# The istio profile to use profile: default # The hub to use for the image (note: the image is built as ".Values.hub/:.Values.tag" hub: registry1.dso.mil/ironbank/opensource/istio-1.8 # The tag to use for the image tag: 1.8.4 tracing: enabled: true address: jaeger-collector.jaeger.svc port: 9411 sampling: 10 # The domain to use for the default gateway domain: bigbang.dev # Openshift feature switch toggle openshift: false monitoring: enabled: true imagePullSecrets: [ ] gateway: # Sets the default hosts to match for HTTPS using the tls mode below hosts: [] # Defaults to "*.{{ .Values.domain }}" # Examples: # - *.admin.bigbang.dev # - myapp.bigbang.dev # Sets the default gateway TLS mode for HTTPS tls: credentialName: wildcard-cert mode: SIMPLE extraServers: [] # Example below of complete values capable of being set # NOTE: hosts[] is capable of dynamic templating from the .Values context # - port: # name: https-other # required: must not be equal to "http" # protocol: HTTPS # number: 443 # hosts: # - "*.sub.{{ .Values.hostname | default .Values.domain }}" # tls: # credentialName: "another-credential" # required # mode: SIMPLE # istiod / pilot configuration istiod: replicaCount: 1 resources: requests: cpu: 500m memory: 2Gi limits: cpu: 500m memory: 2Gi hpaSpec: maxReplicas: 3 minReplicas: 1 metrics: - type: Resource resource: name: cpu targetAverageUtilization: 60 strategy: {} # k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ serviceAnnotations: {} # k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} # k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} # k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ingressGateway: minReplicas: 1 maxReplicas: 5 scaleMetrics: - type: Resource resource: name: cpu targetAverageUtilization: 60 resources: {} # limits: # cpu: 1.5 # memory: 3Gi # requests: # cpu: 500m # memory: 1Gi # Only "LoadBalancer" and "NodePort" are allowed type: LoadBalancer labels: # These are the default labels tied to the default gateway app: istio-ingressgateway istio: ingressgateway ports: # NOTE: Below are ripped directly from istio gateway helm chart defaults: https://github.com/istio/istio/blob/master/manifests/charts/gateways/istio-ingress/values.yaml ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. # Note that AWS ELB will by default perform health checks on the first port # on this list. Setting this to the health check port will ensure that health # checks always work. https://github.com/istio/istio/issues/12503 - port: 15021 targetPort: 15021 name: status-port protocol: TCP - port: 80 targetPort: 8080 name: http2 protocol: TCP - port: 443 targetPort: 8443 name: https protocol: TCP - port: 15012 targetPort: 15012 name: tcp-istiod protocol: TCP # This is the port where sni routing happens - port: 15443 targetPort: 15443 name: tls protocol: TCP # k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ serviceAnnotations: {} # k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} # k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} # k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] extraIngressGateways: [] # Complete example of an additional ingressgateway defined below # - name: private-ingressgateway # k8s: # hpaSpec: # minReplicas: 1 # maxReplicas: 3 # serviceAnnotations: # service.beta.kubernetes.io/aws-load-balancer-internal: "true # metrics: # - type: Resource # resource: # name: cpu # targetAverageUtilization: 80 # resources: # limits: # cpu: 1.5 # memory: 3Gi # requests: # cpu: 500m # memory: 1Gi # labels: # app: private-ingressgateway kiali: enabled: true image: name: kiali hub: registry1.dso.mil/ironbank/opensource/kiali tag: v1.23.0 dashboard: auth: strategy: "" tracing: enabled: false address: jaeger-collector.jaeger.svc port: 9411 # how to access tracing for users. Provided as link in kiali externalAddress: https://tracing.{{ .Values.hostname | default .Values.domain }} # percent of traces to send to jaeger sampling: 10 image: name: all-in-one hub: registry1.dso.mil/ironbank/opensource/jaegertracing tag: 1.19.2 sso: enabled: false namespace: istio-addons-sso selector: key: protect value: keycloak cni: image: name: install-cni-1.8 hub: registry1.dsop.io/ironbank/opensource/istio-1.8 tag: 1.8.4 # k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} # k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} # k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # global istiooperator values: meshConfig: {} values: global: {}