Created
April 19, 2020 14:05
-
-
Save askmeegs/3b1baa380c731ea9eb3759ad2dac9f20 to your computer and use it in GitHub Desktop.
install-ilbgateway.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ILB config source - https://github.com/istio/istio/issues/20033 | |
| apiVersion: install.istio.io/v1alpha1 | |
| kind: IstioOperator | |
| spec: | |
| addonComponents: | |
| grafana: | |
| enabled: true | |
| k8s: | |
| replicaCount: 1 | |
| istiocoredns: | |
| enabled: false | |
| kiali: | |
| enabled: true | |
| k8s: | |
| replicaCount: 1 | |
| prometheus: | |
| enabled: true | |
| k8s: | |
| replicaCount: 1 | |
| tracing: | |
| enabled: true | |
| components: | |
| base: | |
| enabled: true | |
| citadel: | |
| enabled: false | |
| k8s: | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| cni: | |
| enabled: false | |
| egressGateways: | |
| - enabled: false | |
| k8s: | |
| hpaSpec: | |
| maxReplicas: 5 | |
| metrics: | |
| - resource: | |
| name: cpu | |
| targetAverageUtilization: 80 | |
| type: Resource | |
| minReplicas: 1 | |
| scaleTargetRef: | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| name: istio-ingressgateway | |
| resources: | |
| limits: | |
| cpu: 2000m | |
| memory: 1024Mi | |
| requests: | |
| cpu: 100m | |
| memory: 128Mi | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| name: istio-egressgateway | |
| galley: | |
| enabled: false | |
| k8s: | |
| replicaCount: 1 | |
| resources: | |
| requests: | |
| cpu: 100m | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| ingressGateways: | |
| - enabled: true | |
| k8s: | |
| hpaSpec: | |
| maxReplicas: 5 | |
| metrics: | |
| - resource: | |
| name: cpu | |
| targetAverageUtilization: 80 | |
| type: Resource | |
| minReplicas: 1 | |
| scaleTargetRef: | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| name: istio-ingressgateway | |
| resources: | |
| limits: | |
| cpu: 2000m | |
| memory: 1024Mi | |
| requests: | |
| cpu: 100m | |
| memory: 128Mi | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| name: istio-ingressgateway | |
| - name: istio-ilbgateway | |
| enabled: true | |
| namespace: istio-system | |
| k8s: | |
| serviceAnnotations: | |
| cloud.google.com/load-balancer-type: "internal" | |
| overlays: | |
| - kind: HorizontalPodAutoscaler | |
| name: istio-ilbgateway | |
| patches: | |
| - path: metadata.labels.app | |
| value: istio-ilbgateway | |
| - path: metadata.labels.istio | |
| value: ilbgateway | |
| - kind: Deployment | |
| name: istio-ilbgateway | |
| patches: | |
| - path: metadata.labels.app | |
| value: istio-ilbgateway | |
| - path: metadata.labels.istio | |
| value: ilbgateway | |
| - path: spec.selector.matchLabels.app | |
| value: istio-ilbgateway | |
| - path: spec.selector.matchLabels.istio | |
| value: ilbgateway | |
| - path: spec.template.metadata.labels.app | |
| value: istio-ilbgateway | |
| - path: spec.template.metadata.labels.istio | |
| value: ilbgateway | |
| - kind: Gateway | |
| name: ingressgateway | |
| patches: | |
| - path: metadata.name | |
| value: ilbgateway | |
| - path: spec.selector.istio | |
| value: ilbgateway | |
| - kind: PodDisruptionBudget | |
| name: ingressgateway | |
| patches: | |
| - path: metadata.name | |
| value: ilbgateway | |
| - path: metadata.labels.app | |
| value: istio-ilbgateway | |
| - path: metadata.labels.istio | |
| value: ilbgateway | |
| - path: spec.selector.matchLabels.app | |
| value: istio-ilbgateway | |
| - path: spec.selector.matchLabels.istio | |
| value: ilbgateway | |
| - kind: Service | |
| name: istio-ilbgateway | |
| patches: | |
| - path: metadata.labels.app | |
| value: istio-ilbgateway | |
| - path: metadata.labels.istio | |
| value: ilbgateway | |
| - path: spec.selector.app | |
| value: istio-ilbgateway | |
| - path: spec.selector.istio | |
| value: ilbgateway | |
| - kind: ServiceAccount | |
| name: istio-ingressgateway-service-account | |
| patches: | |
| - path: metadata.labels.app | |
| value: istio-ilbgateway | |
| - path: metadata.labels.istio | |
| value: ilbgateway | |
| nodeAgent: | |
| enabled: false | |
| pilot: | |
| enabled: true | |
| k8s: | |
| env: | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| readinessProbe: | |
| httpGet: | |
| path: /ready | |
| port: 8080 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 5 | |
| resources: | |
| requests: | |
| cpu: 500m | |
| memory: 2048Mi | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| policy: | |
| enabled: false | |
| k8s: | |
| env: | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| hpaSpec: | |
| maxReplicas: 5 | |
| metrics: | |
| - resource: | |
| name: cpu | |
| targetAverageUtilization: 80 | |
| type: Resource | |
| minReplicas: 1 | |
| scaleTargetRef: | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| name: istio-policy | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| sidecarInjector: | |
| enabled: false | |
| k8s: | |
| replicaCount: 1 | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| telemetry: | |
| enabled: false | |
| k8s: | |
| env: | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| - name: GOMAXPROCS | |
| value: "6" | |
| hpaSpec: | |
| maxReplicas: 5 | |
| metrics: | |
| - resource: | |
| name: cpu | |
| targetAverageUtilization: 80 | |
| type: Resource | |
| minReplicas: 1 | |
| scaleTargetRef: | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| name: istio-telemetry | |
| replicaCount: 1 | |
| resources: | |
| limits: | |
| cpu: 4800m | |
| memory: 4G | |
| requests: | |
| cpu: 1000m | |
| memory: 1G | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 100% | |
| maxUnavailable: 25% | |
| hub: docker.io/istio | |
| tag: 1.5.1 | |
| values: | |
| clusterResources: true | |
| galley: | |
| enableAnalysis: false | |
| image: galley | |
| gateways: | |
| istio-egressgateway: | |
| autoscaleEnabled: true | |
| env: | |
| ISTIO_META_ROUTER_MODE: sni-dnat | |
| ports: | |
| - name: http2 | |
| port: 80 | |
| - name: https | |
| port: 443 | |
| - name: tls | |
| port: 15443 | |
| targetPort: 15443 | |
| secretVolumes: | |
| - mountPath: /etc/istio/egressgateway-certs | |
| name: egressgateway-certs | |
| secretName: istio-egressgateway-certs | |
| - mountPath: /etc/istio/egressgateway-ca-certs | |
| name: egressgateway-ca-certs | |
| secretName: istio-egressgateway-ca-certs | |
| type: ClusterIP | |
| istio-ingressgateway: | |
| applicationPorts: "" | |
| autoscaleEnabled: true | |
| debug: info | |
| domain: "" | |
| env: | |
| ISTIO_META_ROUTER_MODE: sni-dnat | |
| meshExpansionPorts: | |
| - name: tcp-pilot-grpc-tls | |
| port: 15011 | |
| targetPort: 15011 | |
| - name: tcp-citadel-grpc-tls | |
| port: 8060 | |
| targetPort: 8060 | |
| - name: tcp-dns-tls | |
| port: 853 | |
| targetPort: 853 | |
| ports: | |
| - name: status-port | |
| port: 15020 | |
| targetPort: 15020 | |
| - name: http2 | |
| port: 80 | |
| targetPort: 80 | |
| - name: https | |
| port: 443 | |
| - name: kiali | |
| port: 15029 | |
| targetPort: 15029 | |
| - name: prometheus | |
| port: 15030 | |
| targetPort: 15030 | |
| - name: grafana | |
| port: 15031 | |
| targetPort: 15031 | |
| - name: tracing | |
| port: 15032 | |
| targetPort: 15032 | |
| - name: tls | |
| port: 15443 | |
| targetPort: 15443 | |
| sds: | |
| enabled: false | |
| image: node-agent-k8s | |
| resources: | |
| limits: | |
| cpu: 2000m | |
| memory: 1024Mi | |
| requests: | |
| cpu: 100m | |
| memory: 128Mi | |
| secretVolumes: | |
| - mountPath: /etc/istio/ingressgateway-certs | |
| name: ingressgateway-certs | |
| secretName: istio-ingressgateway-certs | |
| - mountPath: /etc/istio/ingressgateway-ca-certs | |
| name: ingressgateway-ca-certs | |
| secretName: istio-ingressgateway-ca-certs | |
| type: LoadBalancer | |
| zvpn: | |
| enabled: false | |
| suffix: global | |
| global: | |
| arch: | |
| amd64: 2 | |
| ppc64le: 2 | |
| s390x: 2 | |
| certificates: [] | |
| configValidation: true | |
| controlPlaneSecurityEnabled: true | |
| defaultNodeSelector: {} | |
| defaultPodDisruptionBudget: | |
| enabled: true | |
| defaultResources: | |
| requests: | |
| cpu: 10m | |
| disablePolicyChecks: true | |
| enableHelmTest: false | |
| enableTracing: true | |
| imagePullPolicy: IfNotPresent | |
| imagePullSecrets: [] | |
| istioNamespace: istio-system | |
| istiod: | |
| enabled: true | |
| jwtPolicy: third-party-jwt | |
| k8sIngress: | |
| enableHttps: false | |
| enabled: false | |
| gatewayName: ingressgateway | |
| localityLbSetting: | |
| enabled: true | |
| logAsJson: false | |
| logging: | |
| level: default:info | |
| meshExpansion: | |
| enabled: false | |
| useILB: false | |
| meshNetworks: {} | |
| mountMtlsCerts: false | |
| mtls: | |
| auto: true | |
| enabled: false | |
| multiCluster: | |
| clusterName: "" | |
| enabled: false | |
| network: "" | |
| omitSidecarInjectorConfigMap: false | |
| oneNamespace: false | |
| operatorManageWebhooks: false | |
| outboundTrafficPolicy: | |
| mode: ALLOW_ANY | |
| pilotCertProvider: istiod | |
| policyCheckFailOpen: false | |
| priorityClassName: "" | |
| proxy: | |
| accessLogEncoding: TEXT | |
| accessLogFile: "/dev/stdout" | |
| accessLogFormat: "" | |
| autoInject: enabled | |
| clusterDomain: cluster.local | |
| componentLogLevel: misc:error | |
| concurrency: 2 | |
| dnsRefreshRate: 300s | |
| enableCoreDump: false | |
| envoyAccessLogService: | |
| enabled: false | |
| envoyMetricsService: | |
| enabled: false | |
| tcpKeepalive: | |
| interval: 10s | |
| probes: 3 | |
| time: 10s | |
| tlsSettings: | |
| mode: DISABLE | |
| subjectAltNames: [] | |
| envoyStatsd: | |
| enabled: false | |
| excludeIPRanges: "" | |
| excludeInboundPorts: "" | |
| excludeOutboundPorts: "" | |
| image: proxyv2 | |
| includeIPRanges: '*' | |
| includeInboundPorts: '*' | |
| kubevirtInterfaces: "" | |
| logLevel: warning | |
| privileged: false | |
| protocolDetectionTimeout: 100ms | |
| readinessFailureThreshold: 30 | |
| readinessInitialDelaySeconds: 1 | |
