apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: name: kubezero-istio namespace: istio-system labels: {{ include "kubezero-lib.labels" . | indent 4 }} spec: profile: empty components: ingressGateways: - enabled: true k8s: replicaCount: {{ .Values.ingress.replicaCount }} {{- if .Values.ingress.autoscaleEnabled }} hpaSpec: maxReplicas: 5 metrics: - resource: name: cpu targetAverageUtilization: 80 type: Resource minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: istio-ingressgateway {{- end }} env: {{- if .Values.ingress.http10 }} - name: ISTIO_META_HTTP10 value: '"1"' {{- end }} # https://github.com/istio/istio/issues/26524, not in 1.7 ! #- name: TERMINATION_DRAIN_DURATION_SECONDS # value: "60" #- name: ISTIO_META_IDLE_TIMEOUT # value: "3600s" {{- if eq .Values.ingress.type "NodePort" }} nodeSelector: node.kubernetes.io/ingress.public: "30080_30443" {{- end }} resources: limits: #cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 64Mi strategy: rollingUpdate: maxSurge: 100% maxUnavailable: 25% overlays: - apiVersion: apps/v1 kind: Deployment name: istio-ingressgateway patches: - path: spec.template.spec.containers.[name:istio-proxy].lifecycle value: {"preStop": {"exec": {"command": ["sh", "-c", "curl -X POST http://localhost:15000/healthcheck/fail && sleep 30"]}}} - path: spec.template.spec.terminationGracePeriodSeconds value: 90 name: istio-ingressgateway pilot: enabled: true k8s: replicaCount: {{ .Values.istiod.replicaCount }} nodeSelector: node-role.kubernetes.io/master: "" tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master resources: requests: cpu: 100m memory: 128Mi env: - name: PILOT_ENABLE_MYSQL_FILTER value: "true" - name: PILOT_ENABLE_REDIS_FILTER value: "true" - name: PILOT_HTTP10 value: "true" policy: enabled: true k8s: replicaCount: {{ .Values.istiod.replicaCount }} nodeSelector: node-role.kubernetes.io/master: "" tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master telemetry: enabled: false meshConfig: accessLogFile: /dev/stdout accessLogEncoding: 'JSON' h2UpgradePolicy: 'DO_NOT_UPGRADE' tcpKeepalive: interval: 30s time: 60s values: gateways: istio-ingressgateway: autoscaleEnabled: {{ .Values.ingress.autoscaleEnabled }} externalTrafficPolicy: Local labels: app: istio-ingressgateway istio: ingressgateway meshExpansionPorts: [] podAntiAffinityLabelSelector: - key: app operator: In topologyKey: kubernetes.io/hostname values: istio-ingressgateway type: {{ default "NodePort" .Values.ingress.type }} ports: - name: http-status port: 15021 {{- if eq .Values.ingress.type "NodePort" }} nodePort: 30021 {{- end }} - name: http2 port: 80 targetPort: 8080 {{- if eq .Values.ingress.type "NodePort" }} nodePort: 30080 {{- end }} - name: https port: 443 targetPort: 8443 {{- if eq .Values.ingress.type "NodePort" }} nodePort: 30443 {{- end }} global: jwtPolicy: first-party-jwt logAsJson: true defaultPodDisruptionBudget: enabled: false pilot: autoscaleEnabled: false mixer: policy: autoscaleEnabled: false