forked from istio/istio
-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.yaml
184 lines (174 loc) · 4.67 KB
/
default.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
spec:
hub: gcr.io/istio-testing
tag: latest
# You may override parts of meshconfig by uncommenting the following lines.
meshConfig:
defaultConfig:
proxyMetadata: {}
enablePrometheusMerge: true
# Opt-out of global http2 upgrades.
# Destination rule is used to opt-in.
# h2_upgrade_policy: DO_NOT_UPGRADE
# Traffic management feature
components:
base:
enabled: true
pilot:
enabled: true
# Istio Gateway feature
ingressGateways:
- name: istio-ingressgateway
enabled: true
egressGateways:
- name: istio-egressgateway
enabled: false
# Istio CNI feature
cni:
enabled: false
# istiod remote configuration wwhen istiod isn't installed on the cluster
istiodRemote:
enabled: false
# Global values passed through to helm global.yaml.
# Please keep this in sync with manifests/charts/global.yaml
values:
global:
istioNamespace: istio-system
istiod:
enableAnalysis: false
logging:
level: "default:info"
logAsJson: false
pilotCertProvider: istiod
jwtPolicy: third-party-jwt
proxy:
image: proxyv2
clusterDomain: "cluster.local"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 1024Mi
logLevel: warning
componentLogLevel: "misc:error"
privileged: false
enableCoreDump: false
statusPort: 15020
readinessInitialDelaySeconds: 1
readinessPeriodSeconds: 2
readinessFailureThreshold: 30
includeIPRanges: "*"
excludeIPRanges: ""
excludeOutboundPorts: ""
excludeInboundPorts: ""
autoInject: enabled
tracer: "zipkin"
proxy_init:
image: proxyv2
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 10m
memory: 10Mi
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
imagePullPolicy: ""
operatorManageWebhooks: false
tracer:
lightstep: {}
zipkin: {}
datadog: {}
stackdriver: {}
imagePullSecrets: []
oneNamespace: false
defaultNodeSelector: {}
configValidation: true
multiCluster:
enabled: false
clusterName: ""
omitSidecarInjectorConfigMap: false
network: ""
defaultResources:
requests:
cpu: 10m
defaultPodDisruptionBudget:
enabled: true
priorityClassName: ""
useMCP: false
sds:
token:
aud: istio-ca
sts:
servicePort: 0
meshNetworks: {}
mountMtlsCerts: false
base:
enableCRDTemplates: false
validationURL: ""
pilot:
autoscaleEnabled: true
autoscaleMin: 1
autoscaleMax: 5
replicaCount: 1
image: pilot
traceSampling: 1.0
env: {}
cpu:
targetAverageUtilization: 80
nodeSelector: {}
keepaliveMaxServerConnectionAge: 30m
enableProtocolSniffingForOutbound: true
enableProtocolSniffingForInbound: true
deploymentLabels:
configMap: true
telemetry:
enabled: true
v2:
enabled: true
metadataExchange:
wasmEnabled: false
prometheus:
wasmEnabled: false
enabled: true
stackdriver:
enabled: false
logging: false
monitoring: false
topology: false
configOverride: {}
istiodRemote:
injectionURL: ""
gateways:
istio-egressgateway:
zvpn: {}
env: {}
autoscaleEnabled: true
type: ClusterIP
name: istio-egressgateway
secretVolumes:
- name: egressgateway-certs
secretName: istio-egressgateway-certs
mountPath: /etc/istio/egressgateway-certs
- name: egressgateway-ca-certs
secretName: istio-egressgateway-ca-certs
mountPath: /etc/istio/egressgateway-ca-certs
istio-ingressgateway:
autoscaleEnabled: true
type: LoadBalancer
name: istio-ingressgateway
zvpn: {}
env: {}
secretVolumes:
- name: ingressgateway-certs
secretName: istio-ingressgateway-certs
mountPath: /etc/istio/ingressgateway-certs
- name: ingressgateway-ca-certs
secretName: istio-ingressgateway-ca-certs
mountPath: /etc/istio/ingressgateway-ca-certs