-
Notifications
You must be signed in to change notification settings - Fork 7.7k
/
values.yaml
143 lines (113 loc) · 5.14 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# "defaults" is a workaround for Helm limitations. Users should NOT set ".defaults" explicitly, but rather directly set the fields internally.
# For instance, instead of `--set defaults.foo=bar`, just set `--set foo=bar`.
defaults:
hub: ""
tag: ""
variant: ""
image: install-cni
pullPolicy: ""
# Same as `global.logging.level`, but will override it if set
logging:
level: ""
# Configuration file to insert istio-cni plugin configuration
# by default this will be the first file found in the cni-conf-dir
# Example
# cniConfFileName: 10-calico.conflist
# CNI bin and conf dir override settings
# defaults:
cniBinDir: "" # Auto-detected based on version; defaults to /opt/cni/bin.
cniConfDir: /etc/cni/net.d
cniConfFileName: ""
# This directory must exist on the node, if it does not, consult your container runtime
# documentation for the appropriate path.
cniNetnsDir: # Defaults to '/var/run/netns', in minikube/docker/others can be '/var/run/docker/netns'.
excludeNamespaces:
- kube-system
# Allows user to set custom affinity for the DaemonSet
affinity: {}
# Custom annotations on pod level, if you need them
podAnnotations: {}
# Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")?
# Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case
chained: true
# Custom configuration happens based on the CNI provider.
# Possible values: "default", "multus"
provider: "default"
# Configure ambient settings
ambient:
# If enabled, ambient redirection will be enabled
enabled: false
# Set ambient config dir path: defaults to /etc/ambient-config
configDir: ""
# If enabled, and ambient is enabled, DNS redirection will be enabled
dnsCapture: false
# If enabled, and ambient is enabled, enables ipv6 support
ipv6: true
repair:
enabled: true
hub: ""
tag: ""
# Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used.
# This defines the action the controller will take when a pod is detected as broken.
# labelPods will label all pods with <brokenPodLabelKey>=<brokenPodLabelValue>.
# This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them).
# Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts.
labelPods: false
# deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready.
# Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod.
deletePods: false
# repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started.
# Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs.
# This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`.
repairPods: true
initContainerName: "istio-validation"
brokenPodLabelKey: "cni.istio.io/uninitialized"
brokenPodLabelValue: "true"
# Set to `type: RuntimeDefault` to use the default profile if available.
seccompProfile: {}
resources:
requests:
cpu: 100m
memory: 100Mi
resourceQuotas:
enabled: false
pods: 5000
# The number of pods that can be unavailable during rolling update (see
# `updateStrategy.rollingUpdate.maxUnavailable` here:
# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec).
# May be specified as a number of pods or as a percent of the total number
# of pods at the start of the update.
rollingMaxUnavailable: 1
# Revision is set as 'version' label and part of the resource names when installing multiple control planes.
revision: ""
# For Helm compatibility.
ownerName: ""
global:
# Default hub for Istio images.
# Releases are published to docker hub under 'istio' project.
# Dev builds from prow are on gcr.io
hub: gcr.io/istio-testing
# Default tag for Istio images.
tag: latest
# Variant of the image to use.
# Currently supported are: [debug, distroless]
variant: ""
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
imagePullPolicy: ""
# change cni scope level to control logging out of istio-cni-node DaemonSet
logging:
level: info
logAsJson: false
# ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace
# to use for pulling any images in pods that reference this ServiceAccount.
# For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing)
# ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects.
# Must be set for any cluster configured with private docker registry.
imagePullSecrets: []
# - private-registry-key
# Default resources allocated
defaultResources:
requests:
cpu: 100m
memory: 100Mi