KubeZero/charts/kubezero-istio/templates/istio-private-ingress.yaml

114 lines
3.2 KiB
YAML
Raw Normal View History

{{- if .Values.ingress.private.enabled }}
2020-07-21 17:30:21 +00:00
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: kubezero-istio-private-ingress
namespace: istio-system
2020-08-06 17:43:59 +00:00
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
2020-07-21 17:30:21 +00:00
spec:
profile: empty
components:
ingressGateways:
- name: istio-private-ingressgateway
enabled: true
namespace: istio-system
k8s:
2020-07-21 23:08:19 +00:00
replicaCount: {{ .Values.ingress.replicaCount }}
{{- if .Values.ingress.autoscaleEnabled }}
2020-07-21 17:30:21 +00:00
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-private-ingressgateway
2020-07-21 23:08:19 +00:00
{{- end }}
env:
- name: ISTIO_META_HTTP10
value: '"1"'
- name: ISTIO_META_ROUTER_MODE
value: standard
{{- if eq .Values.ingress.type "NodePort" }}
2020-07-21 17:30:21 +00:00
nodeSelector:
node.kubernetes.io/ingress.private: {{ .Values.ingress.private.nodeSelector }}
{{- end }}
2020-07-21 17:30:21 +00:00
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
values:
gateways:
istio-ingressgateway:
2020-07-21 23:08:19 +00:00
autoscaleEnabled: {{ .Values.ingress.autoscaleEnabled }}
2020-07-21 17:30:21 +00:00
externalTrafficPolicy: Local
labels:
app: istio-private-ingressgateway
istio: private-ingressgateway
meshExpansionPorts: []
podAntiAffinityLabelSelector:
- key: app
operator: In
topologyKey: kubernetes.io/hostname
2020-07-21 23:11:38 +00:00
values: istio-private-ingressgateway
type: {{ default "NodePort" .Values.ingress.type }}
2020-07-21 17:30:21 +00:00
ports:
- name: http2
port: 80
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 31080
{{- end }}
2020-07-21 17:30:21 +00:00
- name: https
port: 443
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 31443
{{- end }}
2020-07-21 17:30:21 +00:00
- name: amqp
port: 5672
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30672
{{- end }}
2020-07-21 17:30:21 +00:00
- name: amqps
port: 5671
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30671
{{- end }}
2020-07-21 17:30:21 +00:00
- name: fluentd-forward
port: 24224
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 31224
{{- end }}
2020-07-21 17:30:21 +00:00
sds:
enabled: true
image: node-agent-k8s
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
secretVolumes:
- mountPath: /etc/istio/ingressgateway-certs
name: ingressgateway-certs
secretName: istio-ingressgateway-certs
- mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs
secretName: istio-ingressgateway-ca-certs
global:
jwtPolicy: first-party-jwt
{{- end }}