Created
June 5, 2020 14:15
-
-
Save emedina/22288e6ec948b34781b2ed843d7ed28b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: install.istio.io/v1alpha1 | |
kind: IstioOperator | |
metadata: | |
namespace: istio-system | |
name: istiocontrolplane | |
# https://istio.io/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec | |
spec: | |
# see profiles on https://istio.io/docs/setup/additional-setup/config-profiles/ | |
profile: demo | |
tag: 1.5.2 | |
hub: docker.io/istio | |
namespace: istio-system | |
# Make sure no sidecar is ever injected for CronJobs for PostgreSQL backups. | |
# Use it as a placeholder for other workloads requiring this behaviour. | |
components: | |
sidecarInjector: | |
spec: | |
neverInjectSelector: | |
matchExpressions: | |
- {key: application, operator: In, values: [spilo-logical-backup]} | |
# https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig | |
# meshConfig: | |
# disablePolicyChecks: true | |
# connectTimeout: 10s | |
# enableTracing: true | |
# enableEnvoyAccessLogService: true | |
# outboundTrafficPolicy: | |
# mode: ALLOW_ANY | |
# enableAutoMtls: false | |
# Used for customized values not belonging to the official Istio. | |
unvalidatedValues: | |
k8s: | |
host: {{ .Values.k8s.host }} | |
vault: | |
host: {{ .Values.vault.address }} | |
values: | |
# https://istio.io/docs/reference/config/installation-options/#global-options | |
global: | |
sds: | |
enabled: true | |
# https://istio.io/docs/reference/config/installation-options/#kiali-options | |
kiali: | |
enabled: true | |
tag: v1.18.1 | |
createDemoSecret: true | |
contextPath: /kiali | |
dashboard: | |
auth: | |
strategy: login # Can be anonymous, login, or openshift | |
secretName: kiali # You must create a secret with this name - one is not provided out-of-box. | |
grafanaURL: 'https://{{ .Values.k8s.host }}/istio/grafana' | |
jaegerURL: 'https://tracing.{{ .Values.k8s.host }}' | |
viewOnlyMode: false # Bind the service account to a role with only read access | |
# prometheusAddr: http://prometheus-server.monitoring:80 | |
# https://istio.io/docs/reference/config/installation-options/#grafana-options | |
grafana: | |
enabled: true | |
env: | |
GF_SERVER_ROOT_URL: 'https://{{ .Values.k8s.host }}/istio/grafana' | |
# This requires a Secret in place. | |
security: | |
enabled: true | |
secretName: grafana | |
usernameKey: username | |
passphraseKey: passphrase | |
# https://istio.io/docs/reference/config/installation-options/#prometheus-options | |
prometheus: | |
enabled: true | |
retention: 6h | |
scrapeInterval: 15s | |
security: | |
enabled: true | |
# https://istio.io/docs/reference/config/installation-options/#tracing-options | |
tracing: | |
enabled: true | |
jaeger: | |
resources: | |
requests: | |
cpu: 256m | |
memory: 512m | |
ephemeral-storage: 1Mi | |
# https://istio.io/docs/reference/config/installation-options/#gateways-options | |
gateways: | |
enabled: true | |
istio-ingressgateway: | |
enabled: true | |
autoscaleEnabled: true | |
autoscaleMin: 3 | |
resources: | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
limits: | |
cpu: 2000m | |
memory: 4096Mi | |
type: NodePort | |
ports: | |
## You can add custom gateway ports | |
# Note that AWS ELB will by default perform health checks on the first port | |
# on this list. Setting this to the health check port will ensure that health | |
# checks always work. https://github.com/istio/istio/issues/12503 | |
- port: 15020 | |
targetPort: 15020 | |
name: status-port | |
- port: 80 | |
targetPort: 80 | |
name: http2 | |
nodePort: 30500 | |
- port: 443 | |
targetPort: 443 | |
name: https2 | |
nodePort: 31381 | |
- port: 444 | |
targetPort: 444 | |
name: https | |
nodePort: 31380 | |
- name: tls | |
port: 15443 | |
targetPort: 15443 | |
sds: | |
enabled: true | |
istio-egressgateway: | |
enabled: true | |
# https://istio.io/docs/reference/config/installation-options/#pilot-options | |
pilot: | |
autoscaleEnabled: true | |
autoscaleMin: 3 | |
traceSampling: 100.0 | |
# This makes liveness check work even when mTLS is enabled. | |
sidecarInjectorWebhook: | |
rewriteAppHTTPProbe: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment