github.com/replicatedcom/ship@v0.50.0/integration/init/istio/expected/base/configmap.yaml (about) 1 --- 2 # Source: istio/templates/configmap.yaml 3 4 apiVersion: v1 5 kind: ConfigMap 6 metadata: 7 name: istio 8 namespace: default 9 labels: 10 app: istio 11 chart: istio-1.1.0 12 heritage: Tiller 13 release: istio 14 data: 15 mesh: |- 16 # Set the following variable to true to disable policy checks by the Mixer. 17 # Note that metrics will still be reported to the Mixer. 18 disablePolicyChecks: false 19 20 # Set enableTracing to false to disable request tracing. 21 enableTracing: true 22 23 # Set accessLogFile to empty string to disable access log. 24 accessLogFile: "/dev/stdout" 25 # 26 # Deprecated: mixer is using EDS 27 mixerCheckServer: istio-policy.default.svc.cluster.local:9091 28 mixerReportServer: istio-telemetry.default.svc.cluster.local:9091 29 30 # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get 31 # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty. 32 sdsUdsPath: "" 33 34 # 35 defaultConfig: 36 # 37 # TCP connection timeout between Envoy & the application, and between Envoys. 38 connectTimeout: 10s 39 # 40 ### ADVANCED SETTINGS ############# 41 # Where should envoy's configuration be stored in the istio-proxy container 42 configPath: "/etc/istio/proxy" 43 binaryPath: "/usr/local/bin/envoy" 44 # The pseudo service name used for Envoy. 45 serviceCluster: istio-proxy 46 # These settings that determine how long an old Envoy 47 # process should be kept alive after an occasional reload. 48 drainDuration: 45s 49 parentShutdownDuration: 1m0s 50 # 51 # The mode used to redirect inbound connections to Envoy. This setting 52 # has no effect on outbound traffic: iptables REDIRECT is always used for 53 # outbound connections. 54 # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy. 55 # The "REDIRECT" mode loses source addresses during redirection. 56 # If "TPROXY", use iptables TPROXY to redirect to Envoy. 57 # The "TPROXY" mode preserves both the source and destination IP 58 # addresses and ports, so that they can be used for advanced filtering 59 # and manipulation. 60 # The "TPROXY" mode also configures the sidecar to run with the 61 # CAP_NET_ADMIN capability, which is required to use TPROXY. 62 #interceptionMode: REDIRECT 63 # 64 # Port where Envoy listens (on local host) for admin commands 65 # You can exec into the istio-proxy container in a pod and 66 # curl the admin port (curl http://localhost:15000/) to obtain 67 # diagnostic information from Envoy. See 68 # https://lyft.github.io/envoy/docs/operations/admin.html 69 # for more details 70 proxyAdminPort: 15000 71 # 72 # Set concurrency to a specific number to control the number of Proxy worker threads. 73 # If set to 0 (default), then start worker thread for each CPU thread/core. 74 concurrency: 0 75 # 76 tracing: 77 zipkin: 78 # Address of the Zipkin collector 79 address: zipkin.default:9411 80 # 81 # Mutual TLS authentication between sidecars and istio control plane. 82 controlPlaneAuthPolicy: NONE 83 # 84 # Address where istio Pilot service is running 85 discoveryAddress: istio-pilot.default:15010