github.com/banzaicloud/istio-operator/pkg/apis@v0.10.8/istio/v1beta1/defaults.go (about) 1 /* 2 Copyright 2019 Banzai Cloud. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1beta1 18 19 import ( 20 "fmt" 21 22 apiv1 "k8s.io/api/core/v1" 23 corev1 "k8s.io/api/core/v1" 24 "k8s.io/apimachinery/pkg/api/resource" 25 26 "github.com/banzaicloud/operator-tools/pkg/utils" 27 ) 28 29 const ( 30 banzaiImageHub = "ghcr.io/banzaicloud" 31 banzaiImageVersion = "1.10.4-bzc.1" 32 defaultImageHub = "gcr.io/istio-release" 33 defaultImageVersion = "1.10.4" 34 defaultLogLevel = "default:info" 35 defaultMeshPolicy = PERMISSIVE 36 defaultPilotImage = defaultImageHub + "/" + "pilot" + ":" + defaultImageVersion 37 defaultCitadelImage = defaultImageHub + "/" + "citadel" + ":" + defaultImageVersion 38 defaultGalleyImage = defaultImageHub + "/" + "galley" + ":" + defaultImageVersion 39 defaultMixerImage = defaultImageHub + "/" + "mixer" + ":" + defaultImageVersion 40 defaultSidecarInjectorImage = banzaiImageHub + "/" + "istio-sidecar-injector" + ":" + banzaiImageVersion 41 defaultNodeAgentImage = defaultImageHub + "/" + "node-agent-k8s" + ":" + defaultImageVersion 42 defaultSDSImage = defaultImageHub + "/" + "node-agent-k8s" + ":" + defaultImageVersion 43 defaultProxyImage = defaultImageHub + "/" + "proxyv2" + ":" + defaultImageVersion 44 defaultProxyInitImage = defaultImageHub + "/" + "proxyv2" + ":" + defaultImageVersion 45 defaultProxyCoreDumpImage = "busybox" 46 defaultProxyCoreDumpDirectory = "/var/lib/istio/data" 47 defaultInitCNIImage = defaultImageHub + "/" + "install-cni:" + defaultImageVersion 48 defaultCoreDNSImage = "coredns/coredns:1.6.2" 49 defaultCoreDNSPluginImage = defaultImageHub + "/coredns-plugin:0.2-istio-1.1" 50 defaultIncludeIPRanges = "*" 51 defaultReplicaCount = 1 52 defaultMinReplicas = 1 53 defaultMaxReplicas = 5 54 defaultTraceSampling = 1.0 55 defaultIngressGatewayServiceType = apiv1.ServiceTypeLoadBalancer 56 defaultEgressGatewayServiceType = apiv1.ServiceTypeClusterIP 57 defaultMeshExpansionGatewayServiceType = apiv1.ServiceTypeLoadBalancer 58 outboundTrafficPolicyAllowAny = "ALLOW_ANY" 59 defaultZipkinAddress = "zipkin.%s:9411" 60 defaultInitCNIBinDir = "/opt/cni/bin" 61 defaultInitCNIConfDir = "/etc/cni/net.d" 62 defaultInitCNILogLevel = "info" 63 defaultInitCNIContainerName = "istio-validation" 64 defaultInitCNIBrokenPodLabelKey = "cni.istio.io/uninitialized" 65 defaultInitCNIBrokenPodLabelValue = "true" 66 defaultImagePullPolicy = "IfNotPresent" 67 defaultEnvoyAccessLogFile = "/dev/stdout" 68 defaultEnvoyAccessLogFormat = "" 69 defaultEnvoyAccessLogEncoding = "TEXT" 70 defaultClusterName = "Kubernetes" 71 defaultNetworkName = "network1" 72 defaultVaultEnvImage = "ghcr.io/banzaicloud/vault-env:1.11.1" 73 defaultVaultAddress = "https://vault.vault:8200" 74 defaultVaultRole = "istiod" 75 defaultVaultCACertPath = "vault:secret/data/pki/istiod#certificate" 76 defaultVaultCAKeyPath = "vault:secret/data/pki/istiod#privateKey" 77 ) 78 79 var defaultResources = &apiv1.ResourceRequirements{ 80 Requests: apiv1.ResourceList{ 81 apiv1.ResourceCPU: resource.MustParse("10m"), 82 }, 83 } 84 85 var defaultProxyResources = &apiv1.ResourceRequirements{ 86 Requests: apiv1.ResourceList{ 87 apiv1.ResourceCPU: resource.MustParse("100m"), 88 apiv1.ResourceMemory: resource.MustParse("128Mi"), 89 }, 90 Limits: apiv1.ResourceList{ 91 apiv1.ResourceCPU: resource.MustParse("2000m"), 92 apiv1.ResourceMemory: resource.MustParse("1024Mi"), 93 }, 94 } 95 96 var defaultSecurityContext = &apiv1.SecurityContext{ 97 RunAsUser: utils.IntPointer64(1337), 98 RunAsGroup: utils.IntPointer64(1337), 99 RunAsNonRoot: utils.BoolPointer(true), 100 