istio-controlplane values.yamlπ
profileπ
Type: string
"default"
Description: The istio profile to use
hubπ
Type: string
"registry1.dso.mil/ironbank/opensource/istio"
Description: The hub to use for all images, images are built as β.Values.hub/
tagπ
Type: string
"1.19.6"
Description: The tag to use for all images
enterpriseπ
Type: bool
false
Description: Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support, validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
tidHubπ
Type: string
"registry1.dso.mil/ironbank/tetrate/istio"
tidTagπ
Type: string
"1.20.2-tetratefips-v0"
domainπ
Type: string
"bigbang.dev"
Description: The domain to use for the default gateway
mtls.modeπ
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
revisionπ
Type: string
""
Description: Revision of the Istio control plane
openshiftπ
Type: bool
false
Description: Openshift feature switch toggle
imagePullSecretsπ
Type: list
[]
Default value (formatted)
[]
Description: Pull secrets for images
monitoringπ
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Big Bang Monitoring interaction controls
monitoring.enabledπ
Type: bool
false
Description: Toggle monitoring on/off (controls networkPolicies)
kialiπ
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Big Bang Kiali interaction controls
kiali.enabledπ
Type: bool
false
Description: Toggle kiali on/off (controls networkPolicies)
authserviceπ
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: If authservice is enabled, it will be added to extension providers as an external authorization system. https://istio.io/latest/docs/tasks/security/authorization/authz-custom/
ingressGatewaysπ
Type: object
{"istio-ingressgateway":{"enabled":true,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}}
Default value (formatted)
{
"istio-ingressgateway": {
"enabled": true,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
}
Description: Ingress gateways, The following items are automatically set for every ingress gateway: - label: βapp: {name of ingress gateway}β
ingressGateways.istio-ingressgatewayπ
Type: object
{"enabled":true,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}
Default value (formatted)
{
"enabled": true,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
Description: This key becomes the name of the ingressGateway
ingressGateways.istio-ingressgateway.extraLabelsπ
Type: object
{}
Default value (formatted)
{}
Description: Labels to use for selecting the ingress gateway from the service Automatic labels: βapp: {ingress gateway name}β and istio: ingressgateway
ingressGateways.istio-ingressgateway.k8sπ
Type: object
{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
Description: Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
ingressGateways.istio-ingressgateway.k8s.service.typeπ
Type: string
"LoadBalancer"
Description: βLoadBalancerβ or βNodePortβ
ingressGateways.istio-ingressgateway.k8s.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
ingressGateways.istio-ingressgateway.k8s.serviceAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
ingressGateways.istio-ingressgateway.k8s.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
ingressGateways.istio-ingressgateway.k8s.affinityπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
ingressGateways.istio-ingressgateway.k8s.tolerationsπ
Type: list
[]
Default value (formatted)
[]
Description: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
egressGatewaysπ
Type: object
{"istio-egressgateway":{"enabled":false,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}}
Default value (formatted)
{
"istio-egressgateway": {
"enabled": false,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
}
Description: Egress gateways, The following items are automatically set for every egress gateway: - label: βapp: {name of egress gateway}β
egressGateways.istio-egressgatewayπ
Type: object
{"enabled":false,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}
Default value (formatted)
{
"enabled": false,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
Description: This key becomes the name of the egressGateway
egressGateways.istio-egressgateway.extraLabelsπ
Type: object
{}
Default value (formatted)
{}
Description: Labels to use for selecting the egress gateway from the service Automatic labels: βapp: {egress gateway name}β and istio: egressgateway
egressGateways.istio-egressgateway.k8sπ
Type: object
{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
Description: Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
egressGateways.istio-egressgateway.k8s.service.typeπ
Type: string
"LoadBalancer"
Description: βLoadBalancerβ or βNodePortβ
egressGateways.istio-egressgateway.k8s.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
egressGateways.istio-egressgateway.k8s.serviceAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
egressGateways.istio-egressgateway.k8s.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
egressGateways.istio-egressgateway.k8s.affinityπ
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
egressGateways.istio-egressgateway.k8s.tolerationsπ
Type: list
[]
Default value (formatted)
[]
Description: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
gatewaysπ
Type: object
{"main":{"autoHttpRedirect":{"enabled":true},"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.{{ .Values.domain }}"],"port":{"name":"https","number":8443,"protocol":"HTTPS"},"tls":{"credentialName":"wildcard-cert","mode":"SIMPLE"}}]}}
Default value (formatted)
{
"main": {
"autoHttpRedirect": {
"enabled": true
},
"selector": {
"app": "istio-ingressgateway"
},
"servers": [
{
"hosts": [
"*.{{ .Values.domain }}"
],
"port": {
"name": "https",
"number": 8443,
"protocol": "HTTPS"
},
"tls": {
"credentialName": "wildcard-cert",
"mode": "SIMPLE"
}
}
]
}
}
Description: See https://istio.io/latest/docs/reference/config/networking/gateway/#Gateway for spec
gateways.mainπ
Type: object
{"autoHttpRedirect":{"enabled":true},"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.{{ .Values.domain }}"],"port":{"name":"https","number":8443,"protocol":"HTTPS"},"tls":{"credentialName":"wildcard-cert","mode":"SIMPLE"}}]}
Default value (formatted)
{
"autoHttpRedirect": {
"enabled": true
},
"selector": {
"app": "istio-ingressgateway"
},
"servers": [
{
"hosts": [
"*.{{ .Values.domain }}"
],
"port": {
"name": "https",
"number": 8443,
"protocol": "HTTPS"
},
"tls": {
"credentialName": "wildcard-cert",
"mode": "SIMPLE"
}
}
]
}
Description: This key becomes the name of the gateway
gateways.main.autoHttpRedirectπ
Type: object
{"enabled":true}
Default value (formatted)
{
"enabled": true
}
Description: Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. Must add in HTTP server config if disabling.
