| apiVersion: install.istio.io/v1alpha1 |
| kind: IstioOperator |
| metadata: |
| namespace: dubbo-system |
| spec: |
| profile: default |
| meshConfig: |
| trustDomain: example.org |
| values: |
| # This is used to customize the sidecar template, to allow mounting the Workload API socket. |
| sidecarInjectorWebhook: |
| templates: |
| spire: | |
| spec: |
| containers: |
| - name: istio-proxy |
| volumeMounts: |
| - name: workload-socket |
| mountPath: /run/secrets/workload-spiffe-uds |
| readOnly: true |
| volumes: |
| - name: workload-socket |
| csi: |
| driver: "csi.spiffe.io" |
| components: |
| ingressGateways: |
| - name: istio-ingressgateway |
| enabled: true |
| label: |
| istio: ingressgateway |
| k8s: |
| overlays: |
| - apiVersion: apps/v1 |
| kind: Deployment |
| name: istio-ingressgateway |
| patches: |
| - path: spec.template.spec.volumes.[name:workload-socket] |
| value: |
| name: workload-socket |
| csi: |
| driver: "csi.spiffe.io" |
| - path: spec.template.spec.containers.[name:istio-proxy].volumeMounts.[name:workload-socket] |
| value: |
| name: workload-socket |
| mountPath: "/run/secrets/workload-spiffe-uds" |
| readOnly: true |
