apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: name: istiocontrolplane namespace: {{ .Release.Namespace }} spec: profile: {{ .Values.profile }} hub: {{ .Values.hub }} tag: {{ .Values.tag }} components: pilot: k8s: {{- if and .Values.istiod.hpaSpec.maxReplicas .Values.istiod.hpaSpec.minReplicas }} hpaSpec: maxReplicas: {{ .Values.istiod.hpaSpec.maxReplicas }} minReplicas: {{ .Values.istiod.hpaSpec.minReplicas }} scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: istiod metrics: {{- toYaml .Values.istiod.hpaSpec.metrics | nindent 12 }} {{- end }} replicaCount: {{ .Values.istiod.replicaCount }} resources: {{- toYaml .Values.istiod.resources | nindent 10 }} strategy: {{- toYaml .Values.istiod.strategy | nindent 10 }} serviceAnnotations: {{- .Values.istiod.serviceAnnotations | default (dict) | toYaml | nindent 10 }} podAnnotations: {{- .Values.istiod.podAnnotations | default (dict) | toYaml | nindent 10 }} nodeSelector: {{- .Values.istiod.nodeSelector | default (dict) | toYaml | nindent 10 }} affinity: {{- .Values.istiod.affinity | default (dict) | toYaml | nindent 10 }} tolerations: {{- .Values.istiod.tolerations | default (list) | toYaml | nindent 10 }} {{- if .Values.openshift }} {{- with .Values.cni }} cni: enabled: true namespace: kube-system k8s: podAnnotations: {{- .podAnnotations | default (dict) | toYaml | nindent 10 }} nodeSelector: {{- .nodeSelector | default (dict) | toYaml | nindent 10 }} tolerations: {{- .tolerations | default (list) | toYaml | nindent 10 }} affinity: {{- .affinity | default (dict) | toYaml | nindent 10 }} {{- end }} {{- end }} ingressGateways: - name: istio-ingressgateway namespace: {{ .Release.Namespace }} enabled: true label: {{- toYaml .Values.ingressGateway.labels | default (dict) | nindent 10 }} k8s: service: type: {{ .Values.ingressGateway.type }} ports: {{- range $k, $v := .Values.ingressGateway.ports }} {{- /* Input validation */}} {{- if not $v.name }} {{- fail "missing field 'name' in ports object" }} {{- else if not $v.port }} {{- fail "missing field 'port' in ports object" }} {{- else if eq $.Values.ingressGateway.type "NodePort" }} {{- if not $v.nodePort }} {{- fail "'nodePort' must be defined when type is NodePort" }} {{- else if or (lt (int $v.nodePort) 30000) (gt (int $v.nodePort) 32767) }} {{- fail "nodePort value outside of acceptable range (30000-32767)" }} {{- end }} {{- end }} {{- /* Actual port object rendering */}} - {{- range $pk, $pv := $v }} {{ $pk }}: {{ $pv }} {{- end }} {{- end }} hpaSpec: minReplicas: {{ .Values.ingressGateway.minReplicas }} maxReplicas: {{ .Values.ingressGateway.maxReplicas }} metrics: {{- toYaml .Values.ingressGateway.scaleMetrics | nindent 12 }} scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: istio-ingressgateway strategy: rollingUpdate: maxSurge: 100% maxUnavailable: 25% resources: {{- toYaml .Values.ingressGateway.resources | indent 12 }} serviceAnnotations: {{- .Values.ingressGateway.serviceAnnotations | default (dict) | toYaml | nindent 12 }} podAnnotations: {{- .Values.ingressGateway.podAnnotations | default (dict) | toYaml | nindent 12 }} nodeSelector: {{- .Values.ingressGateway.nodeSelector | default (dict) | toYaml | nindent 12 }} affinity: {{- .Values.ingressGateway.affinity | default (dict) | toYaml | nindent 12 }} tolerations: {{- .Values.ingressGateway.tolerations | default (list) | toYaml | nindent 12 }} {{- range $i := .Values.extraIngressGateways }} - name: {{ $i.name }} namespace: {{ $.Release.Namespace }} enabled: true label: {{- toYaml $i.labels | default (dict) | nindent 10 }} k8s: service: type: {{ $i.type }} ports: {{- range $k, $v := $i.ports }} {{- /* Input validation */}} {{- if not $v.name }} {{- fail "missing field 'name' in ports object" }} {{- else if not $v.port }} {{- fail "missing field 'port' in ports object" }} {{- else if eq $i.type "NodePort" }} {{- if not $v.nodePort }} {{- fail "'nodePort' must be defined when type is NodePort" }} {{- else if or (lt (int $v.nodePort) 30000) (gt (int $v.nodePort) 32767) }} {{- fail "nodePort value outside of acceptable range (30000-32767)" }} {{- end }} {{- end }} {{- /* Actual port object rendering */}} - {{- range $pk, $pv := $v }} {{ $pk }}: {{ $pv }} {{- end }} {{- end }} {{- if $i.k8s.hpaSpec }} hpaSpec: minReplicas: {{ $i.k8s.hpaSpec.minReplicas }} maxReplicas: {{ $i.k8s.hpaSpec.maxReplicas }} metrics: {{ if $i.k8s.hpaSpec.metrics }} {{- toYaml $i.k8s.hpaSpec.metrics | indent 12 }} {{ else }} {{- /* default metrics, backwards compatible */}} - type: Resource resource: name: cpu targetAverageUtilization: 60 {{- end }} scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: {{ $i.name }} {{- end }} strategy: rollingUpdate: maxSurge: 100% maxUnavailable: 25% resources: {{- toYaml .k8s.resources | nindent 12 }} serviceAnnotations: {{- .k8s.serviceAnnotations | default (dict) | toYaml | nindent 12 }} podAnnotations: {{- .k8s.podAnnotations | default (dict) | toYaml | nindent 12 }} nodeSelector: {{- .k8s.nodeSelector | default (dict) | toYaml | nindent 12 }} affinity: {{- .k8s.affinity | default (dict) | toYaml | nindent 12 }} tolerations: {{- .k8s.tolerations | default (list) | toYaml | nindent 12 }} {{- end }} meshConfig: accessLogFile: /dev/stdout enableTracing: {{ .Values.tracing.enabled }} defaultConfig: tracing: sampling: {{ .Values.tracing.sampling }} zipkinAddress: {{ .Values.tracing.address }}:{{.Values.tracing.port}} {{- if .Values.meshConfig }} {{- toYaml .Values.meshConfig | nindent 4 }} {{- end }} values: {{- if .Values.openshift }} cni: repair: enabled: false image: {{ .Values.cni.image.name }} hub: {{ .Values.cni.image.hub }} tag: {{ .Values.cni.image.tag }} cniBinDir: {{ .Values.cni.binDir | default "/var/lib/cni/bin" }} cniConfDir: {{ .Values.cni.confDir | default "/etc/cni/multus/net.d" }} chained: false cniConfFileName: {{ .Values.cni.confFileName | default "istio-cni.conf" }} excludeNamespaces: - istio-system - kube-system logLevel: {{ .Values.cni.logLevel | default "info" }} {{- end }} global: {{- if .Values.imagePullPolicy }} imagePullPolicy: {{ .Values.imagePullPolicy }} {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.tracing.enabled }} tracer: zipkin: address: {{ .Values.tracing.address }}:{{.Values.tracing.port}} {{ end }} {{- if .Values.values.global }} {{- toYaml .Values.values.global | nindent 6 }} {{- end }} sidecarInjectorWebhook: rewriteAppHTTPProbe: true {{- if .Values.openshift }} injectedAnnotations: k8s.v1.cni.cncf.io/networks: istio-cni {{- end }} neverInjectSelector: - matchExpressions: - key: app.kubernetes.io/component operator: In values: [fluentd-configcheck]