Created
July 2, 2019 13:35
-
-
Save nepomucen/a77b4aa8cb243d9c8943399c2ad0b514 to your computer and use it in GitHub Desktop.
Multiple custom Ingress Istio gateways with helm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Common settings. | |
global: | |
# Omit the istio-sidecar-injector configmap when generate a | |
# standalone gateway. Gateways may be created in namespaces other | |
# than `istio-system` and we don't want to re-create the injector | |
# configmap in those. | |
omitSidecarInjectorConfigMap: true | |
# Istio control plane namespace: This specifies where the Istio control | |
# plane was installed earlier. Modify this if you installed the control | |
# plane in a different namespace than istio-system. | |
istioNamespace: istio-system | |
proxy: | |
# Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument | |
# would be <host>:<port>). | |
# Disabled by default. | |
# The istio-statsd-prom-bridge is deprecated and should not be used moving forward. | |
envoyStatsd: | |
# If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. | |
enabled: false | |
host: # example: statsd-svc.istio-system | |
port: # example: 9125 | |
# | |
# Gateways Configuration | |
# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh. | |
# You can add more gateways in addition to the defaults but make sure those are uniquely named | |
# and that NodePorts are not conflicting. | |
# Disable specifc gateway by setting the `enabled` to false. | |
# | |
gateways: | |
enabled: true | |
custom-gateway-a: | |
enabled: true | |
namespace: a | |
labels: | |
app: custom-gateway-a | |
replicaCount: 1 | |
autoscaleMin: 1 | |
autoscaleMax: 5 | |
resources: {} | |
# limits: | |
# cpu: 100m | |
# memory: 128Mi | |
#requests: | |
# cpu: 1800m | |
# memory: 256Mi | |
cpu: | |
targetAverageUtilization: 80 | |
loadBalancerIP: "" | |
loadBalancerSourceRanges: {} | |
externalIPs: [] | |
serviceAnnotations: {} | |
podAnnotations: {} | |
type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be | |
#externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out | |
ports: | |
## You can add custom gateway ports | |
- port: 80 | |
targetPort: 80 | |
name: http2 | |
nodePort: 31381 | |
- port: 443 | |
name: https | |
nodePort: 31391 | |
- port: 31400 | |
name: tcp | |
nodePort: 31401 | |
# Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect | |
# to pilot/citadel if global.meshExpansion settings are enabled. | |
- port: 15011 | |
targetPort: 15011 | |
name: tcp-pilot-grpc-tls | |
- port: 8060 | |
targetPort: 8060 | |
name: tcp-citadel-grpc-tls | |
# Addon ports for kiali are enabled in gateway - but will only redirect if | |
# the gateway configuration for the various components are enabled. | |
- port: 15029 | |
targetPort: 15029 | |
name: http2-kiali | |
# Telemetry-related ports are enabled in gateway - but will only redirect if | |
# the gateway configuration for the various components are enabled. | |
- port: 15030 | |
targetPort: 15030 | |
name: http2-prometheus | |
- port: 15031 | |
targetPort: 15031 | |
name: http2-grafana | |
- port: 15032 | |
targetPort: 15032 | |
name: http2-tracing | |
secretVolumes: | |
- name: customgateway-certs | |
secretName: istio-customgateway-certs | |
mountPath: /etc/istio/customgateway-certs | |
- name: customgateway-ca-certs | |
secretName: istio-customgateway-ca-certs | |
mountPath: /etc/istio/customgateway-ca-certs | |
custom-gateway-b: | |
enabled: true | |
namespace: b | |
labels: | |
app: custom-gateway-b | |
replicaCount: 1 | |
autoscaleMin: 1 | |
autoscaleMax: 5 | |
resources: {} | |
# limits: | |
# cpu: 100m | |
# memory: 128Mi | |
#requests: | |
# cpu: 1800m | |
# memory: 256Mi | |
cpu: | |
targetAverageUtilization: 80 | |
loadBalancerIP: "" | |
loadBalancerSourceRanges: {} | |
externalIPs: [] | |
serviceAnnotations: {} | |
podAnnotations: {} | |
type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be | |
#externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out | |
ports: | |
## You can add custom gateway ports | |
- port: 80 | |
targetPort: 80 | |
name: http2 | |
nodePort: 31381 | |
- port: 443 | |
name: https | |
nodePort: 31391 | |
- port: 31400 | |
name: tcp | |
nodePort: 31401 | |
# Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect | |
# to pilot/citadel if global.meshExpansion settings are enabled. | |
- port: 15011 | |
targetPort: 15011 | |
name: tcp-pilot-grpc-tls | |
- port: 8060 | |
targetPort: 8060 | |
name: tcp-citadel-grpc-tls | |
# Addon ports for kiali are enabled in gateway - but will only redirect if | |
# the gateway configuration for the various components are enabled. | |
- port: 15029 | |
targetPort: 15029 | |
name: http2-kiali | |
# Telemetry-related ports are enabled in gateway - but will only redirect if | |
# the gateway configuration for the various components are enabled. | |
- port: 15030 | |
targetPort: 15030 | |
name: http2-prometheus | |
- port: 15031 | |
targetPort: 15031 | |
name: http2-grafana | |
- port: 15032 | |
targetPort: 15032 | |
name: http2-tracing | |
secretVolumes: | |
- name: customgateway-certs | |
secretName: istio-customgateway-certs | |
mountPath: /etc/istio/customgateway-certs | |
- name: customgateway-ca-certs | |
secretName: istio-customgateway-ca-certs | |
mountPath: /etc/istio/customgateway-ca-certs | |
# all other components are disabled except the gateways | |
security: | |
enabled: false | |
sidecarInjectorWebhook: | |
enabled: false | |
galley: | |
enabled: false | |
mixer: | |
policy: | |
enabled: false | |
telemetry: | |
enabled: false | |
pilot: | |
enabled: false | |
grafana: | |
enabled: false | |
prometheus: | |
enabled: false | |
servicegraph: | |
enabled: false | |
tracing: | |
enabled: false | |
kiali: | |
enabled: false | |
certmanager: | |
enabled: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment