jaeger.svc
  port: 9411
  # how to access tracing for users. Provided as link in kiali
  externalAddress: https://tracing.{{ .Values.hostname | default .Values.domain }}
  # percent of traces to send to jaeger
  sampling: 10
  image:
    name: all-in-one
    hub: registry1.dso.mil/ironbank/opensource/jaegertracing
    tag: 1.19.2

sso:
  enabled: false

  namespace: istio-addons-sso
  selector:
    key: protect
    value: keycloak

cni:
  image:
    name: install-cni-1.8
    hub: registry1.dso.mil/ironbank/opensource/istio-1.8
    tag: 1.8.4
  #  k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  podAnnotations: {}
  #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: {}
  #  k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}
  #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

# global istiooperator values:
meshConfig: {}

values:
  global: {}

networkPolicies:
  enabled: false
  controlPlaneCidr: 0.0.0.0/0