Privileged: utils.BoolPointer(false), 101 AllowPrivilegeEscalation: utils.BoolPointer(false), 102 Capabilities: &apiv1.Capabilities{ 103 Drop: []apiv1.Capability{"ALL"}, 104 }, 105 } 106 107 var defaultInitResources = &apiv1.ResourceRequirements{ 108 Requests: apiv1.ResourceList{ 109 apiv1.ResourceCPU: resource.MustParse("10m"), 110 apiv1.ResourceMemory: resource.MustParse("10Mi"), 111 }, 112 Limits: apiv1.ResourceList{ 113 apiv1.ResourceCPU: resource.MustParse("100m"), 114 apiv1.ResourceMemory: resource.MustParse("50Mi"), 115 }, 116 } 117 118 const ( 119 ProxyStatusPort = 15020 120 PortStatusPortNumber = 15021 121 PortStatusPortName = "status-port" 122 ) 123 124 var ( 125 defaultIngressGatewayPorts = []ServicePort{} 126 defaultEgressGatewayPorts = []ServicePort{} 127 defaultMeshExpansionGatewayPorts = []ServicePort{} 128 ) 129 130 // SetDefaults used to support generic defaulter interface 131 func (config *Istio) SetDefaults() { 132 SetDefaults(config) 133 } 134 135 func SetDefaults(config *Istio) { 136 // MeshPolicy config 137 if config.Spec.MeshPolicy.MTLSMode == "" { 138 if utils.PointerToBool(config.Spec.MTLS) { 139 config.Spec.MeshPolicy.MTLSMode = STRICT 140 } else { 141 config.Spec.MeshPolicy.MTLSMode = defaultMeshPolicy 142 } 143 } 144 145 if config.Spec.ClusterName == "" { 146 config.Spec.ClusterName = defaultClusterName 147 } 148 149 if config.Spec.NetworkName == "" { 150 config.Spec.NetworkName = defaultNetworkName 151 } 152 153 if config.Spec.AutoMTLS == nil { 154 config.Spec.AutoMTLS = utils.BoolPointer(true) 155 } 156 157 if config.Spec.IncludeIPRanges == "" { 158 config.Spec.IncludeIPRanges = defaultIncludeIPRanges 159 } 160 if config.Spec.MountMtlsCerts == nil { 161 config.Spec.MountMtlsCerts = utils.BoolPointer(false) 162 } 163 if config.Spec.Logging.Level == nil { 164 config.Spec.Logging.Level = utils.StringPointer(defaultLogLevel) 165 } 166 if config.Spec.Proxy.Resources == nil { 167 if config.Spec.DefaultResources == nil { 168 config.Spec.Proxy.Resources = defaultProxyResources 169 } else { 170 config.Spec.Proxy.Resources = defaultResources 171 } 172 } 173 if config.Spec.DefaultResources == nil { 174 config.Spec.DefaultResources = defaultResources 175 } 176 177 // Istiod config 178 if config.Spec.Istiod.Enabled == nil { 179 config.Spec.Istiod.Enabled = utils.BoolPointer(true) 180 } 181 if config.Spec.Istiod.EnableAnalysis == nil { 182 config.Spec.Istiod.EnableAnalysis = utils.BoolPointer(false) 183 } 184 if config.Spec.Istiod.EnableStatus == nil { 185 config.Spec.Istiod.EnableStatus = utils.BoolPointer(false) 186 } 187 if config.Spec.Istiod.ExternalIstiod == nil { 188 config.Spec.Istiod.ExternalIstiod = &ExternalIstiodConfiguration{} 189 } 190 if config.Spec.Istiod.ExternalIstiod.Enabled == nil { 191 config.Spec.Istiod.ExternalIstiod.Enabled = utils.BoolPointer(false) 192 } 193 194 if config.Spec.Istiod.CA == nil { 195 config.Spec.Istiod.CA = &IstiodCAConfiguration{} 196 } 197 if config.Spec.Istiod.CA.Vault == nil { 198 config.Spec.Istiod.CA.Vault = &VaultCAConfiguration{} 199 } 200 201 if config.Spec.Istiod.CA.Vault.Address == nil { 202 config.Spec.Istiod.CA.Vault.Address = utils.StringPointer(defaultVaultAddress) 203 } 204 if config.Spec.Istiod.CA.Vault.Role == nil { 205 config.Spec.Istiod.CA.Vault.Role = utils.StringPointer(defaultVaultRole) 206 } 207 if config.Spec.Istiod.CA.Vault.CertPath == nil { 208 config.Spec.Istiod.CA.Vault.CertPath = utils.StringPointer(defaultVaultCACertPath) 209 } 210 if config.Spec.Istiod.CA.Vault.KeyPath == nil { 211 config.Spec.Istiod.CA.Vault.KeyPath = utils.StringPointer(defaultVaultCAKeyPath) 212 } 213 if config.Spec.Istiod.CA.Vault.Enabled == nil { 214 