github.com/replicatedcom/ship@v0.50.0/integration/init/istio/expected/.ship/helm/defaults.yaml (about) 1 # 2 # Gateways Configuration, refer to the charts/gateways/values.yaml 3 # for detailed configuration 4 # 5 gateways: 6 enabled: true 7 8 # 9 # sidecar-injector webhook configuration, refer to the 10 # charts/sidecarInjectorWebhook/values.yaml for detailed configuration 11 # 12 sidecarInjectorWebhook: 13 enabled: true 14 15 # 16 # galley configuration, refer to charts/galley/values.yaml 17 # for detailed configuration 18 # 19 galley: 20 enabled: true 21 22 # 23 # mixer configuration 24 # 25 mixer: 26 enabled: true 27 28 # 29 # pilot configuration 30 # 31 pilot: 32 enabled: true 33 34 # 35 # security configuration 36 # 37 security: 38 enabled: true 39 40 # 41 # nodeagent configuration 42 # 43 nodeagent: 44 enabled: false 45 46 # 47 # ingress configuration 48 # 49 ingress: 50 enabled: false 51 52 # 53 # addon grafana configuration 54 # 55 grafana: 56 enabled: false 57 58 # 59 # addon prometheus configuration 60 # 61 prometheus: 62 enabled: true 63 64 # 65 # addon servicegraph configuration 66 # 67 servicegraph: 68 enabled: false 69 70 # 71 # addon jaeger tracing configuration 72 # 73 tracing: 74 enabled: false 75 76 # 77 # addon kiali tracing configuration 78 # 79 kiali: 80 enabled: false 81 82 # Common settings used among istio subcharts. 83 global: 84 # Default hub for Istio images. 85 # Releases are published to docker hub under 'istio' project. 86 # Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly 87 hub: gcr.io/istio-release 88 89 # Default tag for Istio images. 90 tag: master-latest-daily 91 92 k8sIngress: 93 enabled: false 94 # Gateway used for legacy k8s Ingress resources. By default it is 95 # using 'istio:ingress', to match 0.8 config. It requires that 96 # ingress.enabled is set to true. You can also set it 97 # to ingressgateway, or any other gateway you define in the 'gateway' 98 # section. 99 gatewayName: ingress 100 # enableHttps will add port 443 on the ingress. 101 # It REQUIRES that the certificates are installed in the 102 # expected secrets - enabling this option without certificates 103 # will result in LDS rejection and the ingress will not work. 104 enableHttps: false 105 106 proxy: 107 image: proxyv2 108 109 # DNS domain suffix for pilot proxy agent. Default value is "${POD_NAMESPACE}.svc.cluster.local". 110 proxyDomain: "" 111 112 # DNS domain suffix for pilot proxy discovery. Default value is "cluster.local". 113 discoveryDomain: "" 114 115 # Resources for the sidecar. 116 resources: 117 requests: 118 cpu: 10m 119 # memory: 128Mi 120 # limits: 121 # cpu: 100m 122 # memory: 128Mi 123 124 # Controls number of Proxy worker threads. 125 # If set to 0 (default), then start worker thread for each CPU thread/core. 126 concurrency: 0 127 128 # Configures the access log for each sidecar. Setting it to an empty string will 129 # disable access log for sidecar. 130 accessLogFile: "/dev/stdout" 131 132 #If set to true, istio-proxy container will have privileged securityContext 133 privileged: false 134 135 # If set, newly injected sidecars will have core dumps enabled. 136 enableCoreDump: false 137 138 # Default port for Pilot agent health checks. A value of 0 will disable health checking. 139 statusPort: 15020 140 141 # The initial delay for readiness probes in seconds. 142 readinessInitialDelaySeconds: 1 143 144 # The period between readiness probes. 145 readinessPeriodSeconds: 2 146 147 # The number of successive failed probes before indicating readiness failure. 148 readinessFailureThreshold: 30 149 150 # istio egress capture whitelist 151 # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly 152 # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" 153 # would only capture egress traffic on those two IP Ranges, all other outbound traffic would 154 # be allowed by the sidecar 155 includeIPRanges: "*" 156 excludeIPRanges: "" 157 158 # istio ingress capture whitelist 159 # examples: 160 # Redirect no inbound traffic to Envoy: --includeInboundPorts="" 161 # Redirect all inbound traffic to Envoy: --includeInboundPorts="*" 162 # Redirect only selected ports: --includeInboundPorts="80,8080" 163 includeInboundPorts: "*" 164 excludeInboundPorts: "" 165 166 # This controls the 'policy' in the sidecar injector. 167 autoInject: enabled 168 169 # Sets the destination Statsd in envoy (the value of the "--statsdUdpAddress" proxy argument 170 # would be <host>:<port>). 171 # Disabled by default. 172 # The istio-statsd-prom-bridge is deprecated and should not be used moving forward. 173 envoyStatsd: 174 # If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector. 175 enabled: false 176 host: # example: statsd-svc 177 port: # example: 9125 178 179 # This controls the stats collection for proxies. To disable stats 180 # collection, set the prometheusPort to 0. 181 stats: 182 prometheusPort: 15090 183 184 # Specify which tracer to use. One of: lightstep, zipkin 185 tracer: "zipkin" 186 187 proxy_init: 188 # Base name for the proxy_init container, used to configure iptables. 189 image: proxy_init 190 191 # imagePullPolicy is applied to istio control plane components. 192 # local tests require IfNotPresent, to avoid uploading to dockerhub. 193 # TODO: Switch to Always as default, and override in the local tests. 194 imagePullPolicy: IfNotPresent 195 196 # controlPlaneMtls enabled. Will result in delays starting the pods while secrets are 197 # propagated, not recommended for tests. 