ayan.poddar
/
eShopOnContainers


								apiVersion: v1

								data:

								  mesh: "# Set the following variable to true to disable policy checks by the Mixer.\n#

								    Note that metrics will still be reported to the Mixer.\ndisablePolicyChecks: false\n\n#

								    Set enableTracing to false to disable request tracing.\nenableTracing: true\n\n#

								    Set accessLogFile to empty string to disable access log.\naccessLogFile: \"/dev/stdout\"\n#\n#

								    Deprecated: mixer is using EDS\nmixerCheckServer: istio-policy.istio-system.svc.cluster.local:15004\nmixerReportServer:

								    istio-telemetry.istio-system.svc.cluster.local:15004\n\n# policyCheckFailOpen

								    allows traffic in cases when the mixer policy service cannot be reached.\n# Default

								    is false which means the traffic is denied when the client is unable to connect

								    to Mixer.\npolicyCheckFailOpen: false\n\n# Unix Domain Socket through which envoy

								    communicates with NodeAgent SDS to get\n# key/cert for mTLS. Use secret-mount

								    files instead of SDS if set to empty. \nsdsUdsPath: \"\"\n\n# How frequently should

								    Envoy fetch key/cert from NodeAgent.\nsdsRefreshDelay: 15s\n\n#\ndefaultConfig:\n

								    \ #\n  # TCP connection timeout between Envoy & the application, and between Envoys.\n

								    \ connectTimeout: 10s\n  #\n  ### ADVANCED SETTINGS #############\n  # Where should

								    envoy's configuration be stored in the istio-proxy container\n  configPath: \"/etc/istio/proxy\"\n

								    \ binaryPath: \"/usr/local/bin/envoy\"\n  # The pseudo service name used for Envoy.\n

								    \ serviceCluster: istio-proxy\n  # These settings that determine how long an old

								    Envoy\n  # process should be kept alive after an occasional reload.\n  drainDuration:

								    45s\n  parentShutdownDuration: 1m0s\n  #\n  # The mode used to redirect inbound

								    connections to Envoy. This setting\n  # has no effect on outbound traffic: iptables

								    REDIRECT is always used for\n  # outbound connections.\n  # If \"REDIRECT\", use

								    iptables REDIRECT to NAT and redirect to Envoy.\n  # The \"REDIRECT\" mode loses

								    source addresses during redirection.\n  # If \"TPROXY\", use iptables TPROXY to

								    redirect to Envoy.\n  # The \"TPROXY\" mode preserves both the source and destination

								    IP\n  # addresses and ports, so that they can be used for advanced filtering\n

								    \ # and manipulation.\n  # The \"TPROXY\" mode also configures the sidecar to

								    run with the\n  # CAP_NET_ADMIN capability, which is required to use TPROXY.\n

								    \ #interceptionMode: REDIRECT\n  #\n  # Port where Envoy listens (on local host)

								    for admin commands\n  # You can exec into the istio-proxy container in a pod and\n

								    \ # curl the admin port (curl http://localhost:15000/) to obtain\n  # diagnostic

								    information from Envoy. See\n  # https://lyft.github.io/envoy/docs/operations/admin.html\n

								    \ # for more details\n  proxyAdminPort: 15000\n  #\n  # Set concurrency to a specific

								    number to control the number of Proxy worker threads.\n  # If set to 0 (default),

								    then start worker thread for each CPU thread/core.\n  concurrency: 0\n  #\n  #

								    Zipkin trace collector\n  zipkinAddress: zipkin.istio-system:9411\n  #\n  # Mutual

								    TLS authentication between sidecars and istio control plane.\n  controlPlaneAuthPolicy:

								    MUTUAL_TLS\n  #\n  # Address where istio Pilot service is running\n  discoveryAddress:

								    istio-pilot.istio-system:15005"

								kind: ConfigMap

								metadata:

								  creationTimestamp: null

								  labels:

								    app: istio

								    chart: istio-1.0.6

								    heritage: Tiller

								    release: istio

								  name: istio

								  selfLink: /api/v1/namespaces/istio-system/configmaps/istio