Blame - charts/k8s-gerrit/istio/gerrit.profile.yaml - pcloud

blob: d81dea6819f8d80dfeaa7448cb6847084ae28b0f [file] [log] [blame]

Giorgi Lekveishvili	285ab62	2023-11-22 13:50:45 +0400	[diff] [blame]	1	apiVersion: install.istio.io/v1alpha1
				2	kind: IstioOperator
				3	spec:
				4	components:
				5	base:
				6	enabled: true
				7	cni:
				8	enabled: false
				9	egressGateways:
				10	- enabled: false
				11	k8s:
				12	env:
				13	- name: ISTIO_META_ROUTER_MODE
				14	value: standard
				15	hpaSpec:
				16	maxReplicas: 5
				17	metrics:
				18	- resource:
				19	name: cpu
				20	target:
				21	type: Utilization
				22	averageUtilization: 80
				23	type: Resource
				24	minReplicas: 1
				25	scaleTargetRef:
				26	apiVersion: apps/v1
				27	kind: Deployment
				28	name: istio-egressgateway
				29	resources:
				30	limits:
				31	cpu: 2000m
				32	memory: 1024Mi
				33	requests:
				34	cpu: 100m
				35	memory: 128Mi
				36	service:
				37	ports:
				38	- name: http2
				39	port: 80
				40	protocol: TCP
				41	targetPort: 8080
				42	- name: https
				43	port: 443
				44	protocol: TCP
				45	targetPort: 8443
				46	- name: tls
				47	port: 15443
				48	protocol: TCP
				49	targetPort: 15443
				50	strategy:
				51	rollingUpdate:
				52	maxSurge: 100%
				53	maxUnavailable: 25%
				54	name: istio-egressgateway
				55	ingressGateways:
				56	- enabled: true
				57	k8s:
				58	env:
				59	- name: ISTIO_META_ROUTER_MODE
				60	value: standard
				61	hpaSpec:
				62	maxReplicas: 5
				63	metrics:
				64	- resource:
				65	name: cpu
				66	target:
				67	type: Utilization
				68	averageUtilization: 80
				69	type: Resource
				70	minReplicas: 5
				71	scaleTargetRef:
				72	apiVersion: apps/v1
				73	kind: Deployment
				74	name: istio-ingressgateway
				75	resources:
				76	limits:
				77	cpu: 2000m
				78	memory: 1024Mi
				79	requests:
				80	cpu: 100m
				81	memory: 128Mi
				82	service:
				83	ports:
				84	- name: status-port
				85	port: 15021
				86	protocol: TCP
				87	targetPort: 15021
				88	- name: http2
				89	port: 80
				90	protocol: TCP
				91	targetPort: 8080
				92	- name: https
				93	port: 443
				94	protocol: TCP
				95	targetPort: 8443
				96	- name: tcp-istiod
				97	port: 15012
				98	protocol: TCP
				99	targetPort: 15012
				100	# - name: tls
				101	# port: 15443
				102	# protocol: TCP
				103	# targetPort: 15443
				104	- name: ssh
				105	port: 29418
				106	protocol: TCP
				107	targetPort: 29418
				108	strategy:
				109	rollingUpdate:
				110	maxSurge: 100%
				111	maxUnavailable: 25%
				112	overlays:
				113	- kind: Service
				114	name: istio-ingressgateway
				115	patches:
				116	- path: spec.loadBalancerIP
				117	# TO_BE_CHANGED: Change IP
				118	#value: xxx.xxx.xxx.xxx
				119	- path: spec.loadBalancerSourceRanges
				120	# TO_BE_CHANGED: Change IP-Range to whitelist
				121	# value:
				122	# - 0.0.0.0/32
				123	- path: metadata.annotations
				124	# TO_BE_CHANGED: Annotations to be set in the service, e.g. to
				125	# configure automated DNS and certificate management in Gardener
				126	# value:
				127	# dns.gardener.cloud/dnsnames: '*.example.com'
				128	# dns.gardener.cloud/class: garden
				129	# dns.gardener.cloud/ttl: "600"
				130	# cert.gardener.cloud/commonName: '*.example.com'
				131	# cert.gardener.cloud/purpose: managed
				132	# cert.gardener.cloud/secretname: tls-secret
				133	name: istio-ingressgateway
				134	istiodRemote:
				135	enabled: false
				136	pilot:
				137	enabled: true
				138	k8s:
				139	env:
				140	- name: POD_NAME
				141	valueFrom:
				142	fieldRef:
				143	apiVersion: v1
				144	fieldPath: metadata.name
				145	- name: POD_NAMESPACE
				146	valueFrom:
				147	fieldRef:
				148	apiVersion: v1
				149	fieldPath: metadata.namespace
				150	hpaSpec:
				151	minReplicas: 2
				152	readinessProbe:
				153	httpGet:
				154	path: /ready
				155	port: 8080
				156	initialDelaySeconds: 1
				157	periodSeconds: 3
				158	timeoutSeconds: 5
				159	strategy:
				160	rollingUpdate:
				161	maxSurge: 100%
				162	maxUnavailable: 50%
