KubeZero/charts/kubezero/templates/istio-ingress.yaml

107 lines
2.6 KiB
YAML
Raw Permalink Normal View History

{{- define "istio-ingress-values" }}
gateway:
name: istio-ingressgateway
{{- if ne .Values.global.platform "gke" }}
priorityClassName: "system-cluster-critical"
{{- end }}
2022-04-22 11:38:12 +00:00
{{- with index .Values "istio-ingress" "gateway" "replicaCount" }}
replicaCount: {{ . }}
2023-08-22 12:48:33 +00:00
{{- if gt (int .) 1 }}
podDisruptionBudget:
minAvailable: 1
{{- end }}
2022-04-22 11:38:12 +00:00
{{- end }}
{{- if eq .Values.global.platform "aws" }}
2022-04-22 11:38:12 +00:00
# Only nodes who are fronted with matching LB
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node.kubernetes.io/ingress.public
operator: Exists
2022-04-22 11:38:12 +00:00
{{- end }}
2022-12-13 12:13:33 +00:00
topologySpreadConstraints:
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: istio-ingressgateway
istio: ingressgateway
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: istio-ingressgateway
istio: ingressgateway
service:
2022-04-22 11:38:12 +00:00
{{- with index .Values "istio-ingress" "gateway" "service" "type" }}
type: {{ . }}
{{- end }}
ports:
- name: status-port
port: 15021
nodePort: 30021
noGateway: true
- name: http2
port: 80
targetPort: 8080
nodePort: 30080
gatewayProtocol: HTTP2
tls:
httpsRedirect: true
- name: https
port: 443
targetPort: 8443
nodePort: 30443
gatewayProtocol: HTTPS
tls:
mode: SIMPLE
2022-04-22 11:38:12 +00:00
{{- with index .Values "istio-ingress" "gateway" "service" "ports" }}
{{- toYaml . | nindent 4 }}
{{- end }}
# custom hardened bootstrap config
env:
ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
volumes:
- name: custom-bootstrap-volume
configMap:
name: ingressgateway-bootstrap-config
volumeMounts:
- mountPath: /etc/istio/custom-bootstrap
name: custom-bootstrap-volume
readOnly: true
telemetry:
enabled: {{ $.Values.metrics.enabled }}
{{- with index .Values "istio-ingress" "certificates" }}
certificates:
{{- range $cert := . }}
- name: {{ $cert.name }}
dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
{{- end }}
proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }}
{{- with (index .Values "istio-ingress" "hardening") }}
hardening:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- define "istio-ingress-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}