github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/base/configmap.yaml (about) 1 --- 2 # Source: istio/templates/configmap.yaml 3 4 apiVersion: v1 5 kind: ConfigMap 6 metadata: 7 name: istio 8 namespace: default 9 labels: 10 app: istio 11 chart: istio-1.0.3 12 release: istio 13 heritage: Tiller 14 data: 15 mesh: |- 16 # Set the following variable to true to disable policy checks by the Mixer. 17 # Note that metrics will still be reported to the Mixer. 18 disablePolicyChecks: false 19 20 # Set enableTracing to false to disable request tracing. 21 enableTracing: true 22 23 # Set accessLogFile to empty string to disable access log. 24 accessLogFile: "/dev/stdout" 25 # 26 # Deprecated: mixer is using EDS 27 mixerCheckServer: istio-policy.default.svc.cluster.local:9091 28 mixerReportServer: istio-telemetry.default.svc.cluster.local:9091 29 30 # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. 31 # Default is false which means the traffic is denied when the client is unable to connect to Mixer. 32 policyCheckFailOpen: false 33 34 # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get 35 # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. 36 sdsUdsPath: "" 37 38 # How frequently should Envoy fetch key/cert from NodeAgent. 39 sdsRefreshDelay: 15s 40 41 # 42 defaultConfig: 43 # 44 # TCP connection timeout between Envoy & the application, and between Envoys. 45 connectTimeout: 10s 46 # 47 ### ADVANCED SETTINGS ############# 48 # Where should envoy's configuration be stored in the istio-proxy container 49 configPath: "/etc/istio/proxy" 50 binaryPath: "/usr/local/bin/envoy" 51 # The pseudo service name used for Envoy. 52 serviceCluster: istio-proxy 53 # These settings that determine how long an old Envoy 54 # process should be kept alive after an occasional reload. 55 drainDuration: 45s 56 parentShutdownDuration: 1m0s 57 # 58 # The mode used to redirect inbound connections to Envoy. This setting 59 # has no effect on outbound traffic: iptables REDIRECT is always used for 60 # outbound connections. 61 # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. 62 # The "REDIRECT" mode loses source addresses during redirection. 63 # If "TPROXY", use iptables TPROXY to redirect to Envoy. 64 # The "TPROXY" mode preserves both the source and destination IP 65 # addresses and ports, so that they can be used for advanced filtering 66 # and manipulation. 67 # The "TPROXY" mode also configures the sidecar to run with the 68 # CAP_NET_ADMIN capability, which is required to use TPROXY. 69 #interceptionMode: REDIRECT 70 # 71 # Port where Envoy listens (on local host) for admin commands 72 # You can exec into the istio-proxy container in a pod and 73 # curl the admin port (curl http://localhost:15000/) to obtain 74 # diagnostic information from Envoy. See 75 # https://lyft.github.io/envoy/docs/operations/admin.html 76 # for more details 77 proxyAdminPort: 15000 78 # 79 # Set concurrency to a specific number to control the number of Proxy worker threads. 80 # If set to 0 (default), then start worker thread for each CPU thread/core. 81 concurrency: 0 82 # 83 # Zipkin trace collector 84 zipkinAddress: zipkin.default:9411 85 # 86 # Mutual TLS authentication between sidecars and istio control plane. 87 controlPlaneAuthPolicy: NONE 88 # 89 # Address where istio Pilot service is running 90 discoveryAddress: istio-pilot.default:15007