istiod values.yaml📜
networkPolicies.enabled📜
Type: bool
false
Description: Enable or disable the bundled network policies
networkPolicies.controlPlaneCIDRs📜
Type: list
[]
Description: Configure which CIDRs istiod will be allowed to connect to when accessing the kube-apiserver; if none are specified, the chart will look up the default kubernetes EndpointSlice and use the addresses found there
networkPolicies.egress📜
Type: object
defaults:
allowInNamespace:
enabled: false
allowIstiod:
enabled: false
from:
istiod:
to:
definition:
kubeAPI: true
Description: A list of additional network policies to create in the release namespace
networkPolicies.ingress.defaults.allowInNamespace.enabled📜
Type: bool
false
networkPolicies.ingress.to.istiod:15014.from.k8s.kiali/kiali📜
Type: bool
true
networkPolicies.ingress.to.istiod:15014.from.k8s.monitoring/prometheus📜
Type: bool
true
networkPolicies.ingress.to.istiod:[443,15017].from.cidr.”0.0.0.0/0”📜
Type: bool
true
networkPolicies.ingress.to.istiod:[15010,15012].from.k8s.*📜
Type: bool
true
networkPolicies.additionalPolicies📜
Type: list
[]
additionalEnvoyFilters📜
Type: list
[]
Description: A list of additional EnvoyFilters to create in the release namespace
monitoring.enabled📜
Type: bool
true
Description: Enable or disable the bundled monitoring components and network policies
authservice.enabled📜
Type: bool
false
mtls.mode📜
Type: string
"STRICT"
Description: Set the mTLS mode for the istio-system namespace
defaultSecurityHeaders.enabled📜
Type: bool
true
Description: Enable or disable the default security headers
hardened.enabled📜
Type: bool
false
Description: Enable or disable the hardened Istio configuration
hardened.customAuthorizationPolicies📜
Type: list
[]