1# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally.
2# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`.
3_internal_defaults_do_not_set:
6 # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace
7 # to use for pulling any images in pods that reference this ServiceAccount.
8 # Must be set for any cluster configured with private docker registry.
11 # Used to locate istiod.
12 istioNamespace: istio-system
14 # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true.
15 # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`.
16 # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set.
18 # Helm (as of V3) does not support upgrading CRDs, because it is not universally
19 # safe for them to support this.
20 # Istio as a project enforces certain backwards-compat guarantees that allow us
21 # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs
22 # as standard K8S resources in Helm, and disable Helm's CRD management. See also:
23 # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts
24 enableCRDTemplates: true
26 # Validation webhook configuration url
27 # For example: https://$remotePilotAddress:15017/validate
29 # Validation webhook caBundle value. Useful when running pilot with a well known cert
30 validationCABundle: ""
32 # For istioctl usage to disable istio config crds in base
33 enableIstioConfigCRDs: true
35 defaultRevision: "default"
37 stableValidationPolicy: false