config.Spec.Istiod.CA.Vault.Enabled = utils.BoolPointer(false) 215 } 216 if config.Spec.Istiod.CA.Vault.VaultEnvImage == nil { 217 config.Spec.Istiod.CA.Vault.VaultEnvImage = utils.StringPointer(defaultVaultEnvImage) 218 } 219 220 // Pilot config 221 if config.Spec.Pilot.Enabled == nil { 222 config.Spec.Pilot.Enabled = utils.BoolPointer(true) 223 } 224 if config.Spec.Pilot.Image == nil { 225 config.Spec.Pilot.Image = utils.StringPointer(defaultPilotImage) 226 } 227 if config.Spec.Pilot.Sidecar == nil { 228 config.Spec.Pilot.Sidecar = utils.BoolPointer(true) 229 } 230 if config.Spec.Pilot.ReplicaCount == nil { 231 config.Spec.Pilot.ReplicaCount = utils.IntPointer(defaultReplicaCount) 232 } 233 if config.Spec.Pilot.MinReplicas == nil { 234 config.Spec.Pilot.MinReplicas = utils.IntPointer(defaultMinReplicas) 235 } 236 if config.Spec.Pilot.MaxReplicas == nil { 237 config.Spec.Pilot.MaxReplicas = utils.IntPointer(defaultMaxReplicas) 238 } 239 if config.Spec.Pilot.TraceSampling == 0 { 240 config.Spec.Pilot.TraceSampling = defaultTraceSampling 241 } 242 if config.Spec.Pilot.EnableProtocolSniffingOutbound == nil { 243 config.Spec.Pilot.EnableProtocolSniffingOutbound = utils.BoolPointer(true) 244 } 245 if config.Spec.Pilot.EnableProtocolSniffingInbound == nil { 246 config.Spec.Pilot.EnableProtocolSniffingInbound = utils.BoolPointer(true) 247 } 248 if config.Spec.Pilot.CertProvider == "" { 249 config.Spec.Pilot.CertProvider = PilotCertProviderTypeIstiod 250 } 251 if config.Spec.Pilot.SecurityContext == nil { 252 config.Spec.Pilot.SecurityContext = defaultSecurityContext 253 } 254 if config.Spec.Pilot.SPIFFE == nil { 255 config.Spec.Pilot.SPIFFE = &SPIFFEConfiguration{} 256 } 257 if config.Spec.Pilot.SPIFFE.OperatorEndpoints == nil { 258 config.Spec.Pilot.SPIFFE.OperatorEndpoints = &OperatorEndpointsConfiguration{} 259 } 260 if config.Spec.Pilot.SPIFFE.OperatorEndpoints.Enabled == nil { 261 config.Spec.Pilot.SPIFFE.OperatorEndpoints.Enabled = utils.BoolPointer(false) 262 } 263 // Citadel config 264 if config.Spec.Citadel.Enabled == nil { 265 config.Spec.Citadel.Enabled = utils.BoolPointer(false) 266 } 267 if config.Spec.Citadel.Image == nil { 268 config.Spec.Citadel.Image = utils.StringPointer(defaultCitadelImage) 269 } 270 if config.Spec.Citadel.EnableNamespacesByDefault == nil { 271 config.Spec.Citadel.EnableNamespacesByDefault = utils.BoolPointer(true) 272 } 273 // Galley config 274 if config.Spec.Galley.Enabled == nil { 275 config.Spec.Galley.Enabled = utils.BoolPointer(false) 276 } 277 if config.Spec.Galley.Image == nil { 278 config.Spec.Galley.Image = utils.StringPointer(defaultGalleyImage) 279 } 280 if config.Spec.Galley.ReplicaCount == nil { 281 config.Spec.Galley.ReplicaCount = utils.IntPointer(defaultReplicaCount) 282 } 283 if config.Spec.Galley.ConfigValidation == nil { 284 config.Spec.Galley.ConfigValidation = utils.BoolPointer(true) 285 } 286 if config.Spec.Galley.EnableServiceDiscovery == nil { 287 config.Spec.Galley.EnableServiceDiscovery = utils.BoolPointer(false) 288 } 289 if config.Spec.Galley.EnableAnalysis == nil { 290 config.Spec.Galley.EnableAnalysis = utils.BoolPointer(false) 291 } 292 // Gateways config 293 ingress := &config.Spec.Gateways.Ingress 294 ingress.MeshGatewayConfiguration.SetDefaults() 295 if ingress.ServiceType == "" { 296 ingress.ServiceType = defaultIngressGatewayServiceType 297 } 298 if len(ingress.Ports) == 0 { 299 ingress.Ports = defaultIngressGatewayPorts 300 } 301 if ingress.CreateOnly == nil { 302 ingress.CreateOnly = utils.BoolPointer(false) 303 } 304 if ingress.Enabled == nil { 305 ingress.Enabled = utils.BoolPointer(false) 306 } 307 egress := &config.Spec.Gateways.Egress 308 egress.MeshGatewayConfiguration.SetDefaults() 309 if egress.ServiceType == "" { 310 egress.ServiceType = defaultEgressGatewayServiceType 311 } 312 if len(egress.Ports) == 0 { 313 egress.Ports = defaultEgressGatewayPorts 314 } 315 if egress.CreateOnly == nil { 316 egress.CreateOnly = utils.BoolPointer(false) 317 } 318 if egress.Enabled == nil { 319 egress.Enabled = utils.BoolPointer(false) 320 } 321 mexpgw := &config.Spec.Gateways.MeshExpansion 322 mexpgw.MeshGatewayConfiguration.SetDefaults() 323 if mexpgw.ServiceType == "" { 324 mexpgw.ServiceType = defaultMeshExpansionGatewayServiceType 325 } 326 if len(mexpgw.Ports) == 0 { 327 mexpgw.Ports = defaultMeshExpansionGatewayPorts 328 } 329 if mexpgw.CreateOnly == nil { 330 mexpgw.CreateOnly = utils.BoolPointer(false) 331 } 332 if mexpgw.Enabled == nil { 333 mexpgw.Enabled = config.Spec.MeshExpansion 334 } 335 if config.Spec.Gateways.K8sIngress.Enabled == nil { 336 config.Spec.Gateways.K8sIngress.Enabled = utils.BoolPointer(false) 337 } 338 if config.Spec.Gateways.K8sIngress.EnableHttps == nil { 339 config.Spec.Gateways.K8sIngress.EnableHttps = utils.BoolPointer(false) 340 } 341 if config.Spec.Gateways.Enabled == nil { 342 config.Spec.Gateways.Enabled = utils.BoolPointer(utils.PointerToBool(config.Spec.Gateways.Ingress.Enabled) || utils.PointerToBool(config.Spec.Gateways.Egress.Enabled) || utils.PointerToBool(config.Spec.Gateways.MeshExpansion.Enabled)) 343 } 344 // Mixer config 345 if config.Spec.Mixer.Enabled == nil { 346 config.Spec.Mixer.Enabled = utils.BoolPointer(false) 347 } 348 if config.Spec.Mixer.Image == nil { 349 config.Spec.Mixer.Image = utils.StringPointer(defaultMixerImage) 350 } 351 if config.Spec.Mixer.ReplicaCount == nil { 352 config.Spec.Mixer.ReplicaCount = utils.IntPointer(defaultReplicaCount) 353 } 354 if config.Spec.Mixer.MinReplicas == nil { 355 config.Spec.Mixer.MinReplicas = utils.IntPointer(defaultMinReplicas) 356 } 357 if config.Spec.Mixer.MaxReplicas == nil { 358 config.Spec.Mixer.MaxReplicas = utils.IntPointer(defaultMaxReplicas) 359 } 360 if config.Spec.Mixer.ReportBatchMaxEntries == nil { 361 config.Spec.Mixer.ReportBatchMaxEntries = utils.IntPointer(100) 362 } 363 if config.Spec.Mixer.ReportBatchMaxTime == nil { 364 config.Spec.Mixer.ReportBatchMaxTime = utils.StringPointer("1s") 365 } 366 if config.Spec.Mixer.SessionAffinityEnabled == nil { 367 config.Spec.Mixer.SessionAffinityEnabled = utils.BoolPointer(false) 368 } 369 if config.Spec.Mixer.StdioAdapterEnabled == nil { 370 config.Spec.Mixer.StdioAdapterEnabled = utils.BoolPointer(false) 371 } 372 if config.Spec.Mixer.SecurityContext == nil { 373 config.Spec.Mixer.SecurityContext = defaultSecurityContext 374 } 375 // SidecarInjector config 376 if config.Spec.SidecarInjector.Enabled == nil { 377 config.Spec.SidecarInjector.Enabled = utils.BoolPointer(false) 378 } 379 if config.Spec.SidecarInjector.AutoInjectionPolicyEnabled == nil { 380 config.Spec.SidecarInjector.AutoInjectionPolicyEnabled = utils.BoolPointer(true) 381 } 382 if config.Spec.SidecarInjector.Image == nil { 383 config.Spec.SidecarInjector.Image = utils.StringPointer(defaultSidecarInjectorImage) 384 } 385 if config.Spec.SidecarInjector.ReplicaCount == nil { 386 config.Spec.SidecarInjector.ReplicaCount = utils.IntPointer(defaultReplicaCount) 387 } 388 if config.Spec.SidecarInjector.InitCNIConfiguration.Enabled == nil { 389 config.Spec.SidecarInjector.InitCNIConfiguration.Enabled = utils.BoolPointer(false) 390 } 391 if config.Spec.SidecarInjector.InitCNIConfiguration.Image == "" { 392 config.Spec.SidecarInjector.InitCNIConfiguration.Image = defaultInitCNIImage 393 } 394 if config.Spec.SidecarInjector.InitCNIConfiguration.BinDir == "" { 395 