-
Notifications
You must be signed in to change notification settings - Fork 292
/
values.yaml
194 lines (172 loc) · 3.99 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# This is used to generate istio.yaml for a stress/load test cluster.
global:
imagePullPolicy: Always
#hub: docker.io/istionightly
#tag: nightly-release-0.8
meshExpansion: true
meshExpansionILB: true
refreshInterval: 30s
imagePullPolicy: Always
k8sIngressSelector: ingressgateway
proxy:
enableCoreDump: true
concurrency: 2
accessLogFile: ""
resources:
requests:
cpu: 500m
memory: 256Mi
limits:
memory: 256Mi
mtls:
# Default setting for service-to-service mtls. Can be set explicitly using
# destination rules or service annotations.
enabled: true
# 1.1.5 sds.enabled requires controlPlaneSecurity to be disabled.
controlPlaneSecurityEnabled: false
sds:
enabled: true
udsPath: "unix:/var/run/sds/uds_path"
useNormalJwt: true
ingress:
enabled: false
gateways:
istio-ilbgateway:
enabled: true
istio-ingressgateway:
meshExpansion: true
sds:
enabled: true
enabled: true
secretVolumes:
- name: istio-ingressgateway-certs
secretName: istio-ingressgateway-certs
mountPath: /etc/istio/ingressgateway-certs
- name: istio-ingressgateway-certs-fortiotls
secretName: istio-ingressgateway-certs-fortiotls
mountPath: /etc/istio/ingressgateway-certs-fortiotls
- name: istio-ingressgateway-certs-fortionoistio
secretName: istio-ingressgateway-certs-fortionoistio
mountPath: /etc/istio/ingressgateway-certs-fortionoistio
labels:
istio: ingressgateway
ver: ingress10
app: istio-ingressgateway
name: gateway
replicas: 3
autoscaleMin: 3
autoscaleMax: 5
resources:
limits:
cpu: 6000m
memory: 512Mi
requests:
cpu: 4000m
memory: 512Mi
type: LoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
ports:
- port: 80
targetPort: 80
name: http2
nodePort: 31380
- port: 443
name: https
nodePort: 31390
- port: 31400
name: tcp
- port: 15011
targetPort: 15011
name: tcp-pilot-grcp-tls
- port: 8060
targetPort: 8060
name: tcp-citadel-grpc-tls
- port: 5201
name: tcp-iperf-cont
- port: 5202
name: tcp-iperfraw
- port: 5203
name: tcp-iperf
- port: 5204
name: tcp-iperf-tls
pilot:
replicaCount: 2
sidecar: false
autoscaleMax: 10
env:
PILOT_PUSH_THROTTLE: 50
GODEBUG: gctrace=2
resources:
requests:
cpu: 4800m
memory: 2G
limits:
cpu: 5800m
memory: 12G
ingress:
enabled: false
sidecar-injector:
enabled: true
grafana:
enabled: true
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
orgId: 1
url: http://istio-prometheus.istio-prometheus:9090
access: proxy
isDefault: true
jsonData:
timeInterval: 5s
editable: true
#image: gcr.io/istio-release/grafana:release-1.0-20180720-00-11
mixer:
#image: gcr.io/istio-release/mixer:release-1.0-20180720-00-11
resources:
requests:
cpu: 3800m
memory: 4G
limits:
cpu: 5800m
memory: 5G
telemetry:
enabled: true
replicaCount: 1
autoscaleEnabled: true
autoscaleMin: 1
autoscaleMax: 15
cpu:
targetAverageUtilization: 80
sessionAffinityEnabled: false
tracing:
enabled: false
jaeger:
enabled: true
servicegraph:
enabled: false
prometheus:
enabled: false
kiali:
enabled: false
tag: latest
certmanager:
enabled: true
email: mjog@google.com
commonName: ingress.v10.istio.webinf.info
certificates:
- "ingress.v10.istio.webinf.info"
#commonName: fortiotls.v10.istio.webinf.info
#certificates:
# - "fortiotls.v10.istio.webinf.info"
nodeagent:
enabled: true
image: node-agent-k8s
env:
CA_PROVIDER: "Citadel"
CA_ADDR: "istio-citadel:8060"
VALID_TOKEN: true
SECRET_GRACE_DURATION: "10m"
SECRET_JOB_RUN_INTERVAL: "30s"
SECRET_TTL: "20m"