istio-controlplane values.yaml
📜
profile📜
Type: string
"default"
Description: The istio profile to use
hub📜
Type: string
"registry1.dso.mil/ironbank/opensource/istio"
Description: The hub to use for all images, images are built as “.Values.hub/
tag📜
Type: string
"1.19.0"
Description: The tag to use for all images
enterprise📜
Type: bool
false
Description: Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support, validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
tidHub📜
Type: string
"registry1.dso.mil/ironbank/tetrate/istio"
tidTag📜
Type: string
"1.18.2-tetratefips-v0"
domain📜
Type: string
"bigbang.dev"
Description: The domain to use for the default gateway
mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
revision📜
Type: string
""
Description: Revision of the Istio control plane
openshift📜
Type: bool
false
Description: Openshift feature switch toggle
imagePullSecrets📜
Type: list
[]
Default value (formatted)
[]
Description: Pull secrets for images
monitoring📜
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Big Bang Monitoring interaction controls
monitoring.enabled📜
Type: bool
false
Description: Toggle monitoring on/off (controls networkPolicies)
kiali📜
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Big Bang Kiali interaction controls
kiali.enabled📜
Type: bool
false
Description: Toggle kiali on/off (controls networkPolicies)
authservice📜
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: If authservice is enabled, it will be added to extension providers as an external authorization system. https://istio.io/latest/docs/tasks/security/authorization/authz-custom/
ingressGateways📜
Type: object
{"istio-ingressgateway":{"enabled":true,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}}
Default value (formatted)
{
"istio-ingressgateway": {
"enabled": true,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
}
Description: Ingress gateways, The following items are automatically set for every ingress gateway: - label: “app: {name of ingress gateway}”
ingressGateways.istio-ingressgateway📜
Type: object
{"enabled":true,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}
Default value (formatted)
{
"enabled": true,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
Description: This key becomes the name of the ingressGateway
ingressGateways.istio-ingressgateway.extraLabels📜
Type: object
{}
Default value (formatted)
{}
Description: Labels to use for selecting the ingress gateway from the service Automatic labels: ‘app: {ingress gateway name}’ and istio: ingressgateway
ingressGateways.istio-ingressgateway.k8s📜
Type: object
{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
Description: Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
ingressGateways.istio-ingressgateway.k8s.service.type📜
Type: string
"LoadBalancer"
Description: “LoadBalancer” or “NodePort”
ingressGateways.istio-ingressgateway.k8s.podAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
ingressGateways.istio-ingressgateway.k8s.serviceAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
ingressGateways.istio-ingressgateway.k8s.nodeSelector📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
ingressGateways.istio-ingressgateway.k8s.affinity📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
ingressGateways.istio-ingressgateway.k8s.tolerations📜
Type: list
[]
Default value (formatted)
[]
Description: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
egressGateways📜
Type: object
{"istio-egressgateway":{"enabled":false,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}}
Default value (formatted)
{
"istio-egressgateway": {
"enabled": false,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
}
Description: Egress gateways, The following items are automatically set for every egress gateway: - label: “app: {name of egress gateway}”
egressGateways.istio-egressgateway📜
Type: object
{"enabled":false,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}
Default value (formatted)
{
"enabled": false,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
Description: This key becomes the name of the egressGateway
egressGateways.istio-egressgateway.extraLabels📜
Type: object
{}
Default value (formatted)
{}
Description: Labels to use for selecting the egress gateway from the service Automatic labels: ‘app: {egress gateway name}’ and istio: egressgateway
egressGateways.istio-egressgateway.k8s📜
Type: object
{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
Description: Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
egressGateways.istio-egressgateway.k8s.service.type📜
Type: string
"LoadBalancer"
Description: “LoadBalancer” or “NodePort”
egressGateways.istio-egressgateway.k8s.podAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
egressGateways.istio-egressgateway.k8s.serviceAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
egressGateways.istio-egressgateway.k8s.nodeSelector📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
egressGateways.istio-egressgateway.k8s.affinity📜
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
egressGateways.istio-egressgateway.k8s.tolerations📜
Type: list
[]
Default value (formatted)
[]
Description: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
gateways📜
Type: object
{"main":{"autoHttpRedirect":{"enabled":true},"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.{{ .Values.domain }}"],"port":{"name":"https","number":8443,"protocol":"HTTPS"},"tls":{"credentialName":"wildcard-cert","mode":"SIMPLE"}}]}}
Default value (formatted)
{
"main": {
"autoHttpRedirect": {
"enabled": true
},
"selector": {
"app": "istio-ingressgateway"
},
"servers": [
{
"hosts": [
"*.{{ .Values.domain }}"
],
"port": {
"name": "https",
"number": 8443,
"protocol": "HTTPS"
},
"tls": {
"credentialName": "wildcard-cert",
"mode": "SIMPLE"
}
}
]
}
}
Description: See https://istio.io/latest/docs/reference/config/networking/gateway/#Gateway for spec
gateways.main📜
Type: object
{"autoHttpRedirect":{"enabled":true},"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.{{ .Values.domain }}"],"port":{"name":"https","number":8443,"protocol":"HTTPS"},"tls":{"credentialName":"wildcard-cert","mode":"SIMPLE"}}]}
Default value (formatted)
{
"autoHttpRedirect": {
"enabled": true
},
"selector": {
"app": "istio-ingressgateway"
},
"servers": [
{
"hosts": [
"*.{{ .Values.domain }}"
],
"port": {
"name": "https",
"number": 8443,
"protocol": "HTTPS"
},
"tls": {
"credentialName": "wildcard-cert",
"mode": "SIMPLE"
}
}
]
}
Description: This key becomes the name of the gateway
gateways.main.autoHttpRedirect📜
Type: object
{"enabled":true}
Default value (formatted)
{
"enabled": true
}
Description: Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. Must add in HTTP server config if disabling.