				163	hub: docker.io/istio
				164	meshConfig:
				165	accessLogFile: /dev/stdout
				166	defaultConfig:
				167	proxyMetadata: {}
				168	enablePrometheusMerge: true
				169	profile: default
				170	tag: 1.16.0
				171	values:
				172	base:
				173	enableCRDTemplates: false
				174	validationURL: ""
				175	gateways:
				176	istio-egressgateway:
				177	autoscaleEnabled: true
				178	env: {}
				179	name: istio-egressgateway
				180	secretVolumes:
				181	- mountPath: /etc/istio/egressgateway-certs
				182	name: egressgateway-certs
				183	secretName: istio-egressgateway-certs
				184	- mountPath: /etc/istio/egressgateway-ca-certs
				185	name: egressgateway-ca-certs
				186	secretName: istio-egressgateway-ca-certs
				187	type: ClusterIP
				188	istio-ingressgateway:
				189	autoscaleEnabled: true
				190	env: {}
				191	name: istio-ingressgateway
				192	secretVolumes:
				193	- mountPath: /etc/istio/ingressgateway-certs
				194	name: ingressgateway-certs
				195	secretName: istio-ingressgateway-certs
				196	- mountPath: /etc/istio/ingressgateway-ca-certs
				197	name: ingressgateway-ca-certs
				198	secretName: istio-ingressgateway-ca-certs
				199	type: LoadBalancer
				200	global:
				201	configValidation: true
				202	defaultNodeSelector: {}
				203	defaultPodDisruptionBudget:
				204	enabled: true
				205	defaultResources:
				206	requests:
				207	cpu: 10m
				208	imagePullPolicy: ""
				209	imagePullSecrets: []
				210	istioNamespace: istio-system
				211	istiod:
				212	enableAnalysis: false
				213	jwtPolicy: third-party-jwt
				214	logAsJson: false
				215	logging:
				216	level: default:info
				217	meshNetworks: {}
				218	mountMtlsCerts: false
				219	multiCluster:
				220	clusterName: ""
				221	enabled: false
				222	network: ""
				223	omitSidecarInjectorConfigMap: false
				224	oneNamespace: false
				225	operatorManageWebhooks: false
				226	pilotCertProvider: istiod
				227	priorityClassName: ""
				228	proxy:
				229	autoInject: enabled
				230	clusterDomain: cluster.local
				231	componentLogLevel: misc:error
				232	enableCoreDump: false
				233	excludeIPRanges: ""
				234	excludeInboundPorts: ""
				235	excludeOutboundPorts: ""
				236	image: proxyv2
				237	includeIPRanges: '*'
				238	# Use this value, if more detailed logging output is needed, e.g. for
				239	# debugging.
				240	logLevel: warning
				241	privileged: false
				242	readinessFailureThreshold: 30
				243	readinessInitialDelaySeconds: 1
				244	readinessPeriodSeconds: 2
				245	resources:
				246	limits:
				247	cpu: 2000m
				248	memory: 1024Mi
				249	requests:
				250	cpu: 100m
				251	memory: 128Mi
				252	statusPort: 15020
				253	tracer: zipkin
				254	proxy_init:
				255	image: proxyv2
				256	resources:
				257	limits:
				258	cpu: 2000m
				259	memory: 1024Mi
				260	requests:
				261	cpu: 10m
				262	memory: 10Mi
				263	sds:
				264	token:
				265	aud: istio-ca
				266	sts:
				267	servicePort: 0
				268	tracer:
				269	datadog: {}
				270	lightstep: {}
				271	stackdriver: {}
				272	zipkin: {}
				273	useMCP: false
				274	istiodRemote:
				275	injectionURL: ""
				276	pilot:
				277	autoscaleEnabled: true
				278	autoscaleMax: 5
				279	autoscaleMin: 2
				280	configMap: true
				281	cpu:
				282	targetAverageUtilization: 80
				283	enableProtocolSniffingForInbound: true
				284	enableProtocolSniffingForOutbound: true
				285	env: {}
				286	image: pilot
				287	keepaliveMaxServerConnectionAge: 24h
				288	nodeSelector: {}
				289	podLabels: {}
				290	replicaCount: 1
				291	traceSampling: 1
				292	sidecarInjectorWebhook:
				293	enableNamespacesByDefault: false
				294	objectSelector:
				295	autoInject: true
				296	enabled: false
				297	rewriteAppHTTPProbe: true
				298	telemetry:
				299	enabled: true
				300	v2:
				301	enabled: true
				302	metadataExchange:
				303	wasmEnabled: false
				304	prometheus:
				305	enabled: true
				306	wasmEnabled: false
				307	stackdriver:
				308	configOverride: {}
				309	enabled: false
				310	logging: false
				311	monitoring: false
				312	topology: false