config.Spec.SidecarInjector.InitCNIConfiguration.BinDir = defaultInitCNIBinDir 396 } 397 if config.Spec.SidecarInjector.InitCNIConfiguration.ConfDir == "" { 398 config.Spec.SidecarInjector.InitCNIConfiguration.ConfDir = defaultInitCNIConfDir 399 } 400 if config.Spec.SidecarInjector.InitCNIConfiguration.ExcludeNamespaces == nil { 401 config.Spec.SidecarInjector.InitCNIConfiguration.ExcludeNamespaces = []string{config.Namespace} 402 } 403 if config.Spec.SidecarInjector.InitCNIConfiguration.LogLevel == "" { 404 config.Spec.SidecarInjector.InitCNIConfiguration.LogLevel = defaultInitCNILogLevel 405 } 406 if config.Spec.SidecarInjector.InitCNIConfiguration.Chained == nil { 407 config.Spec.SidecarInjector.InitCNIConfiguration.Chained = utils.BoolPointer(true) 408 } 409 if config.Spec.SidecarInjector.RewriteAppHTTPProbe == nil { 410 config.Spec.SidecarInjector.RewriteAppHTTPProbe = utils.BoolPointer(true) 411 } 412 // Wasm Config 413 if config.Spec.ProxyWasm.Enabled == nil { 414 config.Spec.ProxyWasm.Enabled = utils.BoolPointer(false) 415 } 416 // CNI repair config 417 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.Enabled == nil { 418 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.Enabled = utils.BoolPointer(true) 419 } 420 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.Hub == nil { 421 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.Hub = utils.StringPointer("") 422 } 423 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.Tag == nil { 424 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.Tag = utils.StringPointer("") 425 } 426 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.LabelPods == nil { 427 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.LabelPods = utils.BoolPointer(true) 428 } 429 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.DeletePods == nil { 430 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.DeletePods = utils.BoolPointer(true) 431 } 432 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.InitContainerName == nil { 433 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.InitContainerName = utils.StringPointer(defaultInitCNIContainerName) 434 } 435 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.BrokenPodLabelKey == nil { 436 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.BrokenPodLabelKey = utils.StringPointer(defaultInitCNIBrokenPodLabelKey) 437 } 438 if config.Spec.SidecarInjector.InitCNIConfiguration.Repair.BrokenPodLabelValue == nil { 439 config.Spec.SidecarInjector.InitCNIConfiguration.Repair.BrokenPodLabelValue = utils.StringPointer(defaultInitCNIBrokenPodLabelValue) 440 } 441 if config.Spec.SidecarInjector.SecurityContext == nil { 442 config.Spec.SidecarInjector.SecurityContext = defaultSecurityContext 443 } 444 // SDS config 445 if config.Spec.SDS.Enabled == nil { 446 config.Spec.SDS.Enabled = utils.BoolPointer(false) 447 } 448 if config.Spec.SDS.TokenAudience == "" { 449 config.Spec.SDS.TokenAudience = "istio-ca" 450 } 451 if config.Spec.SDS.UdsPath == "" { 452 config.Spec.SDS.UdsPath = "unix:/var/run/sds/uds_path" 453 } 454 // NodeAgent config 455 if config.Spec.NodeAgent.Enabled == nil { 456 config.Spec.NodeAgent.Enabled = utils.BoolPointer(false) 457 } 458 if config.Spec.NodeAgent.Image == nil { 459 config.Spec.NodeAgent.Image = utils.StringPointer(defaultNodeAgentImage) 460 } 461 462 if config.Spec.Gateways.Ingress.SDS.Image == "" { 463 config.Spec.Gateways.Ingress.SDS.Image = defaultSDSImage 464 } 465 if config.Spec.Gateways.Egress.SDS.Image == "" { 466 config.Spec.Gateways.Egress.SDS.Image = defaultSDSImage 467 } 468 // Proxy config 469 if config.Spec.Proxy.Image == "" { 470 config.Spec.Proxy.Image = defaultProxyImage 471 } 472 // Proxy