istiod📜
Type: object
{"affinity":{},"env":[],"hpaSpec":{"maxReplicas":3,"metrics":[{"resource":{"name":"cpu","target":{"averageUtilization":60,"type":"Utilization"}},"type":"Resource"}],"minReplicas":1},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"2Gi"}},"serviceAnnotations":{},"strategy":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"env": [],
"hpaSpec": {
"maxReplicas": 3,
"metrics": [
{
"resource": {
"name": "cpu",
"target": {
"averageUtilization": 60,
"type": "Utilization"
}
},
"type": "Resource"
}
],
"minReplicas": 1
},
"nodeSelector": {},
"podAnnotations": {},
"replicaCount": 1,
"resources": {
"limits": {
"cpu": "500m",
"memory": "2Gi"
},
"requests": {
"cpu": "500m",
"memory": "2Gi"
}
},
"serviceAnnotations": {},
"strategy": {},
"tolerations": []
}
Description: istiod / pilot configuration
istiod.podAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
istiod.serviceAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
istiod.nodeSelector📜
Type: object
{}
Default value (formatted)
{}
Description: k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
istiod.affinity📜
Type: object
{}
Default value (formatted)
{}
Description: k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
istiod.tolerations📜
Type: list
[]
Default value (formatted)
[]
Description: k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tracing.enabled📜
Type: bool
false
tracing.address📜
Type: string
"jaeger-collector.jaeger.svc"
tracing.port📜
Type: int
9411
tracing.sampling📜
Type: int
10
Description: percent of traces to send to jaeger
cni.image.hub📜
Type: string
"registry1.dso.mil/ironbank/opensource/istio"
cni.image.name📜
Type: string
"install-cni"
cni.image.tag📜
Type: string
"1.19.0"
cni.podAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
cni.nodeSelector📜
Type: object
{}
Default value (formatted)
{}
Description: k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
cni.affinity📜
Type: object
{}
Default value (formatted)
{}
Description: k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
cni.tolerations📜
Type: list
[]
Default value (formatted)
[]
Description: k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
meshConfig📜
Type: object
{"meshMTLS":{"minProtocolVersion":"TLSV1_2"}}
Default value (formatted)
{
"meshMTLS": {
"minProtocolVersion": "TLSV1_2"
}
}
Description: Global mesh-wide settings https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig
defaultConfig📜
Type: object
{}
Default value (formatted)
{}
Description: Default Proxy Config for the entire mesh (inserts under meshConfig in IstioOperator resource)
values.global📜
Type: object
{"proxy":{"resources":{"limits":{"cpu":"100m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}},"proxy_init":{"resources":{"limits":{"cpu":"100m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}}}
Default value (formatted)
{
"proxy": {
"resources": {
"limits": {
"cpu": "100m",
"memory": "256Mi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
}
},
"proxy_init": {
"resources": {
"limits": {
"cpu": "100m",
"memory": "256Mi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
}
}
}
Description: Global IstioOperator values
values.defaultRevision📜
Type: string
"default"
Description: Set defaultRevision name, must be non-empty to deploy validating webhook
values.pilot📜
Type: object
{}
Default value (formatted)
{}
Description: Istio pilot values. https://github.com/istio/istio/blob/master/manifests/charts/istio-control/istio-discovery/values.yaml
envoyFilters📜
Type: list
[]
Default value (formatted)
[]
Description: Custom EnvoyFilters. https://istio.io/latest/docs/reference/config/networking/envoy-filter/
networkPolicies📜
Type: object
{"controlPlaneCidr":"0.0.0.0/0","enabled":false}
Default value (formatted)
{
"controlPlaneCidr": "0.0.0.0/0",
"enabled": false
}
Description: Big Bang NetworkPolicy controls
networkPolicies.enabled📜
Type: bool
false
Description: Toggle ALL NetworkPolicies on/off
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
Description: See kubectl cluster-info
and then resolve to IP
postInstallHook.image📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base"
Description: Image used to run readiness check, requires kubectl
postInstallHook.tag📜
Type: string
"2.0.0"
postInstallHook.securityContext📜
Type: object
{"fsGroup":1001,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":1001}
Default value (formatted)
{
"fsGroup": 1001,
"runAsGroup": 1001,
"runAsNonRoot": true,
"runAsUser": 1001
}
Description: Pod security context for readiness check
postInstallHook.containerSecurityContext📜
Type: object
{"capabilities":{"drop":["ALL"]}}
Default value (formatted)
{
"capabilities": {
"drop": [
"ALL"
]
}
}
Description: Container security context for readiness check