nak3/istio-ci-no-mesh-operator.yaml

## istio-ci-no-mesh-operator.yaml
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      proxy:
        autoInject: disabled
      disablePolicyChecks: true
      defaultPodDisruptionBudget:
        enabled: false
      useMCP: true
      # The third-party-jwt is not enabled on all k8s.
      # See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
      jwtPolicy: first-party-jwt
    pilot:
      autoscaleMin: 3
      autoscaleMax: 10
      cpu:
        targetAverageUtilization: 60
    gateways:
      istio-ingressgateway:
        autoscaleMin: 2
        autoscaleMax: 5

  addonComponents:
    pilot:
      enabled: true
    galley:
      enabled: true
    citadel: # galley depends on citadel.
      enabled: true
    prometheus:
      enabled: false

  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
        k8s:
          resources:
            limits:
              cpu: 3000m
              memory: 2048Mi
            requests:
              cpu: 1000m
              memory: 1024Mi
          service:
            type: LoadBalancer
            ports:
            - port: 15020
              name: status-port
            - port: 80
              name: http2
            - port: 443
              name: https
          overlays:
            # Although we don't need this Gateway, we cannot remove it. Add "dummy" selector for the workaround.
            # https://github.com/istio/istio/issues/22095
            - kind: Gateway
              name: ingressgateway
              patches:
                - path: spec.selector.istio
                  value:
                    dummy
      - name: cluster-local-gateway
        enabled: true
        k8s:
          resources:
            limits:
              cpu: 3000m
              memory: 2048Mi
            requests:
              cpu: 1000m
              memory: 1024Mi
          service:
            type: ClusterIP
            ports:
            - port: 15020
              name: status-port
            - port: 80
              name: http2
            - port: 443
              name: https
          overlays:
            - kind: Service
              name: cluster-local-gateway
              patches:
                - path: spec.selector.istio
                  value:
                    cluster-local-gateway
                - path: spec.selector.app
                  value:
                    cluster-local-gateway
                - path: metadata.labels.istio
                  value:
                    cluster-local-gateway
                - path: metadata.labels.app
                  value:
                    cluster-local-gateway
            - kind: Deployment
              name: cluster-local-gateway
              patches:
                - path: metadata.labels.istio
                  value:
                    cluster-local-gateway
                - path: metadata.labels.app
                  value:
                    cluster-local-gateway
                - path: spec.selector.matchLabels.istio
                  value:
                    cluster-local-gateway
                - path: spec.selector.matchLabels.app
                  value:
                    cluster-local-gateway
                - path: spec.template.metadata.labels.istio
                  value:
                    cluster-local-gateway
                - path: spec.template.metadata.labels.app
                  value:
                    cluster-local-gateway
            # Although we don't need this Gateway, we cannot remove it. Add "dummy" selector for the workaround.
            # https://github.com/istio/istio/issues/22095
            - kind: Gateway
              name: ingressgateway
              patches:
                - path: spec.selector.istio
                  value:
                    dummy
	# Copyright 2020 The Knative Authors
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	spec:
	values:
	global:
	proxy:
	autoInject: disabled
	disablePolicyChecks: true
	defaultPodDisruptionBudget:
	enabled: false
	useMCP: true
	# The third-party-jwt is not enabled on all k8s.
	# See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
	jwtPolicy: first-party-jwt
	pilot:
	autoscaleMin: 3
	autoscaleMax: 10
	cpu:
	targetAverageUtilization: 60
	gateways:
	istio-ingressgateway:
	autoscaleMin: 2
	autoscaleMax: 5

	addonComponents:
	pilot:
	enabled: true
	galley:
	enabled: true
	citadel: # galley depends on citadel.
	enabled: true
	prometheus:
	enabled: false

	components:
	ingressGateways:
	- name: istio-ingressgateway
	enabled: true
	k8s:
	resources:
	limits:
	cpu: 3000m
	memory: 2048Mi
	requests:
	cpu: 1000m
	memory: 1024Mi
	service:
	type: LoadBalancer
	ports:
	- port: 15020
	name: status-port
	- port: 80
	name: http2
	- port: 443
	name: https
	overlays:
	# Although we don't need this Gateway, we cannot remove it. Add "dummy" selector for the workaround.
	# https://github.com/istio/istio/issues/22095
	- kind: Gateway
	name: ingressgateway
	patches:
	- path: spec.selector.istio
	value:
	dummy
	- name: cluster-local-gateway
	enabled: true
	k8s:
	resources:
	limits:
	cpu: 3000m
	memory: 2048Mi
	requests:
	cpu: 1000m
	memory: 1024Mi
	service:
	type: ClusterIP
	ports:
	- port: 15020
	name: status-port
	- port: 80
	name: http2
	- port: 443
	name: https
	overlays:
	- kind: Service
	name: cluster-local-gateway
	patches:
	- path: spec.selector.istio
	value:
	cluster-local-gateway
	- path: spec.selector.app
	value:
	cluster-local-gateway
	- path: metadata.labels.istio
	value:
	cluster-local-gateway
	- path: metadata.labels.app
	value:
	cluster-local-gateway
	- kind: Deployment
	name: cluster-local-gateway
	patches:
	- path: metadata.labels.istio
	value:
	cluster-local-gateway
	- path: metadata.labels.app
	value:
	cluster-local-gateway
	- path: spec.selector.matchLabels.istio
	value:
	cluster-local-gateway
	- path: spec.selector.matchLabels.app
	value:
	cluster-local-gateway
	- path: spec.template.metadata.labels.istio
	value:
	cluster-local-gateway
	- path: spec.template.metadata.labels.app
	value:
	cluster-local-gateway
	# Although we don't need this Gateway, we cannot remove it. Add "dummy" selector for the workaround.
	# https://github.com/istio/istio/issues/22095
	- kind: Gateway
	name: ingressgateway
	patches:
	- path: spec.selector.istio
	value:
	dummy