istio-controlplane values.yamlπ£
profileπ£
Type: string
"default"
Description: The istio profile to use
hubπ£
Type: string
"registry1.dso.mil/ironbank/opensource/istio"
Description: The hub to use for all images, images are built as β.Values.hub/
tagπ£
Type: string
"1.17.2"
Description: The tag to use for all images
enterpriseπ£
Type: bool
false
Description: Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support, validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
tidHubπ£
Type: string
"registry1.dso.mil/ironbank/tetrate/istio"
tidTagπ£
Type: string
"1.17.2-tetratefips-v0"
domainπ£
Type: string
"bigbang.dev"
Description: The domain to use for the default gateway
revisionπ£
Type: string
""
Description: Revision of the Istio control plane
openshiftπ£
Type: bool
false
Description: Openshift feature switch toggle
imagePullSecretsπ£
Type: list
[]
Default value (formatted)
[]
Description: Pull secrets for images
monitoringπ£
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Big Bang Monitoring interaction controls
monitoring.enabledπ£
Type: bool
false
Description: Toggle monitoring on/off (controls networkPolicies)
kialiπ£
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Big Bang Kiali interaction controls
kiali.enabledπ£
Type: bool
false
Description: Toggle kiali on/off (controls networkPolicies)
authserviceπ£
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: If authservice is enabled, it will be added to extension providers as an external authorization system. https://istio.io/latest/docs/tasks/security/authorization/authz-custom/
ingressGatewaysπ£
Type: object
{"istio-ingressgateway":{"enabled":true,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}}
Default value (formatted)
{
"istio-ingressgateway": {
"enabled": true,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
}
Description: Ingress gateways, The following items are automatically set for every ingress gateway: - label: βapp: {name of ingress gateway}β
ingressGateways.istio-ingressgatewayπ£
Type: object
{"enabled":true,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}
Default value (formatted)
{
"enabled": true,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
Description: This key becomes the name of the ingressGateway
ingressGateways.istio-ingressgateway.extraLabelsπ£
Type: object
{}
Default value (formatted)
{}
Description: Labels to use for selecting the ingress gateway from the service Automatic labels: βapp: {ingress gateway name}β and istio: ingressgateway
ingressGateways.istio-ingressgateway.k8sπ£
Type: object
{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
Description: Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
ingressGateways.istio-ingressgateway.k8s.service.typeπ£
Type: string
"LoadBalancer"
Description: βLoadBalancerβ or βNodePortβ
ingressGateways.istio-ingressgateway.k8s.podAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
ingressGateways.istio-ingressgateway.k8s.serviceAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
ingressGateways.istio-ingressgateway.k8s.nodeSelectorπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
ingressGateways.istio-ingressgateway.k8s.affinityπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
ingressGateways.istio-ingressgateway.k8s.tolerationsπ£
Type: list
[]
Default value (formatted)
[]
Description: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
egressGatewaysπ£
Type: object
{"istio-egressgateway":{"enabled":false,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}}
Default value (formatted)
{
"istio-egressgateway": {
"enabled": false,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
}
Description: Egress gateways, The following items are automatically set for every egress gateway: - label: βapp: {name of egress gateway}β
egressGateways.istio-egressgatewayπ£
Type: object
{"enabled":false,"extraLabels":{},"k8s":{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}}
Default value (formatted)
{
"enabled": false,
"extraLabels": {},
"k8s": {
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
}
Description: This key becomes the name of the egressGateway
egressGateways.istio-egressgateway.extraLabelsπ£
Type: object
{}
Default value (formatted)
{}
Description: Labels to use for selecting the egress gateway from the service Automatic labels: βapp: {egress gateway name}β and istio: egressgateway
egressGateways.istio-egressgateway.k8sπ£
Type: object
{"affinity":{},"nodeSelector":{},"podAnnotations":{},"resources":{},"service":{"type":"LoadBalancer"},"serviceAnnotations":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"nodeSelector": {},
"podAnnotations": {},
"resources": {},
"service": {
"type": "LoadBalancer"
},
"serviceAnnotations": {},
"tolerations": []
}
Description: Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
egressGateways.istio-egressgateway.k8s.service.typeπ£
Type: string
"LoadBalancer"
Description: βLoadBalancerβ or βNodePortβ
egressGateways.istio-egressgateway.k8s.podAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
egressGateways.istio-egressgateway.k8s.serviceAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
egressGateways.istio-egressgateway.k8s.nodeSelectorπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
egressGateways.istio-egressgateway.k8s.affinityπ£
Type: object
{}
Default value (formatted)
{}
Description: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
egressGateways.istio-egressgateway.k8s.tolerationsπ£
Type: list
[]
Default value (formatted)
[]
Description: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
gatewaysπ£
Type: object
{"main":{"autoHttpRedirect":{"enabled":true},"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.{{ .Values.domain }}"],"port":{"name":"https","number":8443,"protocol":"HTTPS"},"tls":{"credentialName":"wildcard-cert","mode":"SIMPLE"}}]}}
Default value (formatted)
{
"main": {
"autoHttpRedirect": {
"enabled": true
},
"selector": {
"app": "istio-ingressgateway"
},
"servers": [
{
"hosts": [
"*.{{ .Values.domain }}"
],
"port": {
"name": "https",
"number": 8443,
"protocol": "HTTPS"
},
"tls": {
"credentialName": "wildcard-cert",
"mode": "SIMPLE"
}
}
]
}
}
Description: See https://istio.io/latest/docs/reference/config/networking/gateway/#Gateway for spec
gateways.mainπ£
Type: object
{"autoHttpRedirect":{"enabled":true},"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.{{ .Values.domain }}"],"port":{"name":"https","number":8443,"protocol":"HTTPS"},"tls":{"credentialName":"wildcard-cert","mode":"SIMPLE"}}]}
Default value (formatted)
{
"autoHttpRedirect": {
"enabled": true
},
"selector": {
"app": "istio-ingressgateway"
},
"servers": [
{
"hosts": [
"*.{{ .Values.domain }}"
],
"port": {
"name": "https",
"number": 8443,
"protocol": "HTTPS"
},
"tls": {
"credentialName": "wildcard-cert",
"mode": "SIMPLE"
}
}
]
}
Description: This key becomes the name of the gateway
gateways.main.autoHttpRedirectπ£
Type: object
{"enabled":true}
Default value (formatted)
{
"enabled": true
}
Description: Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. Must add in HTTP server config if disabling.
