-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathistio-install.yaml
130 lines (130 loc) · 4.89 KB
/
istio-install.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
apiVersion: admin.gloo.solo.io/v2
kind: IstioLifecycleManager
metadata:
name: istiod-control-plane
namespace: gloo-mesh
spec:
installations:
# The revision for this installation, such as 1-14
- revision: 1-15
# List all workload clusters to install Istio into
clusters:
- name: cluster1
# If set to true, the spec for this revision is applied in the cluster
defaultRevision: true
- name: cluster2
defaultRevision: true
istioOperatorSpec:
# Only the control plane components are installed
# (https://istio.io/latest/docs/setup/additional-setup/config-profiles/)
profile: minimal
# Solo.io Istio distribution repository; required for Gloo Istio.
# You get the repo key from your Solo Account Representative.
hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
# Any Solo.io Gloo Istio tag
tag: 1.15.3-solo
namespace: istio-system
# Mesh configuration
meshConfig:
# Enable access logging only if using.
accessLogFile: /dev/stdout
# Encoding for the proxy access log (TEXT or JSON). Default value is TEXT.
accessLogEncoding: JSON
# Enable span tracing only if using.
enableTracing: true
defaultConfig:
# Wait for the istio-proxy to start before starting application pods
holdApplicationUntilProxyStarts: true
# Enable Gloo metrics service. Required for Gloo UI
envoyMetricsService:
address: gloo-mesh-agent.gloo-mesh:9977
# Enable Gloo accesslog service. Required for Gloo Access Logging
envoyAccessLogService:
address: gloo-mesh-agent.gloo-mesh:9977
proxyMetadata:
# Enable Istio agent to handle DNS requests for known hosts
# Unknown hosts are automatically resolved using upstream DNS servers
# in resolv.conf (for proxy-dns)
ISTIO_META_DNS_CAPTURE: "true"
# Enable automatic address allocation (for proxy-dns)
ISTIO_META_DNS_AUTO_ALLOCATE: "true"
# Set the default behavior of the sidecar for handling outbound traffic
# from the application
outboundTrafficPolicy:
mode: ALLOW_ANY
# The administrative root namespace for Istio configuration
rootNamespace: istio-system
# Traffic management
components:
pilot:
k8s:
env:
# Allow multiple trust domains (Required for Gloo Mesh east/west routing)
- name: PILOT_SKIP_VALIDATE_TRUST_DOMAIN
value: "true"
# Reload cacerts when cert-manager changes it
- name: AUTO_RELOAD_PLUGIN_CERTS
value: "true"
---
apiVersion: admin.gloo.solo.io/v2
kind: GatewayLifecycleManager
metadata:
name: all-gateways
namespace: gloo-mesh
spec:
installations:
# The revision for this installation, such as 1-14
- gatewayRevision: 1-15
# List all workload clusters to install Istio into
clusters:
- name: cluster1
# If set to true, the spec for this revision is applied in the cluster
activeGateway: true
- name: cluster2
activeGateway: true
istioOperatorSpec:
# No control plane components are installed
profile: empty
# Solo.io Istio distribution repository; required for Gloo Istio.
# You get the repo key from your Solo Account Representative.
hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
# The Solo.io Gloo Istio tag
tag: 1.15.3-solo
components:
ingressGateways:
- enabled: true
k8s:
service:
ports:
- name: http2
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8443
selector:
app: istio-ingressgateway
istio: ingressgateway
type: LoadBalancer
name: istio-ingressgateway
namespace: istio-ingress
- enabled: true
name: istio-eastwestgateway
namespace: istio-eastwest
label:
istio: eastwestgateway
k8s:
env:
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
service:
ports:
- port: 15443
targetPort: 15443
# Gloo Mesh looks for this default name 'tls' on a gateway
name: tls
selector:
istio: eastwestgateway
type: LoadBalancer