github.com/replicatedcom/ship@v0.50.0/integration/init/istio/expected/base/configmap.yaml (about)

     1  ---
     2  # Source: istio/templates/configmap.yaml
     3  
     4  apiVersion: v1
     5  kind: ConfigMap
     6  metadata:
     7    name: istio
     8    namespace: default
     9    labels:
    10      app: istio
    11      chart: istio-1.1.0
    12      heritage: Tiller
    13      release: istio
    14  data:
    15    mesh: |-
    16      # Set the following variable to true to disable policy checks by the Mixer.
    17      # Note that metrics will still be reported to the Mixer.
    18      disablePolicyChecks: false
    19  
    20      # Set enableTracing to false to disable request tracing.
    21      enableTracing: true
    22  
    23      # Set accessLogFile to empty string to disable access log.
    24      accessLogFile: "/dev/stdout"
    25      #
    26      # Deprecated: mixer is using EDS
    27      mixerCheckServer: istio-policy.default.svc.cluster.local:9091
    28      mixerReportServer: istio-telemetry.default.svc.cluster.local:9091
    29  
    30      # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get
    31      # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. 
    32      sdsUdsPath: ""
    33  
    34      #
    35      defaultConfig:
    36        #
    37        # TCP connection timeout between Envoy & the application, and between Envoys.
    38        connectTimeout: 10s
    39        #
    40        ### ADVANCED SETTINGS #############
    41        # Where should envoy's configuration be stored in the istio-proxy container
    42        configPath: "/etc/istio/proxy"
    43        binaryPath: "/usr/local/bin/envoy"
    44        # The pseudo service name used for Envoy.
    45        serviceCluster: istio-proxy
    46        # These settings that determine how long an old Envoy
    47        # process should be kept alive after an occasional reload.
    48        drainDuration: 45s
    49        parentShutdownDuration: 1m0s
    50        #
    51        # The mode used to redirect inbound connections to Envoy. This setting
    52        # has no effect on outbound traffic: iptables REDIRECT is always used for
    53        # outbound connections.
    54        # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy.
    55        # The "REDIRECT" mode loses source addresses during redirection.
    56        # If "TPROXY", use iptables TPROXY to redirect to Envoy.
    57        # The "TPROXY" mode preserves both the source and destination IP
    58        # addresses and ports, so that they can be used for advanced filtering
    59        # and manipulation.
    60        # The "TPROXY" mode also configures the sidecar to run with the
    61        # CAP_NET_ADMIN capability, which is required to use TPROXY.
    62        #interceptionMode: REDIRECT
    63        #
    64        # Port where Envoy listens (on local host) for admin commands
    65        # You can exec into the istio-proxy container in a pod and
    66        # curl the admin port (curl http://localhost:15000/) to obtain
    67        # diagnostic information from Envoy. See
    68        # https://lyft.github.io/envoy/docs/operations/admin.html
    69        # for more details
    70        proxyAdminPort: 15000
    71        #
    72        # Set concurrency to a specific number to control the number of Proxy worker threads.
    73        # If set to 0 (default), then start worker thread for each CPU thread/core.
    74        concurrency: 0
    75        #
    76        tracing:
    77          zipkin:
    78            # Address of the Zipkin collector
    79            address: zipkin.default:9411
    80        #
    81        # Mutual TLS authentication between sidecars and istio control plane.
    82        controlPlaneAuthPolicy: NONE
    83        #
    84        # Address where istio Pilot service is running
    85        discoveryAddress: istio-pilot.default:15010