istiodπ£
Type: object
{"affinity":{},"env":[],"hpaSpec":{"maxReplicas":3,"metrics":[{"resource":{"name":"cpu","targetAverageUtilization":60},"type":"Resource"}],"minReplicas":1},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"500m","memory":"2Gi"}},"serviceAnnotations":{},"strategy":{},"tolerations":[]}
Default value (formatted)
{
"affinity": {},
"env": [],
"hpaSpec": {
"maxReplicas": 3,
"metrics": [
{
"resource": {
"name": "cpu",
"targetAverageUtilization": 60
},
"type": "Resource"
}
],
"minReplicas": 1
},
"nodeSelector": {},
"podAnnotations": {},
"replicaCount": 1,
"resources": {
"limits": {
"cpu": "500m",
"memory": "2Gi"
},
"requests": {
"cpu": "500m",
"memory": "2Gi"
}
},
"serviceAnnotations": {},
"strategy": {},
"tolerations": []
}
Description: istiod / pilot configuration
istiod.podAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
istiod.serviceAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
istiod.nodeSelectorπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
istiod.affinityπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
istiod.tolerationsπ£
Type: list
[]
Default value (formatted)
[]
Description: k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tracing.enabledπ£
Type: bool
false
tracing.addressπ£
Type: string
"jaeger-collector.jaeger.svc"
tracing.portπ£
Type: int
9411
tracing.samplingπ£
Type: int
10
Description: percent of traces to send to jaeger
cni.image.hubπ£
Type: string
"registry1.dso.mil/ironbank/opensource/istio"
cni.image.nameπ£
Type: string
"install-cni"
cni.image.tagπ£
Type: string
"1.17.2"
cni.podAnnotationsπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
cni.nodeSelectorπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
cni.affinityπ£
Type: object
{}
Default value (formatted)
{}
Description: k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
cni.tolerationsπ£
Type: list
[]
Default value (formatted)
[]
Description: k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
meshConfig.meshMTLS.minProtocolVersionπ£
Type: string
"TLSV1_2"
values.globalπ£
Type: object
{"proxy":{"resources":{"limits":{"cpu":"100m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}},"proxy_init":{"resources":{"limits":{"cpu":"100m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}}}
Default value (formatted)
{
"proxy": {
"resources": {
"limits": {
"cpu": "100m",
"memory": "256Mi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
}
},
"proxy_init": {
"resources": {
"limits": {
"cpu": "100m",
"memory": "256Mi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
}
}
}
Description: Global IstioOperator values
values.defaultRevisionπ£
Type: string
"default"
Description: Set defaultRevision name, must be non-empty to deploy validating webhook
values.pilotπ£
Type: object
{}
Default value (formatted)
{}
Description: Istio pilot values. https://github.com/istio/istio/blob/master/manifests/charts/istio-control/istio-discovery/values.yaml
networkPoliciesπ£
Type: object
{"controlPlaneCidr":"0.0.0.0/0","enabled":false}
Default value (formatted)
{
"controlPlaneCidr": "0.0.0.0/0",
"enabled": false
}
Description: Big Bang NetworkPolicy controls
networkPolicies.enabledπ£
Type: bool
false
Description: Toggle ALL NetworkPolicies on/off
networkPolicies.controlPlaneCidrπ£
Type: string
"0.0.0.0/0"
Description: See kubectl cluster-info and then resolve to IP
postInstallHook.imageπ£
Type: string
"registry1.dso.mil/ironbank/big-bang/base"
Description: Image used to run readiness check, requires kubectl
postInstallHook.tagπ£
Type: string
"2.0.0"
postInstallHook.securityContextπ£
Type: object
{"fsGroup":1001,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":1001}
Default value (formatted)
{
"fsGroup": 1001,
"runAsGroup": 1001,
"runAsNonRoot": true,
"runAsUser": 1001
}
Description: Pod security context for readiness check
postInstallHook.containerSecurityContextπ£
Type: object
{"capabilities":{"drop":["ALL"]}}
Default value (formatted)
{
"capabilities": {
"drop": [
"ALL"
]
}
}
Description: Container security context for readiness check