| readinessPeriodSeconds: 2 | |
| resources: | |
| limits: | |
| cpu: 2000m | |
| memory: 1024Mi | |
| requests: | |
| cpu: 100m | |
| memory: 128Mi | |
| statusPort: 15020 | |
| tracer: zipkin | |
| proxy_init: | |
| image: proxyv2 | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 50Mi | |
| requests: | |
| cpu: 10m | |
| memory: 10Mi | |
| sds: | |
| enabled: false | |
| token: | |
| aud: istio-ca | |
| udsPath: "" | |
| sts: | |
| servicePort: 0 | |
| tracer: | |
| datadog: | |
| address: $(HOST_IP):8126 | |
| lightstep: | |
| accessToken: "" | |
| address: "" | |
| cacertPath: "" | |
| secure: true | |
| stackdriver: | |
| debug: false | |
| maxNumberOfAnnotations: 200 | |
| maxNumberOfAttributes: 200 | |
| maxNumberOfMessageEvents: 200 | |
| zipkin: | |
| address: "" | |
| trustDomain: cluster.local | |
| useMCP: false | |
| grafana: | |
| accessMode: ReadWriteMany | |
| contextPath: /grafana | |
| dashboardProviders: | |
| dashboardproviders.yaml: | |
| apiVersion: 1 | |
| providers: | |
| - disableDeletion: false | |
| folder: istio | |
| name: istio | |
| options: | |
| path: /var/lib/grafana/dashboards/istio | |
| orgId: 1 | |
| type: file | |
| datasources: | |
| datasources.yaml: | |
| apiVersion: 1 | |
| env: {} | |
| envSecrets: {} | |
| image: | |
| repository: grafana/grafana | |
| tag: 6.5.2 | |
| ingress: | |
| enabled: false | |
| hosts: | |
| - grafana.local | |
| nodeSelector: {} | |
| persist: false | |
| podAntiAffinityLabelSelector: [] | |
| podAntiAffinityTermLabelSelector: [] | |
| security: | |
| enabled: false | |
| passphraseKey: passphrase | |
| secretName: grafana | |
| usernameKey: username | |
| service: | |
| annotations: {} | |
| externalPort: 3000 | |
| name: http | |
| type: ClusterIP | |
| storageClassName: "" | |
| tolerations: [] | |
| istiocoredns: | |
| coreDNSImage: coredns/coredns | |
| coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1 | |
| coreDNSTag: 1.6.2 | |
| kiali: | |
| contextPath: /kiali | |
| createDemoSecret: true | |
| dashboard: | |
| grafanaInClusterURL: http://grafana:3000 | |
| jaegerInClusterURL: http://tracing/jaeger | |
| passphraseKey: passphrase | |
| secretName: kiali | |
| usernameKey: username | |
| viewOnlyMode: false | |
| hub: quay.io/kiali | |
| ingress: | |
| enabled: false | |
| hosts: | |
| - kiali.local | |
| nodeSelector: {} | |
| podAntiAffinityLabelSelector: [] | |
| podAntiAffinityTermLabelSelector: [] | |
| security: | |
| cert_file: /kiali-cert/cert-chain.pem | |
| enabled: false | |
| private_key_file: /kiali-cert/key.pem | |
| tag: v1.14 | |
| mixer: | |
| adapters: | |
| kubernetesenv: | |
| enabled: true | |
| prometheus: | |
| enabled: true | |
| metricsExpiryDuration: 10m | |
| stackdriver: | |
| auth: | |
| apiKey: "" | |
| appCredentials: false | |
| serviceAccountPath: "" | |
| enabled: false | |
| tracer: | |
| enabled: false | |
| sampleProbability: 1 | |
| stdio: | |
| enabled: false | |
| outputAsJson: false | |
| useAdapterCRDs: false | |
| policy: | |
| adapters: | |
| kubernetesenv: | |
| enabled: true | |
| useAdapterCRDs: false | |
| autoscaleEnabled: true | |
| image: mixer | |
| sessionAffinityEnabled: false | |
| telemetry: | |
| autoscaleEnabled: true | |
| env: | |
| GOMAXPROCS: "6" | |
| image: mixer | |
| loadshedding: | |
| latencyThreshold: 100ms | |
