perf/istio-install/values.yaml

# This is used to generate istio.yaml for a stress/load test cluster.

global:
  imagePullPolicy: Always
  #hub: docker.io/istionightly
  #tag: nightly-release-0.8
  meshExpansion: true
  meshExpansionILB: true
  refreshInterval: 30s
  imagePullPolicy: Always
  k8sIngressSelector: ingressgateway


  proxy:
    enableCoreDump: true
    concurrency: 2
    accessLogFile: ""
    resources:
      requests:
        cpu: 500m
        memory: 256Mi
      limits:
        memory: 256Mi

  mtls:
    # Default setting for service-to-service mtls. Can be set explicitly using
    # destination rules or service annotations.
    enabled: true

  # 1.1.5 sds.enabled requires controlPlaneSecurity to be disabled.
  controlPlaneSecurityEnabled: false
  sds:
    enabled: true
    udsPath: "unix:/var/run/sds/uds_path"
    useNormalJwt: true


ingress:
  enabled: false

gateways:
  istio-ilbgateway:
    enabled: true

  istio-ingressgateway:
    meshExpansion: true
    sds:
      enabled: true
    enabled: true
    secretVolumes:
    - name: istio-ingressgateway-certs
      secretName: istio-ingressgateway-certs
      mountPath: /etc/istio/ingressgateway-certs
    - name: istio-ingressgateway-certs-fortiotls
      secretName: istio-ingressgateway-certs-fortiotls
      mountPath: /etc/istio/ingressgateway-certs-fortiotls
    - name: istio-ingressgateway-certs-fortionoistio
      secretName: istio-ingressgateway-certs-fortionoistio
      mountPath: /etc/istio/ingressgateway-certs-fortionoistio
    labels:
      istio: ingressgateway
      ver: ingress10
      app: istio-ingressgateway
      name: gateway
    replicas: 3
    autoscaleMin: 3
    autoscaleMax: 5
    resources:
      limits:
        cpu: 6000m
        memory: 512Mi
      requests:
        cpu: 4000m
        memory: 512Mi
    type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
    ports:
    - port: 80
      targetPort: 80
      name: http2
      nodePort: 31380
    - port: 443
      name: https
      nodePort: 31390
    - port: 31400
      name: tcp
    - port: 15011
      targetPort: 15011
      name: tcp-pilot-grcp-tls
    - port: 8060
      targetPort: 8060
      name: tcp-citadel-grpc-tls
    - port: 5201
      name: tcp-iperf-cont
    - port: 5202
      name: tcp-iperfraw
    - port: 5203
      name: tcp-iperf
    - port: 5204
      name: tcp-iperf-tls

pilot:
  replicaCount: 2
  sidecar: false
  autoscaleMax: 10
  env:
    PILOT_PUSH_THROTTLE: 50
    GODEBUG: gctrace=2
  resources:
    requests:
      cpu: 4800m
      memory: 2G
    limits:
      cpu: 5800m
      memory: 12G

ingress:
  enabled: false

sidecar-injector:
  enabled: true

grafana:
  enabled: true
  datasources:
    datasources.yaml:
      apiVersion: 1
      datasources:
      - name: Prometheus
        type: prometheus
        orgId: 1
        url: http://istio-prometheus.istio-prometheus:9090
        access: proxy
        isDefault: true
        jsonData:
          timeInterval: 5s
        editable: true
  #image: gcr.io/istio-release/grafana:release-1.0-20180720-00-11

mixer:
  #image: gcr.io/istio-release/mixer:release-1.0-20180720-00-11
  resources:
    requests:
      cpu: 3800m
      memory: 4G
    limits:
      cpu: 5800m
      memory: 5G
  telemetry:
    enabled: true
    replicaCount: 1
    autoscaleEnabled: true
    autoscaleMin: 1
    autoscaleMax: 15
    cpu:
      targetAverageUtilization: 80
    sessionAffinityEnabled: false


tracing:
  enabled: false
  jaeger:
    enabled: true

servicegraph:
  enabled: false

prometheus:
  enabled: false

kiali:
  enabled: false
  tag: latest

certmanager:
  enabled: true
  email: mjog@google.com
  commonName: ingress.v10.istio.webinf.info
  certificates:
    - "ingress.v10.istio.webinf.info"
  #commonName: fortiotls.v10.istio.webinf.info
  #certificates:
  #  - "fortiotls.v10.istio.webinf.info"


nodeagent:
  enabled: true
  image: node-agent-k8s
  env:
    CA_PROVIDER: "Citadel"
    CA_ADDR: "istio-citadel:8060"
    VALID_TOKEN: true
    SECRET_GRACE_DURATION: "10m"
    SECRET_JOB_RUN_INTERVAL: "30s"
    SECRET_TTL: "20m"