istio

1
meshConfig:
2
  defaultConfig:
3
    proxyMetadata:
4
      ISTIO_META_ENABLE_HBONE: "true"
5
global:
6
  platform: openshift
7
cni:
8
  ambient:
9
    enabled: true
10
  cniBinDir: /var/lib/cni/bin
11
  cniConfDir: /etc/cni/multus/net.d
12
  chained: false
13
  cniConfFileName: "istio-cni.conf"
14
  excludeNamespaces:
15
    - kube-system
16
  logLevel: info
17
  privileged: true
18
  provider: "multus"
19
pilot:
20
  cni:
21
    enabled: true
22
    provider: "multus"
23
  variant: distroless
24
  env:
25
    # Setup more secure default that is off in 'default' only for backwards compatibility
26
    VERIFY_CERTIFICATE_AT_CLIENT: "true"
27
    ENABLE_AUTO_SNI: "true"
28

29
    PILOT_ENABLE_HBONE: "true"
30
    CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel"
31
    PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
32
    PILOT_ENABLE_AMBIENT_WAYPOINTS: "true"
33
variant: distroless
34
seLinuxOptions:
35
  type: spc_t