istiodπ
Type: object
{"affinity":{},"env":[],"hpaSpec":{"maxReplicas":3,"metrics":[{"resource":{"name":"cpu","target":{"averageUtilization":60,"type":"Utilization"}},"type":"Resource"}],"minReplicas":1},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"2Gi"}},"serviceAnnotations":{},"strategy":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"env": [],
"hpaSpec": {
"maxReplicas": 3,
"metrics": [
{
"resource": {
"name": "cpu",
"target": {
"averageUtilization": 60,
"type": "Utilization"
}
},
"type": "Resource"
}
],
"minReplicas": 1
},
"nodeSelector": {},
"podAnnotations": {},
"replicaCount": 1,
"resources": {
"limits": {
"cpu": "500m",
"memory": "2Gi"
},
"requests": {
"cpu": "500m",
"memory": "2Gi"
}
},
"serviceAnnotations": {},
"strategy": {},
"tolerations": []
}
Description: istiod / pilot configuration
istiod.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
istiod.serviceAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
istiod.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
Description: k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
istiod.affinityπ
Type: object
{}
Default value (formatted)
{}
Description: k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
istiod.tolerationsπ
Type: list
[]
Default value (formatted)
[]
Description: k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tracing.enabledπ
Type: bool
false
tracing.addressπ
Type: string
"jaeger-collector.jaeger.svc"
tracing.portπ
Type: int
9411
tracing.samplingπ
Type: int
10
Description: percent of traces to send to jaeger
cni.image.hubπ
Type: string
"registry1.dso.mil/ironbank/opensource/istio"
cni.image.nameπ
Type: string
"install-cni"
cni.image.tagπ
Type: string
"1.19.6"
cni.podAnnotationsπ
Type: object
{}
Default value (formatted)
{}
Description: k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
cni.nodeSelectorπ
Type: object
{}
Default value (formatted)
{}
Description: k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
cni.affinityπ
Type: object
{}
Default value (formatted)
{}
Description: k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
cni.tolerationsπ
Type: list
[]
Default value (formatted)
[]
Description: k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
meshConfigπ
Type: object
{"meshMTLS":{"minProtocolVersion":"TLSV1_2"}}
Default value (formatted)
{
"meshMTLS": {
"minProtocolVersion": "TLSV1_2"
}
}
Description: Global mesh-wide settings https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig
defaultConfigπ
Type: object
{}
Default value (formatted)
{}
Description: Default Proxy Config for the entire mesh (inserts under meshConfig in IstioOperator resource)
values.globalπ
Type: object
{"proxy":{"resources":{"limits":{"cpu":"100m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}},"proxy_init":{"resources":{"limits":{"cpu":"100m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}}}
Default value (formatted)
{
"proxy": {
"resources": {
"limits": {
"cpu": "100m",
"memory": "256Mi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
}
},
"proxy_init": {
"resources": {
"limits": {
"cpu": "100m",
"memory": "256Mi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
}
}
}
Description: Global IstioOperator values
values.defaultRevisionπ
Type: string
"default"
Description: Set defaultRevision name, must be non-empty to deploy validating webhook
values.pilotπ
Type: object
{}
Default value (formatted)
{}
Description: Istio pilot values. https://github.com/istio/istio/blob/master/manifests/charts/istio-control/istio-discovery/values.yaml
envoyFiltersπ
Type: list
[]
Default value (formatted)
[]
Description: Custom EnvoyFilters. https://istio.io/latest/docs/reference/config/networking/envoy-filter/
networkPoliciesπ
Type: object
{"controlPlaneCidr":"0.0.0.0/0","enabled":false}
Default value (formatted)
{
"controlPlaneCidr": "0.0.0.0/0",
"enabled": false
}
Description: Big Bang NetworkPolicy controls
networkPolicies.enabledπ
Type: bool
false
Description: Toggle ALL NetworkPolicies on/off
networkPolicies.controlPlaneCidrπ
Type: string
"0.0.0.0/0"
Description: See kubectl cluster-info and then resolve to IP
postInstallHook.imageπ
Type: string
"registry1.dso.mil/ironbank/big-bang/base"
Description: Image used to run readiness check, requires kubectl
postInstallHook.tagπ
Type: string
"2.1.0"
postInstallHook.securityContextπ
Type: object
{"fsGroup":1001,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":1001}
Default value (formatted)
{
"fsGroup": 1001,
"runAsGroup": 1001,
"runAsNonRoot": true,
"runAsUser": 1001
}
Description: Pod security context for readiness check
postInstallHook.containerSecurityContextπ
Type: object
{"capabilities":{"drop":["ALL"]}}
Default value (formatted)
{
"capabilities": {
"drop": [
"ALL"
]
}
}
Description: Container security context for readiness check
postInstallHook.resources.requests.cpuπ
Type: string
"100m"
postInstallHook.resources.requests.memoryπ
Type: string
"256Mi"
postInstallHook.resources.limits.cpuπ
Type: string
"100m"
postInstallHook.resources.limits.memoryπ
Type: string
"256Mi"