# The istio profile to use profile: default # The hub to use for the image (note: the image is built as ".Values.hub/:.Values.tag" hub: registry1.dso.mil/ironbank/opensource/istio # The tag to use for the image tag: 1.11.1 # The domain to use for the default gateway domain: bigbang.dev # Openshift feature switch toggle openshift: false imagePullSecrets: [] monitoring: enabled: false # Ingress gateways # The following items are automatically set for every ingress gateway: # - label: "app: {name of ingress gateway}" ingressGateways: istio-ingressgateway: # This becomes the name enabled: true # Labels to use for selecting the ingress gateway from the service extraLabels: {} # Automatic labels: 'app: {ingress gateway name}' and `istio: ingressgateway` k8s: # Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec # hpaSpec: By default, HPA is set from 1-5 instances with a target average utilization of 80% resources: {} # requests: # cpu: 500m # memory: 1Gi # limits: # cpu: 1.5 # memory: 3Gi service: type: "LoadBalancer" # or "NodePort" # ports: By default ports 15021 (status), 80, 443, and 15443 (SNI Routing) are setup podAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ serviceAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ nodeSelector: {} # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector affinity: {} # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity tolerations: [] # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # # Complete example of an additional ingressgateway defined below # private-ingressgateway: # This becomes the name # # Labels to use for selecting the ingress gateway from the service # extraLabels: {} # Automatic labels: 'app: {ingress gateway name}' # k8s: # Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec # # hpaSpec: By default, HPA is set from 1-5 instances with a target average utilization of 80% # resources: {} # # requests: # # cpu: 500m # # memory: 1Gi # # limits: # # cpu: 1.5 # # memory: 3Gi # service: # type: "LoadBalancer" # or "NodePort" # # ports: By default ports 15021 (status), 80, 443, and 15443 (SNI Routing) are setup # podAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ # serviceAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ # nodeSelector: {} # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # affinity: {} # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity # tolerations: [] # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # See https://istio.io/latest/docs/reference/config/networking/gateway/#Gateway for spec gateways: main: # This becomes the name of the gateway selector: app: "istio-ingressgateway" servers: # HTTP redirect to HTTPS is automatically added - hosts: - "*.{{ .Values.domain }}" port: name: https number: 8443 protocol: HTTPS tls: credentialName: "wildcard-cert" mode: "SIMPLE" # # Example of adding additional gateways # private: # selector: # app: "private-istio-ingressgateway" # servers: # - hosts: # - "mypackage.{{ .Values.domain }}" # port: # name: http2 # number: 8443 # protocol: HTTPS # tls: # credentialName: "some-secret" # mode: "SIMPLE" # istiod / pilot configuration istiod: replicaCount: 1 resources: requests: cpu: 500m memory: 2Gi limits: cpu: 500m memory: 2Gi hpaSpec: maxReplicas: 3 minReplicas: 1 metrics: - type: Resource resource: name: cpu targetAverageUtilization: 60 strategy: {} # k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ serviceAnnotations: {} # k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} # k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} # k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] tracing: enabled: false address: jaeger-collector.jaeger.svc port: 9411 # percent of traces to send to jaeger sampling: 10 cni: image: name: install-cni hub: registry1.dso.mil/ironbank/opensource/istio tag: 1.11.1 # k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} # k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} # k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # global istiooperator values: meshConfig: {} values: global: {} networkPolicies: enabled: false # See `kubectl cluster-info` and then resolve to IP controlPlaneCidr: 0.0.0.0/0