istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istiod-remote/templates/istiod-injector-configmap.yaml (about) 1 {{- if not .Values.global.omitSidecarInjectorConfigMap }} 2 apiVersion: v1 3 kind: ConfigMap 4 metadata: 5 name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} 6 namespace: {{ .Release.Namespace }} 7 labels: 8 istio.io/rev: {{ .Values.revision | default "default" | quote }} 9 install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }} 10 operator.istio.io/component: "Pilot" 11 release: {{ .Release.Name }} 12 data: 13 {{/* Scope the values to just top level fields used in the template, to reduce the size. */}} 14 values: |- 15 {{ $vals := pick .Values "global" "istio_cni" "sidecarInjectorWebhook" "revision" -}} 16 {{ $pilotVals := pick .Values.pilot "cni" -}} 17 {{ $vals = set $vals "pilot" $pilotVals -}} 18 {{ $vals | toPrettyJson | indent 4 }} 19 20 # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching 21 # and istiod webhook functionality. 22 # 23 # New fields should not use Values - it is a 'primary' config object, users should be able 24 # to fine tune it or use it with kube-inject. 25 config: |- 26 # defaultTemplates defines the default template to use for pods that do not explicitly specify a template 27 {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} 28 defaultTemplates: 29 {{- range .Values.sidecarInjectorWebhook.defaultTemplates}} 30 - {{ . }} 31 {{- end }} 32 {{- else }} 33 defaultTemplates: [sidecar] 34 {{- end }} 35 policy: {{ .Values.global.proxy.autoInject }} 36 alwaysInjectSelector: 37 {{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} 38 neverInjectSelector: 39 {{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} 40 injectedAnnotations: 41 {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} 42 "{{ $key }}": {{ $val | quote }} 43 {{- end }} 44 {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template 45 which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". 46 This should make it obvious that their installation is broken. 47 */}} 48 template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} 49 templates: 50 {{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} 51 sidecar: | 52 {{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} 53 {{- end }} 54 {{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} 55 gateway: | 56 {{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} 57 {{- end }} 58 {{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} 59 grpc-simple: | 60 {{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} 61 {{- end }} 62 {{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} 63 grpc-agent: | 64 {{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} 65 {{- end }} 66 {{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} 67 waypoint: | 68 {{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} 69 {{- end }} 70 {{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} 71 kube-gateway: | 72 {{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} 73 {{- end }} 74 {{- with .Values.sidecarInjectorWebhook.templates }} 75 {{ toYaml . | trim | indent 6 }} 76 {{- end }} 77 78 {{- end }}