KubeZero/charts/kubezero-istio-ingress/values.yaml

204 lines
5.1 KiB
YAML
Raw Normal View History

2020-11-24 14:44:57 +00:00
# Make sure these values match kuberzero-istio !!!
global:
2021-02-25 23:24:12 +00:00
#hub: docker.io/istio
#tag: 1.11.0
2020-11-24 14:44:57 +00:00
logAsJson: true
priorityClassName: "system-cluster-critical"
defaultPodDisruptionBudget:
enabled: false
2020-11-28 23:01:20 +00:00
arch:
amd64: 2
2020-11-24 14:44:57 +00:00
istio-ingress:
enabled: false
telemetry:
enabled: false
2020-11-24 14:44:57 +00:00
gateways:
istio-ingressgateway:
autoscaleEnabled: false
replicaCount: 1
rollingMaxSurge: 1
rollingMaxUnavailable: 0
2020-11-24 14:44:57 +00:00
resources:
requests:
cpu: 50m
2020-11-24 14:44:57 +00:00
memory: 64Mi
limits:
# cpu: 100m
memory: 512Mi
2020-11-24 14:44:57 +00:00
externalTrafficPolicy: Local
podAntiAffinityLabelSelector:
- key: app
operator: In
topologyKey: kubernetes.io/hostname
values: istio-ingressgateway
type: NodePort
podAnnotations:
proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }'
# custom hardened bootstrap config
env:
ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
configVolumes:
- name: custom-bootstrap-volume
mountPath: /etc/istio/custom-bootstrap
configMapName: istio-gateway-bootstrap-config
# Unfortunately the upstream chart makes this complicated as they abuse the nodeSelector, see zdt.patch
2020-11-24 14:44:57 +00:00
nodeSelector:
node.kubernetes.io/ingress.public: "Exists"
# Only nodes who are fronted with matching NLB
#affintiy:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: node.kubernetes.io/ingress.public
# operator: Exists
# Map port 80/443 to 8080/8443 so we don't need to root
# ports is extended as follows:
# noGateway: true -> this port does NOT get mapped to a Gateway port
# tls: optional gateway port setting
# gatewayProtocol: Loadbalancer protocol which is NOT the same as Container Procotol !
2020-11-24 14:44:57 +00:00
ports:
2021-02-25 23:24:12 +00:00
- name: status-port
2020-11-24 14:44:57 +00:00
port: 15021
nodePort: 30021
noGateway: true
2020-11-24 14:44:57 +00:00
- name: http2
port: 80
targetPort: 8080
nodePort: 30080
gatewayProtocol: HTTP2
tls:
httpsRedirect: true
2020-11-24 14:44:57 +00:00
- name: https
port: 443
targetPort: 8443
nodePort: 30443
gatewayProtocol: HTTPS
tls:
mode: SIMPLE
certificates:
- name: ingress-cert
dnsNames: []
# - '*.example.com'
proxyProtocol: true
2020-11-24 14:44:57 +00:00
meshConfig:
defaultConfig:
proxyMetadata:
# ISTIO_META_HTTP10: 1
2020-11-24 14:44:57 +00:00
istio-private-ingress:
enabled: false
telemetry:
enabled: false
2020-11-24 14:44:57 +00:00
gateways:
istio-ingressgateway:
# name and labels make the ingress private
name: istio-private-ingressgateway
labels:
app: istio-private-ingressgateway
istio: private-ingressgateway
autoscaleEnabled: false
replicaCount: 1
rollingMaxSurge: 1
rollingMaxUnavailable: 0
2020-11-24 14:44:57 +00:00
resources:
requests:
cpu: 50m
2020-11-24 14:44:57 +00:00
memory: 64Mi
limits:
# cpu: 100m
memory: 512Mi
2020-11-24 14:44:57 +00:00
externalTrafficPolicy: Local
podAntiAffinityLabelSelector:
- key: app
operator: In
topologyKey: kubernetes.io/hostname
values: istio-private-ingressgateway
type: NodePort
podAnnotations:
proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }'
# custom hardened bootstrap config
env:
ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
configVolumes:
- name: custom-bootstrap-volume
mountPath: /etc/istio/custom-bootstrap
configMapName: istio-gateway-bootstrap-config
# Unfortunately the upstream chart makes this complicated as they abuse the nodeSelector, see zdt.patch
2020-11-24 14:44:57 +00:00
nodeSelector:
node.kubernetes.io/ingress.private: "Exists"
# Only nodes who are fronted with matching NLB
#affintiy:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: node.kubernetes.io/ingress.private
# operator: Exists
2020-11-24 14:44:57 +00:00
ports:
2021-02-25 23:24:12 +00:00
- name: status-port
2020-11-24 14:44:57 +00:00
port: 15021
nodePort: 31021
noGateway: true
2020-11-24 14:44:57 +00:00
- name: http2
port: 80
targetPort: 8080
nodePort: 31080
gatewayProtocol: HTTP2
tls:
httpsRedirect: true
2020-11-24 14:44:57 +00:00
- name: https
port: 443
targetPort: 8443
nodePort: 31443
gatewayProtocol: HTTPS
tls:
mode: SIMPLE
2020-11-24 14:44:57 +00:00
#- name: fluentd-forward
# port: 24224
# nodePort: 31224
# gatewayProtocol: TLS
# tls:
# mode: SIMPLE
2020-11-24 14:44:57 +00:00
#- name: amqps
# port: 5671
# nodePort: 31671
#- name: amqp
# port: 5672
# nodePort: 31672
#- name: redis
# port: 6379
# nodePort: 31379
certificates:
- name: private-ingress-cert
dnsNames: []
#- '*.example.com'
proxyProtocol: true
2020-11-24 14:44:57 +00:00
meshConfig:
defaultConfig:
proxyMetadata:
# ISTIO_META_HTTP10: 1