# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # --- apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: profile: empty hub: gke.gcr.io/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"} tag: 1.23.3-asm.2 # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.tag"} meshConfig: trustDomainAliases: # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.trustDomainAliases"} - PROJECT_ID.svc.id.goog # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.trustDomain"} trustDomain: PROJECT_ID.svc.id.goog # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.trustDomain"} defaultConfig: proxyMetadata: GKE_CLUSTER_URL: "" # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.idp-url"} GCP_METADATA: "PROJECT_ID|PROJECT_NUMBER|asm-cluster|us-central1-c" # {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"} CA_PROVIDER: "GoogleCA" PLUGINS: "GoogleTokenExchange" GCE_METADATA_HOST: "metadata.google.internal" # Locality load balancing is not supported localityLbSetting: enabled: false components: base: enabled: true egressGateways: - enabled: false name: istio-egressgateway k8s: hpaSpec: maxReplicas: 5 minReplicas: 2 ingressGateways: - enabled: false name: istio-ingressgateway k8s: hpaSpec: maxReplicas: 5 minReplicas: 2 # The default profile is tuned to fit on smaller clusters. # Increase cpu req to ensure we can handle larger scale clusters. pilot: enabled: true k8s: resources: requests: cpu: 500m hpaSpec: minReplicas: 2 replicaCount: 2 env: - name: GKE_CLUSTER_URL value: "" # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.idp-url"} - name: GCP_METADATA value: "PROJECT_ID|PROJECT_NUMBER|asm-cluster|us-central1-c" # {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"} - name: ENABLE_STACKDRIVER_MONITORING value: "true" # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.controlplane.monitoring.enabled"} - name: TOKEN_AUDIENCES value: "TOKEN_AUDIENCES" # {"$ref":"#/definitions/io.k8s.cli.substitutions.token-audiences"} - name: PILOT_ENABLE_CROSS_CLUSTER_WORKLOAD_ENTRY value: "true" values: # Enable telemetry v2 backend by Stackdriver. # Prometheus is also supported with --set values.telemetry.v2.prometheus.enabled=true --set prometheus.enabled=true telemetry: enabled: true v2: enabled: true prometheus: enabled: false stackdriver: enabled: true sidecarInjectorWebhook: rewriteAppHTTPProbe: true global: caAddress: "meshca.googleapis.com:443" pilotCertProvider: istiod sts: servicePort: 15463 sds: token: aud: "PROJECT_ID.svc.id.goog" # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.trustDomain"} multiCluster: # Provided to ensure a human readable name rather than a UUID. clusterName: "cn-PROJECTID-us-central1-c-asm-cluster" # {"$ref":"#/definitions/io.k8s.cli.substitutions.cluster-name"} meshID: "proj-PROJECT_NUMBER" # {"$ref":"#/definitions/io.k8s.cli.substitutions.mesh-id"} network: "NETWORK_ID" # {"$ref":"#/definitions/io.k8s.cli.setters.gcloud.compute.network"} gateways: istio-ingressgateway: # Enable gateway injection injectionTemplate: gateway istio-egressgateway: # Enable gateway injection injectionTemplate: gateway