| mode: enforce | |
| nodeSelector: {} | |
| podAntiAffinityLabelSelector: [] | |
| podAntiAffinityTermLabelSelector: [] | |
| replicaCount: 1 | |
| reportBatchMaxEntries: 100 | |
| reportBatchMaxTime: 1s | |
| sessionAffinityEnabled: false | |
| tolerations: [] | |
| nodeagent: | |
| image: node-agent-k8s | |
| pilot: | |
| appNamespaces: [] | |
| autoscaleEnabled: true | |
| autoscaleMax: 5 | |
| autoscaleMin: 1 | |
| configMap: true | |
| configNamespace: istio-config | |
| cpu: | |
| targetAverageUtilization: 80 | |
| enableProtocolSniffingForInbound: false | |
| enableProtocolSniffingForOutbound: true | |
| env: {} | |
| image: pilot | |
| ingress: | |
| ingressClass: istio | |
| ingressControllerMode: STRICT | |
| ingressService: istio-ingressgateway | |
| keepaliveMaxServerConnectionAge: 30m | |
| meshNetworks: | |
| networks: {} | |
| nodeSelector: {} | |
| podAntiAffinityLabelSelector: [] | |
| podAntiAffinityTermLabelSelector: [] | |
| policy: | |
| enabled: false | |
| replicaCount: 1 | |
| tolerations: [] | |
| traceSampling: 1 | |
| prometheus: | |
| contextPath: /prometheus | |
| hub: docker.io/prom | |
| ingress: | |
| enabled: false | |
| hosts: | |
| - prometheus.local | |
| nodeSelector: {} | |
| podAntiAffinityLabelSelector: [] | |
| podAntiAffinityTermLabelSelector: [] | |
| provisionPrometheusCert: true | |
| retention: 6h | |
| scrapeInterval: 15s | |
| security: | |
| enabled: true | |
| tag: v2.15.1 | |
| tolerations: [] | |
| security: | |
| dnsCerts: | |
| istio-pilot-service-account.istio-control: istio-pilot.istio-control | |
| enableNamespacesByDefault: true | |
| image: citadel | |
| selfSigned: true | |
| sidecarInjectorWebhook: | |
| enableNamespacesByDefault: false | |
| image: sidecar_injector | |
| injectLabel: istio-injection | |
| objectSelector: | |
| autoInject: true | |
| enabled: false | |
| rewriteAppHTTPProbe: false | |
| selfSigned: false | |
| telemetry: | |
| enabled: true | |
| v1: | |
| enabled: false | |
| v2: | |
| enabled: true | |
| prometheus: | |
| enabled: true | |
| stackdriver: | |
| configOverride: {} | |
| enabled: true | |
| logging: true | |
| monitoring: true | |
| topology: true | |
| tracing: | |
| ingress: | |
| enabled: false | |
| jaeger: | |
| accessMode: ReadWriteMany | |
| hub: docker.io/jaegertracing | |
| memory: | |
| max_traces: 50000 | |
| persist: false | |
| spanStorageType: badger | |
| storageClassName: "" | |
| tag: "1.16" | |
| nodeSelector: {} | |
| opencensus: | |
| exporters: | |
| stackdriver: | |
| enable_tracing: true | |
| hub: docker.io/omnition | |
| resources: | |
| limits: | |
| cpu: "1" | |
| memory: 2Gi | |
| requests: | |
| cpu: 200m | |
| memory: 400Mi | |
| tag: 0.1.9 | |
| podAntiAffinityLabelSelector: [] | |
| podAntiAffinityTermLabelSelector: [] | |
| provider: jaeger | |
| service: | |
| annotations: {} | |
| externalPort: 9411 | |
| name: http-query | |
| type: ClusterIP | |
| zipkin: | |
| hub: docker.io/openzipkin | |
| javaOptsHeap: 700 | |
| maxSpans: 500000 | |
| node: | |
| cpus: 2 | |
| probeStartupDelay: 200 | |
| queryPort: 9411 | |
| resources: | |
| limits: | |
| cpu: 300m | |
| memory: 900Mi | |
| requests: | |
| cpu: 150m | |
| memory: 900Mi | |
| tag: 2.14.2 | |
| version: "" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment