istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/helm-profiles/openshift-ambient.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/helm-profiles/openshift-ambient.yaml (about)

     1  meshConfig:
     2    defaultConfig:
     3      proxyMetadata:
     4        ISTIO_META_ENABLE_HBONE: "true"
     5  global:
     6    platform: openshift
     7  cni:
     8    ambient:
     9      enabled: true
    10    cniBinDir: /var/lib/cni/bin
    11    cniConfDir: /etc/cni/multus/net.d
    12    chained: false
    13    cniConfFileName: "istio-cni.conf"
    14    logLevel: info
    15    provider: "multus"
    16  pilot:
    17    cni:
    18      enabled: true
    19      provider: "multus"
    20    variant: distroless
    21    env:
    22      PILOT_ENABLE_AMBIENT: "true"
    23      # Allow sidecars/ingress to send/receive HBONE. This is required for interop.
    24      PILOT_ENABLE_SENDING_HBONE: "true"
    25      PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
    26      CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel"
    27  platform: openshift
    28  variant: distroless
    29  seLinuxOptions:
    30    type: spc_t