github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/overrides/istio-cr.yaml (about) 1 # Copyright (c) 2021, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 apiVersion: install.istio.io/v1alpha1 5 kind: IstioOperator 6 spec: 7 profile: default 8 components: 9 egressGateways: 10 - name: istio-egressgateway 11 enabled: true 12 k8s: 13 securityContext: 14 runAsUser: 1337 15 runAsGroup: 1337 16 runAsNonRoot: true 17 seccompProfile: 18 type: RuntimeDefault 19 overlays: 20 - kind: Deployment 21 name: istio-egressgateway 22 patches: 23 - path: spec.template.spec.containers.[name:istio-proxy].securityContext 24 value: | 25 privileged: false 26 allowPrivilegeEscalation: false 27 capabilities: 28 drop: 29 - ALL 30 ingressGateways: 31 - name: istio-ingressgateway 32 k8s: 33 securityContext: 34 runAsUser: 1337 35 runAsGroup: 1337 36 runAsNonRoot: true 37 seccompProfile: 38 type: RuntimeDefault 39 overlays: 40 - kind: Deployment 41 name: istio-ingressgateway 42 patches: 43 - path: spec.template.spec.containers.[name:istio-proxy].securityContext 44 value: | 45 privileged: false 46 allowPrivilegeEscalation: false 47 capabilities: 48 drop: 49 - ALL 50 pilot: 51 k8s: 52 securityContext: 53 runAsUser: 1337 54 runAsGroup: 1337 55 runAsNonRoot: true 56 seccompProfile: 57 type: RuntimeDefault 58 overlays: 59 - kind: Deployment 60 name: istiod 61 patches: 62 - path: spec.template.spec.containers.[name:discovery].securityContext 63 value: | 64 privileged: false 65 allowPrivilegeEscalation: false 66 capabilities: 67 drop: 68 - ALL 69 70 # Global values passed through to helm global.yaml. 71 # Please keep this in sync with manifests/charts/global.yaml 72 values: 73 global: 74 hub: ghcr.io/verrazzano 75 tag: 1.17.2 76 multiCluster: 77 enabled: false 78 istioNamespace: istio-system 79 imagePullPolicy: IfNotPresent 80 proxy: 81 readinessFailureThreshold: 90 82 # enable pod disruption budget for the control plane, which is used to ensure Istio control plane 83 # components are gradually upgraded or recovered. 84 # pod disruption budget(pdb) is disabled to allow upgrading worker nodes without violating pdb 85 defaultPodDisruptionBudget: 86 enabled: false 87 88 pilot: 89 autoscaleEnabled: false 90 gateways: 91 istio-egressgateway: 92 env: 93 # Needed to route traffic via egress gateway if desired. 94 ISTIO_META_REQUESTED_NETWORK_VIEW: "external" 95 autoscaleEnabled: false 96 istio-ingressgateway: 97 autoscaleEnabled: false 98 99 meshConfig: 100 enablePrometheusMerge: false 101 defaultConfig: 102 proxyMetadata: { } 103 104 sidecarInjectorWebhook: 105 rewriteAppHTTPProbe: true