# Make sure these values match kuberzero-istio !!!
global:
  #hub: docker.io/istio
  #tag: 1.10.2

  logAsJson: true

  priorityClassName: "system-cluster-critical"

  defaultPodDisruptionBudget:
    enabled: false

  arch:
    amd64: 2

istio-ingress:
  enabled: false

  telemetry:
    enabled: false

  gateways:
    istio-ingressgateway:
      autoscaleEnabled: false
      replicaCount: 1
      rollingMaxSurge: 1
      rollingMaxUnavailable: 0
      resources:
        requests:
          cpu: 50m
          memory: 64Mi
        limits:
          # cpu: 100m
          memory: 512Mi
      externalTrafficPolicy: Local
      podAntiAffinityLabelSelector:
      - key: app
        operator: In
        topologyKey: kubernetes.io/hostname
        values: istio-ingressgateway
      type: NodePort
      podAnnotations:
        proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }'

      # custom hardened bootstrap config
      env:
        ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
      configVolumes:
      - name: custom-bootstrap-volume
        mountPath: /etc/istio/custom-bootstrap
        configMapName: istio-gateway-bootstrap-config

      # The node selector is normally the list of nodeports, see CloudBender
      nodeSelector:
        node.kubernetes.io/ingress.public: "30080_30443"
      ports:
      - name: status-port
        port: 15021
        nodePort: 30021
        protocol: TCP
      - name: http2
        port: 80
        targetPort: 8080
        nodePort: 30080
        protocol: TCP
      - name: https
        port: 443
        targetPort: 8443
        nodePort: 30443
        protocol: TCP

  certificates:
  - name: ingress-cert
    dnsNames: []
  #  - '*.example.com'

  proxyProtocol: false

  meshConfig:
   defaultConfig:
     proxyMetadata:
       # ISTIO_META_HTTP10: 1

istio-private-ingress:
  enabled: false

  telemetry:
    enabled: false

  gateways:
    istio-ingressgateway:
      # name and labels make the ingress private 
      name: istio-private-ingressgateway
      labels:
        app: istio-private-ingressgateway
        istio: private-ingressgateway

      autoscaleEnabled: false
      replicaCount: 1
      rollingMaxSurge: 1
      rollingMaxUnavailable: 0
      resources:
        requests:
          cpu: 50m
          memory: 64Mi
        limits:
          # cpu: 100m
          memory: 512Mi
      externalTrafficPolicy: Local
      podAntiAffinityLabelSelector:
      - key: app
        operator: In
        topologyKey: kubernetes.io/hostname
        values: istio-private-ingressgateway
      type: NodePort
      podAnnotations:
        proxy.istio.io/config: '{ "terminationDrainDuration": "20s" }'

      # custom hardened bootstrap config
      env:
        ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
      configVolumes:
      - name: custom-bootstrap-volume
        mountPath: /etc/istio/custom-bootstrap
        configMapName: istio-gateway-bootstrap-config

      nodeSelector:
        node.kubernetes.io/ingress.private: "31080_31443"
        #nodeSelector: "31080_31443_31671_31672_31224"
      ports:
      - name: status-port
        port: 15021
        nodePort: 31021
        protocol: TCP
      - name: http2
        port: 80
        targetPort: 8080
        nodePort: 31080
        protocol: TCP
      - name: https
        port: 443
        targetPort: 8443
        nodePort: 31443
        protocol: TCP
      #- name: fluentd-forward
      #  port: 24224
      #  nodePort: 31224
      #- name: amqps
      #  port: 5671
      #  nodePort: 31671
      #- name: amqp
      #  port: 5672
      #  nodePort: 31672
      #- name: redis
      #  port: 6379
      #  nodePort: 31379

  certificates:
  - name: private-ingress-cert
    dnsNames: []
    #- '*.example.com'

  proxyProtocol: false

  meshConfig:
   defaultConfig:
     proxyMetadata:
       # ISTIO_META_HTTP10: 1