KubeZero/charts/kubezero/templates/istio-private-ingress.yaml

94 lines
2.4 KiB
YAML
Raw Normal View History

{{- define "istio-private-ingress-values" }}
gateway:
name: istio-private-ingressgateway
{{- with index .Values "istio-private-ingress" "gateway" "replicaCount" }}
replicaCount: {{ . }}
2023-08-22 12:48:33 +00:00
{{- if gt (int .) 1 }}
podDisruptionBudget:
minAvailable: 1
{{- end }}
{{- end }}
2022-04-22 11:38:12 +00:00
{{- if not (index .Values "istio-private-ingress" "gateway" "affinity") }}
# Only nodes who are fronted with matching LB
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node.kubernetes.io/ingress.private
operator: Exists
2022-04-22 11:38:12 +00:00
{{- end }}
2022-12-13 12:13:33 +00:00
topologySpreadConstraints:
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: istio-private-ingressgateway
istio: private-ingressgateway
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: istio-private-ingressgateway
istio: private-ingressgateway
service:
ports:
- name: status-port
port: 15021
nodePort: 31021
noGateway: true
- name: http2
port: 80
targetPort: 8080
nodePort: 31080
gatewayProtocol: HTTP2
tls:
httpsRedirect: true
- name: https
port: 443
targetPort: 8443
nodePort: 31443
gatewayProtocol: HTTPS
tls:
mode: SIMPLE
{{- with index .Values "istio-private-ingress" "gateway" "service" "ports" }}
{{- toYaml . | nindent 4 }}
{{- end }}
# custom hardened bootstrap config
env:
ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
volumes:
- name: custom-bootstrap-volume
configMap:
name: private-ingressgateway-bootstrap-config
volumeMounts:
- mountPath: /etc/istio/custom-bootstrap
name: custom-bootstrap-volume
readOnly: true
telemetry:
enabled: {{ $.Values.metrics.enabled }}
certificates:
{{- range $cert := index .Values "istio-private-ingress" "certificates" }}
- name: {{ $cert.name }}
dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProtocol") }}
{{- end }}
{{- define "istio-private-ingress-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}