1# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally.
2# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`.
3_internal_defaults_do_not_set:
6 # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace
7 # to use for pulling any images in pods that reference this ServiceAccount.
8 # Must be set for any cluster configured with private docker registry.
11 # Used to locate istiod.
12 istioNamespace: istio-system
14 # resourceScope controls what resources will be processed by helm.
15 # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator.
17 # - all: all resources are processed
18 # - cluster: only cluster-scoped resources are processed
19 # - namespace: only namespace-scoped resources are processed
22 # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true.
23 # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`.
24 # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set.
26 # Helm (as of V3) does not support upgrading CRDs, because it is not universally
27 # safe for them to support this.
28 # Istio as a project enforces certain backwards-compat guarantees that allow us
29 # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs
30 # as standard K8S resources in Helm, and disable Helm's CRD management. See also:
31 # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts
32 enableCRDTemplates: true
34 # Validation webhook configuration url
35 # For example: https://$remotePilotAddress:15017/validate
37 # Validation webhook caBundle value. Useful when running pilot with a well known cert
38 validationCABundle: ""
40 # For istioctl usage to disable istio config crds in base
41 enableIstioConfigCRDs: true
43 defaultRevision: "default"
45 stableValidationPolicy: false