Init config 473 if config.Spec.Proxy.Init == nil { 474 config.Spec.Proxy.Init = &ProxyInitConfiguration{} 475 } 476 if config.Spec.Proxy.Init.Image == "" { 477 if config.Spec.ProxyInit.Image != "" { 478 config.Spec.Proxy.Init.Image = config.Spec.ProxyInit.Image 479 } else { 480 config.Spec.Proxy.Init.Image = defaultProxyInitImage 481 } 482 } 483 if config.Spec.Proxy.Init.Resources == nil { 484 config.Spec.Proxy.Init.Resources = defaultInitResources 485 } 486 487 if config.Spec.Proxy.AccessLogFile == nil { 488 config.Spec.Proxy.AccessLogFile = utils.StringPointer(defaultEnvoyAccessLogFile) 489 } 490 if config.Spec.Proxy.AccessLogFormat == nil { 491 config.Spec.Proxy.AccessLogFormat = utils.StringPointer(defaultEnvoyAccessLogFormat) 492 } 493 if config.Spec.Proxy.AccessLogEncoding == nil { 494 config.Spec.Proxy.AccessLogEncoding = utils.StringPointer(defaultEnvoyAccessLogEncoding) 495 } 496 if config.Spec.Proxy.ComponentLogLevel == "" { 497 config.Spec.Proxy.ComponentLogLevel = "misc:error" 498 } 499 if config.Spec.Proxy.LogLevel == "" { 500 config.Spec.Proxy.LogLevel = "warning" 501 } 502 if config.Spec.Proxy.DNSRefreshRate == "" { 503 config.Spec.Proxy.DNSRefreshRate = "300s" 504 } 505 if config.Spec.Proxy.HoldApplicationUntilProxyStarts == nil { 506 config.Spec.Proxy.HoldApplicationUntilProxyStarts = utils.BoolPointer(false) 507 } 508 if config.Spec.Proxy.EnvoyStatsD.Enabled == nil { 509 config.Spec.Proxy.EnvoyStatsD.Enabled = utils.BoolPointer(false) 510 } 511 if config.Spec.Proxy.EnvoyMetricsService.Enabled == nil { 512 config.Spec.Proxy.EnvoyMetricsService.Enabled = utils.BoolPointer(false) 513 } 514 if config.Spec.Proxy.EnvoyMetricsService.TLSSettings == nil { 515 config.Spec.Proxy.EnvoyMetricsService.TLSSettings = &TLSSettings{ 516 Mode: "DISABLE", 517 } 518 } 519 if config.Spec.Proxy.EnvoyMetricsService.TCPKeepalive == nil { 520 config.Spec.Proxy.EnvoyMetricsService.TCPKeepalive = &TCPKeepalive{ 521 Probes: 3, 522 Time: "10s", 523 Interval: "10s", 524 } 525 } 526 if config.Spec.Proxy.EnvoyAccessLogService.Enabled == nil { 527 config.Spec.Proxy.EnvoyAccessLogService.Enabled = utils.BoolPointer(false) 528 } 529 if config.Spec.Proxy.EnvoyAccessLogService.TLSSettings == nil { 530 config.Spec.Proxy.EnvoyAccessLogService.TLSSettings = &TLSSettings{ 531 Mode: "DISABLE", 532 } 533 } 534 if config.Spec.Proxy.EnvoyAccessLogService.TCPKeepalive == nil { 535 config.Spec.Proxy.EnvoyAccessLogService.TCPKeepalive = &TCPKeepalive{ 536 Probes: 3, 537 Time: "10s", 538 Interval: "10s", 539 } 540 } 541 if config.Spec.Proxy.ProtocolDetectionTimeout == nil { 542 config.Spec.Proxy.ProtocolDetectionTimeout = utils.StringPointer("0") 543 } 544 if config.Spec.Proxy.ClusterDomain == "" { 545 config.Spec.Proxy.ClusterDomain = "cluster.local" 546 } 547 if config.Spec.Proxy.EnableCoreDump == nil { 548 config.Spec.Proxy.EnableCoreDump = utils.BoolPointer(false) 549 } 550 if config.Spec.Proxy.CoreDumpImage == "" { 551 config.Spec.Proxy.CoreDumpImage = defaultProxyCoreDumpImage 552 } 553 if config.Spec.Proxy.CoreDumpDirectory == "" { 554 config.Spec.Proxy.CoreDumpDirectory = defaultProxyCoreDumpDirectory 555 } 556 if config.Spec.Proxy.SecurityContext == nil { 557 config.Spec.Proxy.SecurityContext = defaultSecurityContext 558 } 559 560 // PDB config 561 if config.Spec.DefaultPodDisruptionBudget.Enabled == nil { 562 config.Spec.DefaultPodDisruptionBudget.Enabled = utils.BoolPointer(false) 563 } 564 // Outbound traffic policy config 565 if config.Spec.OutboundTrafficPolicy.Mode == "" { 566 config.Spec.OutboundTrafficPolicy.Mode = outboundTrafficPolicyAllowAny 567 } 568 // Tracing config 569 if config.Spec.Tracing.Enabled == nil { 570 