Skip to content

Instantly share code, notes, and snippets.

@askmeegs

askmeegs/install-ilbgateway.yaml

Created April 19, 2020 14:05
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save askmeegs/3b1baa380c731ea9eb3759ad2dac9f20 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save askmeegs/3b1baa380c731ea9eb3759ad2dac9f20 to your computer and use it in GitHub Desktop.
Download ZIP
install-ilbgateway.yaml
Raw
install-ilbgateway.yaml
# ILB config source - https://github.com/istio/istio/issues/20033
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
addonComponents:
grafana:
enabled: true
k8s:
replicaCount: 1
istiocoredns:
enabled: false
kiali:
enabled: true
k8s:
replicaCount: 1
prometheus:
enabled: true
k8s:
replicaCount: 1
tracing:
enabled: true
components:
base:
enabled: true
citadel:
enabled: false
k8s:
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
cni:
enabled: false
egressGateways:
- enabled: false
k8s:
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-ingressgateway
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
name: istio-egressgateway
galley:
enabled: false
k8s:
replicaCount: 1
resources:
requests:
cpu: 100m
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
ingressGateways:
- enabled: true
k8s:
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-ingressgateway
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
name: istio-ingressgateway
- name: istio-ilbgateway
enabled: true
namespace: istio-system
k8s:
serviceAnnotations:
cloud.google.com/load-balancer-type: "internal"
overlays:
- kind: HorizontalPodAutoscaler
name: istio-ilbgateway
patches:
- path: metadata.labels.app
value: istio-ilbgateway
- path: metadata.labels.istio
value: ilbgateway
- kind: Deployment
name: istio-ilbgateway
patches:
- path: metadata.labels.app
value: istio-ilbgateway
- path: metadata.labels.istio
value: ilbgateway
- path: spec.selector.matchLabels.app
value: istio-ilbgateway
- path: spec.selector.matchLabels.istio
value: ilbgateway
- path: spec.template.metadata.labels.app
value: istio-ilbgateway
- path: spec.template.metadata.labels.istio
value: ilbgateway
- kind: Gateway
name: ingressgateway
patches:
- path: metadata.name
value: ilbgateway
- path: spec.selector.istio
value: ilbgateway
- kind: PodDisruptionBudget
name: ingressgateway
patches:
- path: metadata.name
value: ilbgateway
- path: metadata.labels.app
value: istio-ilbgateway
- path: metadata.labels.istio
value: ilbgateway
- path: spec.selector.matchLabels.app
value: istio-ilbgateway
- path: spec.selector.matchLabels.istio
value: ilbgateway
- kind: Service
name: istio-ilbgateway
patches:
- path: metadata.labels.app
value: istio-ilbgateway
- path: metadata.labels.istio
value: ilbgateway
- path: spec.selector.app
value: istio-ilbgateway
- path: spec.selector.istio
value: ilbgateway
- kind: ServiceAccount
name: istio-ingressgateway-service-account
patches:
- path: metadata.labels.app
value: istio-ilbgateway
- path: metadata.labels.istio
value: ilbgateway
nodeAgent:
enabled: false
pilot:
enabled: true
k8s:
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
resources:
requests:
cpu: 500m
memory: 2048Mi
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
policy:
enabled: false
k8s:
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-policy
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
sidecarInjector:
enabled: false
k8s:
replicaCount: 1
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
telemetry:
enabled: false
k8s:
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: GOMAXPROCS
value: "6"
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-telemetry
replicaCount: 1
resources:
limits:
cpu: 4800m
memory: 4G
requests:
cpu: 1000m
memory: 1G
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
hub: docker.io/istio
tag: 1.5.1
values:
clusterResources: true
galley:
enableAnalysis: false
image: galley
gateways:
istio-egressgateway:
autoscaleEnabled: true
env:
ISTIO_META_ROUTER_MODE: sni-dnat
ports:
- name: http2
port: 80
- name: https
port: 443
- name: tls
port: 15443
targetPort: 15443
secretVolumes:
- mountPath: /etc/istio/egressgateway-certs
name: egressgateway-certs
secretName: istio-egressgateway-certs
- mountPath: /etc/istio/egressgateway-ca-certs
name: egressgateway-ca-certs
secretName: istio-egressgateway-ca-certs
type: ClusterIP
istio-ingressgateway:
applicationPorts: ""
autoscaleEnabled: true
debug: info
domain: ""
env:
ISTIO_META_ROUTER_MODE: sni-dnat
meshExpansionPorts:
- name: tcp-pilot-grpc-tls
port: 15011
targetPort: 15011
- name: tcp-citadel-grpc-tls
port: 8060
targetPort: 8060
- name: tcp-dns-tls
port: 853
targetPort: 853
ports:
- name: status-port
port: 15020
targetPort: 15020
- name: http2
port: 80
targetPort: 80
- name: https
port: 443
- name: kiali
port: 15029
targetPort: 15029
- name: prometheus
port: 15030
targetPort: 15030
- name: grafana
port: 15031
targetPort: 15031
- name: tracing
port: 15032
targetPort: 15032
- name: tls
port: 15443
targetPort: 15443
sds:
enabled: false
image: node-agent-k8s
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
secretVolumes:
- mountPath: /etc/istio/ingressgateway-certs
name: ingressgateway-certs
secretName: istio-ingressgateway-certs
- mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs
secretName: istio-ingressgateway-ca-certs
type: LoadBalancer
zvpn:
enabled: false
suffix: global
global:
arch:
amd64: 2
ppc64le: 2
s390x: 2
certificates: []
configValidation: true
controlPlaneSecurityEnabled: true
defaultNodeSelector: {}
defaultPodDisruptionBudget:
enabled: true
defaultResources:
requests:
cpu: 10m
disablePolicyChecks: true
enableHelmTest: false
enableTracing: true
imagePullPolicy: IfNotPresent
imagePullSecrets: []
istioNamespace: istio-system
istiod:
enabled: true
jwtPolicy: third-party-jwt
k8sIngress:
enableHttps: false
enabled: false
gatewayName: ingressgateway
localityLbSetting:
enabled: true
logAsJson: false
logging:
level: default:info
meshExpansion:
enabled: false
useILB: false
meshNetworks: {}
mountMtlsCerts: false
mtls:
auto: true
enabled: false
multiCluster:
clusterName: ""
enabled: false
network: ""
omitSidecarInjectorConfigMap: false
oneNamespace: false
operatorManageWebhooks: false
outboundTrafficPolicy:
mode: ALLOW_ANY
pilotCertProvider: istiod
policyCheckFailOpen: false
priorityClassName: ""
proxy:
accessLogEncoding: TEXT
accessLogFile: "/dev/stdout"
accessLogFormat: ""
autoInject: enabled
clusterDomain: cluster.local
componentLogLevel: misc:error
concurrency: 2
dnsRefreshRate: 300s
enableCoreDump: false
envoyAccessLogService:
enabled: false
envoyMetricsService:
enabled: false
tcpKeepalive:
interval: 10s
probes: 3
time: 10s
tlsSettings:
mode: DISABLE
subjectAltNames: []
envoyStatsd:
enabled: false
excludeIPRanges: ""
excludeInboundPorts: ""
excludeOutboundPorts: ""
image: proxyv2
includeIPRanges: '*'
includeInboundPorts: '*'
kubevirtInterfaces: ""
logLevel: warning
privileged: false
protocolDetectionTimeout: 100ms
readinessFailureThreshold: 30
readinessInitialDelaySeconds: 1
readinessPeriodSeconds: 2
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
statusPort: 15020
tracer: zipkin
proxy_init:
image: proxyv2
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 10m
memory: 10Mi
sds:
enabled: false
token:
aud: istio-ca
udsPath: ""
sts:
servicePort: 0
tracer:
datadog:
address: $(HOST_IP):8126
lightstep:
accessToken: ""
address: ""
cacertPath: ""
secure: true
stackdriver:
debug: false
maxNumberOfAnnotations: 200
maxNumberOfAttributes: 200
maxNumberOfMessageEvents: 200
zipkin:
address: ""
trustDomain: cluster.local
useMCP: false
grafana:
accessMode: ReadWriteMany
contextPath: /grafana
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- disableDeletion: false
folder: istio
name: istio
options:
path: /var/lib/grafana/dashboards/istio
orgId: 1
type: file
datasources:
datasources.yaml:
apiVersion: 1
env: {}
envSecrets: {}
image:
repository: grafana/grafana
tag: 6.5.2
ingress:
enabled: false
hosts:
- grafana.local
nodeSelector: {}
persist: false
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
security:
enabled: false
passphraseKey: passphrase
secretName: grafana
usernameKey: username
service:
annotations: {}
externalPort: 3000
name: http
type: ClusterIP
storageClassName: ""
tolerations: []
istiocoredns:
coreDNSImage: coredns/coredns
coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1
coreDNSTag: 1.6.2
kiali:
contextPath: /kiali
createDemoSecret: true
dashboard:
grafanaInClusterURL: http://grafana:3000
jaegerInClusterURL: http://tracing/jaeger
passphraseKey: passphrase
secretName: kiali
usernameKey: username
viewOnlyMode: false
hub: quay.io/kiali
ingress:
enabled: false
hosts:
- kiali.local
nodeSelector: {}
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
security:
cert_file: /kiali-cert/cert-chain.pem
enabled: false
private_key_file: /kiali-cert/key.pem
tag: v1.14
mixer:
adapters:
kubernetesenv:
enabled: true
prometheus:
enabled: true
metricsExpiryDuration: 10m
stackdriver:
auth:
apiKey: ""
appCredentials: false
serviceAccountPath: ""
enabled: false
tracer:
enabled: false
sampleProbability: 1
stdio:
enabled: false
outputAsJson: false
useAdapterCRDs: false
policy:
adapters:
kubernetesenv:
enabled: true
useAdapterCRDs: false
autoscaleEnabled: true
image: mixer
sessionAffinityEnabled: false
telemetry:
autoscaleEnabled: true
env:
GOMAXPROCS: "6"
image: mixer
loadshedding:
latencyThreshold: 100ms
mode: enforce
nodeSelector: {}
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
replicaCount: 1
reportBatchMaxEntries: 100
reportBatchMaxTime: 1s
sessionAffinityEnabled: false
tolerations: []
nodeagent:
image: node-agent-k8s
pilot:
appNamespaces: []
autoscaleEnabled: true
autoscaleMax: 5
autoscaleMin: 1
configMap: true
configNamespace: istio-config
cpu:
targetAverageUtilization: 80
enableProtocolSniffingForInbound: false
enableProtocolSniffingForOutbound: true
env: {}
image: pilot
ingress:
ingressClass: istio
ingressControllerMode: STRICT
ingressService: istio-ingressgateway
keepaliveMaxServerConnectionAge: 30m
meshNetworks:
networks: {}
nodeSelector: {}
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
policy:
enabled: false
replicaCount: 1
tolerations: []
traceSampling: 1
prometheus:
contextPath: /prometheus
hub: docker.io/prom
ingress:
enabled: false
hosts:
- prometheus.local
nodeSelector: {}
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
provisionPrometheusCert: true
retention: 6h
scrapeInterval: 15s
security:
enabled: true
tag: v2.15.1
tolerations: []
security:
dnsCerts:
istio-pilot-service-account.istio-control: istio-pilot.istio-control
enableNamespacesByDefault: true
image: citadel
selfSigned: true
sidecarInjectorWebhook:
enableNamespacesByDefault: false
image: sidecar_injector
injectLabel: istio-injection
objectSelector:
autoInject: true
enabled: false
rewriteAppHTTPProbe: false
selfSigned: false
telemetry:
enabled: true
v1:
enabled: false
v2:
enabled: true
prometheus:
enabled: true
stackdriver:
configOverride: {}
enabled: true
logging: true
monitoring: true
topology: true
tracing:
ingress:
enabled: false
jaeger:
accessMode: ReadWriteMany
hub: docker.io/jaegertracing
memory:
max_traces: 50000
persist: false
spanStorageType: badger
storageClassName: ""
tag: "1.16"
nodeSelector: {}
opencensus:
exporters:
stackdriver:
enable_tracing: true
hub: docker.io/omnition
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 200m
memory: 400Mi
tag: 0.1.9
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []
provider: jaeger
service:
annotations: {}
externalPort: 9411
name: http-query
type: ClusterIP
zipkin:
hub: docker.io/openzipkin
javaOptsHeap: 700
maxSpans: 500000
node:
cpus: 2
probeStartupDelay: 200
queryPort: 9411
resources:
limits:
cpu: 300m
memory: 900Mi
requests:
cpu: 150m
memory: 900Mi
tag: 2.14.2
version: ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment