102 lines
2.6 KiB
YAML
102 lines
2.6 KiB
YAML
{{- define "istio-private-ingress-values" }}
|
|
|
|
gateway:
|
|
name: istio-private-ingressgateway
|
|
|
|
{{- if ne .Values.global.platform "gke" }}
|
|
priorityClassName: "system-cluster-critical"
|
|
{{- end }}
|
|
|
|
{{- with index .Values "istio-private-ingress" "gateway" "replicaCount" }}
|
|
replicaCount: {{ . }}
|
|
{{- if gt (int .) 1 }}
|
|
podDisruptionBudget:
|
|
minAvailable: 1
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
# Only nodes who are fronted with matching LB
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node.kubernetes.io/ingress.private
|
|
operator: Exists
|
|
{{- end }}
|
|
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: topology.kubernetes.io/zone
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
app: istio-private-ingressgateway
|
|
istio: private-ingressgateway
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
app: istio-private-ingressgateway
|
|
istio: private-ingressgateway
|
|
|
|
service:
|
|
ports:
|
|
- name: status-port
|
|
port: 15021
|
|
nodePort: 31021
|
|
noGateway: true
|
|
- name: http2
|
|
port: 80
|
|
targetPort: 8080
|
|
nodePort: 31080
|
|
gatewayProtocol: HTTP2
|
|
tls:
|
|
httpsRedirect: true
|
|
- name: https
|
|
port: 443
|
|
targetPort: 8443
|
|
nodePort: 31443
|
|
gatewayProtocol: HTTPS
|
|
tls:
|
|
mode: SIMPLE
|
|
{{- with index .Values "istio-private-ingress" "gateway" "service" "ports" }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
|
|
# custom hardened bootstrap config
|
|
env:
|
|
ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
|
|
volumes:
|
|
- name: custom-bootstrap-volume
|
|
configMap:
|
|
name: private-ingressgateway-bootstrap-config
|
|
volumeMounts:
|
|
- mountPath: /etc/istio/custom-bootstrap
|
|
name: custom-bootstrap-volume
|
|
readOnly: true
|
|
|
|
telemetry:
|
|
enabled: {{ $.Values.metrics.enabled }}
|
|
certificates:
|
|
{{- range $cert := index .Values "istio-private-ingress" "certificates" }}
|
|
- name: {{ $cert.name }}
|
|
dnsNames:
|
|
{{- toYaml $cert.dnsNames | nindent 4 }}
|
|
{{- end }}
|
|
proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProtocol") }}
|
|
{{- with (index .Values "istio-private-ingress" "hardening") }}
|
|
hardening:
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
|
|
{{- define "istio-private-ingress-argo" }}
|
|
{{- end }}
|
|
|
|
{{ include "kubezero-app.app" . }}
|