config.Spec.Tracing.Enabled = utils.BoolPointer(true) 571 } 572 if config.Spec.Tracing.Tracer == "" { 573 config.Spec.Tracing.Tracer = TracerTypeZipkin 574 } 575 if config.Spec.Tracing.Zipkin.Address == "" { 576 config.Spec.Tracing.Zipkin.Address = fmt.Sprintf(defaultZipkinAddress, config.Namespace) 577 } 578 if config.Spec.Tracing.Tracer == TracerTypeDatadog { 579 if config.Spec.Tracing.Datadog.Address == "" { 580 config.Spec.Tracing.Datadog.Address = "$(HOST_IP):8126" 581 } 582 } 583 if config.Spec.Tracing.Tracer == TracerTypeStackdriver { 584 if config.Spec.Tracing.Strackdriver.Debug == nil { 585 config.Spec.Tracing.Strackdriver.Debug = utils.BoolPointer(false) 586 } 587 if config.Spec.Tracing.Strackdriver.MaxNumberOfAttributes == nil { 588 config.Spec.Tracing.Strackdriver.MaxNumberOfAttributes = utils.IntPointer(200) 589 } 590 if config.Spec.Tracing.Strackdriver.MaxNumberOfAnnotations == nil { 591 config.Spec.Tracing.Strackdriver.MaxNumberOfAnnotations = utils.IntPointer(200) 592 } 593 if config.Spec.Tracing.Strackdriver.MaxNumberOfMessageEvents == nil { 594 config.Spec.Tracing.Strackdriver.MaxNumberOfMessageEvents = utils.IntPointer(200) 595 } 596 } 597 598 // Policy 599 if config.Spec.Policy.ChecksEnabled == nil { 600 config.Spec.Policy.ChecksEnabled = utils.BoolPointer(false) 601 } 602 if config.Spec.Policy.Enabled == nil { 603 config.Spec.Policy.Enabled = config.Spec.Mixer.Enabled 604 } 605 if config.Spec.Policy.Image == nil { 606 config.Spec.Policy.Image = config.Spec.Mixer.Image 607 } 608 if config.Spec.Policy.ReplicaCount == nil { 609 config.Spec.Policy.ReplicaCount = config.Spec.Mixer.ReplicaCount 610 } 611 if config.Spec.Policy.MinReplicas == nil { 612 config.Spec.Policy.MinReplicas = config.Spec.Mixer.MinReplicas 613 } 614 if config.Spec.Policy.MaxReplicas == nil { 615 config.Spec.Policy.MaxReplicas = config.Spec.Mixer.MaxReplicas 616 } 617 if config.Spec.Policy.Resources == nil { 618 config.Spec.Policy.Resources = config.Spec.Mixer.Resources 619 } 620 if config.Spec.Policy.NodeSelector == nil { 621 config.Spec.Policy.NodeSelector = config.Spec.Mixer.NodeSelector 622 } 623 if config.Spec.Policy.Affinity == nil { 624 config.Spec.Policy.Affinity = config.Spec.Mixer.Affinity 625 } 626 if config.Spec.Policy.Tolerations == nil { 627 config.Spec.Policy.Tolerations = config.Spec.Mixer.Tolerations 628 } 629 if config.Spec.Policy.SecurityContext == nil { 630 config.Spec.Policy.SecurityContext = defaultSecurityContext 631 } 632 // Telemetry 633 if config.Spec.Telemetry.Enabled == nil { 634 config.Spec.Telemetry.Enabled = config.Spec.Mixer.Enabled 635 } 636 if config.Spec.Telemetry.Image == nil { 637 config.Spec.Telemetry.Image = config.Spec.Mixer.Image 638 } 639 if config.Spec.Telemetry.ReplicaCount == nil { 640 config.Spec.Telemetry.ReplicaCount = config.Spec.Mixer.ReplicaCount 641 } 642 if config.Spec.Telemetry.MinReplicas == nil { 643 config.Spec.Telemetry.MinReplicas = config.Spec.Mixer.MinReplicas 644 } 645 if config.Spec.Telemetry.MaxReplicas == nil { 646 config.Spec.Telemetry.MaxReplicas = config.Spec.Mixer.MaxReplicas 647 } 648 if config.Spec.Telemetry.Resources == nil { 649 config.Spec.Telemetry.Resources = config.Spec.Mixer.Resources 650 } 651 if config.Spec.Telemetry.NodeSelector == nil { 652 config.Spec.Telemetry.NodeSelector = config.Spec.Mixer.NodeSelector 653 } 654 if config.Spec.Telemetry.Affinity == nil { 655 config.Spec.Telemetry.Affinity = config.Spec.Mixer.Affinity 656 } 657 if config.Spec.Telemetry.Tolerations == nil { 658 config.Spec.Telemetry.Tolerations = config.Spec.Mixer.Tolerations 659 } 660 if config.Spec.Telemetry.ReportBatchMaxEntries == nil { 661 config.Spec.Telemetry.ReportBatchMaxEntries = config.Spec.Mixer.ReportBatchMaxEntries 662 } 663 if config.Spec.Telemetry.ReportBatchMaxTime == nil { 664 config.Spec.Telemetry.ReportBatchMaxTime = config.Spec.Mixer.ReportBatchMaxTime 665 } 666 if config.Spec.Telemetry.SessionAffinityEnabled == nil { 667 config.Spec.Telemetry.SessionAffinityEnabled = config.Spec.Mixer.SessionAffinityEnabled 668 } 669 if config.Spec.Telemetry.SecurityContext == nil { 670 config.Spec.Telemetry.SecurityContext = defaultSecurityContext 671 } 672 673 if config.Spec.MultiMeshExpansion == nil { 674 config.Spec.MultiMeshExpansion = &MultiMeshConfiguration{} 675 } 676 if config.Spec.MultiMeshExpansion.Domains == nil { 677 config.Spec.MultiMeshExpansion.Domains = make([]Domain, 0) 678 } 679 680 if config.Spec.GlobalDomain != nil { 681 found := false 682 for _, domain := range config.Spec.GetMultiMeshExpansion().GetDomains() { 683 if domain == *config.Spec.GlobalDomain { 684 found = true 685 } 686 } 687 if !found { 688 config.Spec.MultiMeshExpansion.Domains = append(config.Spec.MultiMeshExpansion.Domains, Domain(*config.Spec.GlobalDomain)) 689 } 690 } 691 692 // Istio CoreDNS for multi mesh support 693 if config.Spec.IstioCoreDNS.Enabled == nil { 694 config.Spec.IstioCoreDNS.Enabled = utils.BoolPointer(false) 695 } 696 if config.Spec.IstioCoreDNS.Image == nil { 697 config.Spec.IstioCoreDNS.Image = utils.StringPointer(defaultCoreDNSImage) 698 } 699 if config.Spec.IstioCoreDNS.PluginImage == "" { 700 config.Spec.IstioCoreDNS.PluginImage = defaultCoreDNSPluginImage 701 } 702 if config.Spec.IstioCoreDNS.ReplicaCount == nil { 703 config.Spec.IstioCoreDNS.ReplicaCount = utils.IntPointer(defaultReplicaCount) 704 } 705 if config.Spec.IstioCoreDNS.MinReplicas == nil { 706 config.Spec.IstioCoreDNS.MinReplicas = utils.IntPointer(defaultMinReplicas) 707 } 708 if config.Spec.IstioCoreDNS.MaxReplicas == nil { 709 config.Spec.IstioCoreDNS.MaxReplicas = utils.IntPointer(defaultMaxReplicas) 710 } 711 if config.Spec.IstioCoreDNS.SecurityContext == nil { 712 config.Spec.IstioCoreDNS.SecurityContext = defaultSecurityContext 713 } 714 715 if config.Spec.ImagePullPolicy == "" { 716 config.Spec.ImagePullPolicy = defaultImagePullPolicy 717 } 718 719 if config.Spec.MeshExpansion == nil { 720 config.Spec.MeshExpansion = utils.BoolPointer(false) 721 } 722 723 if config.Spec.UseMCP == nil { 724 config.Spec.UseMCP = utils.BoolPointer(false) 725 } 726 727 if config.Spec.MixerlessTelemetry == nil { 728 config.Spec.MixerlessTelemetry = &MixerlessTelemetryConfiguration{ 729 Enabled: utils.BoolPointer(true), 730 } 731 } 732 733 if config.Spec.TrustDomain == "" { 734 config.Spec.TrustDomain = "cluster.local" 735 } 736 737 if config.Spec.Proxy.UseMetadataExchangeFilter == nil { 738 config.Spec.Proxy.UseMetadataExchangeFilter = utils.BoolPointer(false) 739 } 740 741 if config.Spec.JWTPolicy == "" { 742 config.Spec.JWTPolicy = JWTPolicyThirdPartyJWT 743 } 744 745 if config.Spec.ControlPlaneAuthPolicy == "" { 746 config.Spec.ControlPlaneAuthPolicy = ControlPlaneAuthPolicyMTLS 747 } 748 749 if config.Spec.ImagePullSecrets == nil { 750 config.Spec.ImagePullSecrets = make([]corev1.LocalObjectReference, 0) 751 } 752 } 753 754 func SetRemoteIstioDefaults(remoteconfig *RemoteIstio) { 755 if remoteconfig.Spec.IncludeIPRanges == "" { 756 remoteconfig.Spec.IncludeIPRanges = defaultIncludeIPRanges 757 } 758 // SidecarInjector config 759 if remoteconfig.Spec.SidecarInjector.ReplicaCount == nil { 760 remoteconfig.Spec.SidecarInjector.ReplicaCount = utils.IntPointer(defaultReplicaCount) 761 } 762 if remoteconfig.Spec.Proxy.UseMetadataExchangeFilter == nil { 763 remoteconfig.Spec.Proxy.UseMetadataExchangeFilter = utils.BoolPointer(false) 764 } 765 }