-
Notifications
You must be signed in to change notification settings - Fork 7.6k
/
values-istio-gateways.yaml
141 lines (124 loc) · 3.76 KB
/
values-istio-gateways.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Common settings.
global:
# Omit the istio-sidecar-injector configmap when generate a
# standalone gateway. Gateways may be created in namespaces other
# than `istio-system` and we don't want to re-create the injector
# configmap in those.
omitSidecarInjectorConfigMap: true
# Istio control plane namespace: This specifies where the Istio control
# plane was installed earlier. Modify this if you installed the control
# plane in a different namespace than istio-system.
istioNamespace: istio-system
proxy:
# Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument
# would be <host>:<port>).
# Disabled by default.
# The istio-statsd-prom-bridge is deprecated and should not be used moving forward.
envoyStatsd:
# If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector.
enabled: false
host: # example: statsd-svc.istio-system
port: # example: 9125
#
# Gateways Configuration
# By default (if enabled) a pair of Ingress and Egress Gateways will be created for the mesh.
# You can add more gateways in addition to the defaults but make sure those are uniquely named
# and that NodePorts are not conflicting.
# Disable specifc gateway by setting the `enabled` to false.
#
gateways:
enabled: true
custom-gateway:
enabled: true
labels:
app: custom-gateway
replicaCount: 1
autoscaleMin: 1
autoscaleMax: 5
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
#requests:
# cpu: 1800m
# memory: 256Mi
cpu:
targetAverageUtilization: 80
loadBalancerIP: ""
loadBalancerSourceRanges: {}
externalIPs: []
serviceAnnotations: {}
podAnnotations: {}
type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
#externalTrafficPolicy: Local #change to Local to preserve source IP or Cluster for default behaviour or leave commented out
ports:
## You can add custom gateway ports
- port: 80
targetPort: 80
name: http2
# nodePort: 31380
- port: 443
name: https
# nodePort: 31390
- port: 31400
name: tcp
# nodePort: 31400
# Pilot and Citadel MTLS ports are enabled in gateway - but will only redirect
# to pilot/citadel if global.meshExpansion settings are enabled.
- port: 15011
targetPort: 15011
name: tcp-pilot-grpc-tls
- port: 8060
targetPort: 8060
name: tcp-citadel-grpc-tls
# Addon ports for kiali are enabled in gateway - but will only redirect if
# the gateway configuration for the various components are enabled.
- port: 15029
targetPort: 15029
name: http2-kiali
# Telemetry-related ports are enabled in gateway - but will only redirect if
# the gateway configuration for the various components are enabled.
- port: 15030
targetPort: 15030
name: http2-prometheus
- port: 15031
targetPort: 15031
name: http2-grafana
- port: 15032
targetPort: 15032
name: http2-tracing
secretVolumes:
- name: customgateway-certs
secretName: istio-customgateway-certs
mountPath: /etc/istio/customgateway-certs
- name: customgateway-ca-certs
secretName: istio-customgateway-ca-certs
mountPath: /etc/istio/customgateway-ca-certs
# all other components are disabled except the gateways
ingress:
enabled: false
security:
enabled: false
sidecarInjectorWebhook:
enabled: false
galley:
enabled: false
mixer:
policy:
enabled: false
telemetry:
enabled: false
pilot:
enabled: false
grafana:
enabled: false
prometheus:
enabled: false
servicegraph:
enabled: false
tracing:
enabled: false
kiali:
enabled: false
certmanager:
enabled: false