198 controlPlaneSecurityEnabled: false 199 200 # SDS enabled. IF set to true, mTLS certificates for the sidecars will be 201 # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates. 202 sdsEnabled: false 203 204 # disablePolicyChecks disables mixer policy checks. 205 # Will set the value with same name in istio config map - pilot needs to be restarted to take effect. 206 disablePolicyChecks: false 207 208 # EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect. 209 enableTracing: true 210 211 # Configuration for each of the supported tracers 212 tracer: 213 # Configuration for envoy to send trace data to LightStep. 214 # Disabled by default. 215 # address: the <host>:<port> of the satellite pool 216 # accessToken: required for sending data to the pool 217 # secure: specifies whether data should be sent with TLS 218 # cacertPath: the path to the file containing the cacert to use when verifying TLS. If secure is true, this is 219 # required. If a value is specified then a secret called "lightstep.cacert" must be created in the destination 220 # namespace with the key matching the base of the provided cacertPath and the value being the cacert itself. 221 # 222 lightstep: 223 address: "" # example: lightstep-satellite:443 224 accessToken: "" # example: abcdefg1234567 225 secure: true # example: true|false 226 cacertPath: "" # example: /etc/lightstep/cacert.pem 227 zipkin: 228 # Host:Port for reporting trace data in zipkin format. If not specified, will default to 229 # zipkin service (port 9411) in the same namespace as the other istio components. 230 address: "" 231 232 # Default mtls policy. If true, mtls between services will be enabled by default. 233 mtls: 234 # Default setting for service-to-service mtls. Can be set explicitly using 235 # destination rules or service annotations. 236 enabled: false 237 238 # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace 239 # to use for pulling any images in pods that reference this ServiceAccount. 240 # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) 241 # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. 242 # Must be set for any clustser configured with private docker registry. 243 imagePullSecrets: 244 # - private-registry-key 245 246 # Specify pod scheduling arch(amd64, ppc64le, s390x) and weight as follows: 247 # 0 - Never scheduled 248 # 1 - Least preferred 249 # 2 - No preference 250 # 3 - Most preferred 251 arch: 252 amd64: 2 253 s390x: 2 254 ppc64le: 2 255 256 # Whether to restrict the applications namespace the controller manages; 257 # If not set, controller watches all namespaces 258 oneNamespace: false 259 260 # Whether to perform server-side validation of configuration. 261 configValidation: true 262 263 # Custom DNS config for the pod to resolve names of services in other 264 # clusters. Use this to add additional search domains, and other settings. 265 # see 266 # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config 267 # This does not apply to gateway pods as they typically need a different 268 # set of DNS settings than the normal application pods (e.g., in 269 # multicluster scenarios). 270 #podDNSConfig: 271 # dnsConfig: 272 # searches: #some dummy examples 273 # - foo.bar.baz 274 # - {{ "[[ valueOrDefault .DeploymentMeta.Namespace \"default\" ]]" }}.bazoo 275 276 # If set to true, the pilot and citadel mtls will be exposed on the 277 # ingress gateway 278 meshExpansion: 279 enabled: false 280 # If set to true, the pilot and citadel mtls and the plain text pilot ports 281 # will be exposed on an internal gateway 282 useILB: false 283 284 multiCluster: 285 # Set to true to connect two kubernetes clusters using a LB gateway as 286 # the only entry point into the cluster (instead of requiring pod to 287 # pod connectivity across two clusters). Note that for this system to 288 # work, service objects from remote clusters have to be replicated to 289 # local cluster (without the pod selectors). In addition, service 290 # entries have to be added for each replicated service object, where 291 # the endpoints in the service entry point to the remote cluster's 292 # mcgatewayIP:15443. All clusters should be using Istio mTLS and must 293 # have a shared root CA for this model to work. 294 connectUsingGateway: false 295 296 # A minimal set of requested resources to applied to all deployments so that 297 # Horizontal Pod Autoscaler will be able to function (if set). 298 # Each component can overwrite these default values by adding its own resources 299 # block in the relevant section below and setting the desired resources values. 300 defaultResources: 301 requests: 302 cpu: 10m 303 # memory: 128Mi 304 # limits: 305 # cpu: 100m 306 # memory: 128Mi 307 308 # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and 309 # system-node-critical, it is better to configure this in order to make sure your Istio pods 310 # will not be killed because of low priority class. 311 # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass 312 # for more detail. 313 priorityClassName: "" 314 315 # Include the crd definition when generating the template. 316 # For 'helm template' and helm install > 2.10 it should be true. 317 # For helm < 2.9, crds must be installed ahead of time with 318 # 'kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml 319 # and this options must be set off. 320 crds: true 321 322 # Use the Mesh Control Protocol (MCP) for configuring Mixer and 323 # Pilot. Requires galley (`--set galley.enabled=true`). 324 useMCP: false