26 lines
777 B
YAML
26 lines
777 B
YAML
# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed
|
|
meshConfig:
|
|
defaultConfig:
|
|
proxyMetadata:
|
|
ISTIO_META_ENABLE_HBONE: "true"
|
|
variant: distroless
|
|
pilot:
|
|
variant: distroless
|
|
env:
|
|
# Setup more secure default that is off in 'default' only for backwards compatibility
|
|
VERIFY_CERTIFICATE_AT_CLIENT: "true"
|
|
ENABLE_AUTO_SNI: "true"
|
|
|
|
PILOT_ENABLE_HBONE: "true"
|
|
CA_TRUSTED_NODE_ACCOUNTS: "istio-system/ztunnel,kube-system/ztunnel"
|
|
PILOT_ENABLE_AMBIENT_CONTROLLERS: "true"
|
|
cni:
|
|
logLevel: info
|
|
privileged: true
|
|
ambient:
|
|
enabled: true
|
|
|
|
# Default excludes istio-system; its actually fine to redirect there since we opt-out istiod, ztunnel, and istio-cni
|
|
excludeNamespaces:
|
|
- kube-system
|