install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
    operator.istio.io/component: "Cni"
data:
  # The CNI network configuration to add to the plugin chain on each node.  The special
  # values in this config will be automatically populated.
  cni_network_config: |-
        {
          "cniVersion": "0.3.1",
          "name": "istio-cni",
          "type": "istio-cni",

         }
        }
       ],
       "listener_filters_timeout": "0s",
       "traffic_direction": "OUTBOUND",
       "continue_on_listener_filters_timeout": true,
       "default_filter_chain": {
        "filter_chain_match": {},
        "filters": [
         {
          "name": "istio.stats",
          "typed_config": {
           "@type": "type.googleapis.com/stats.PluginConfig"
          }
         },

                        Valid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER
                      enum:
                      - INVALID
                      - LISTENER
                      - FILTER_CHAIN
                      - NETWORK_FILTER
                      - HTTP_FILTER

services.aero setagaya.tokyo.jp seto.aichi.jp setouchi.okayama.jp settlement.museum settlers.museum settsu.osaka.jp sevastopol.ua seven sew sex sex.hu sex.pl sexy sf.no sfr sg sg-1.paas.massivegrid.net sh sh.cn shacknet.nu shakotan.hokkaido.jp shangrila shari.hokkaido.jp sharp shaw shell shell.museum sherbrooke.museum shia shibata.miyagi.jp shibata.niigata.jp shibecha.hokkaido.jp shibetsu.hokkaido.jp shibukawa.gunma.jp shibuya.tokyo.jp shichikashuku.miyagi.jp shichinohe.aomori.jp shiftcrypto.dev shiftcrypto.io...

  responseTypes: [ "code", "token", "id_token" ] # also allowed are "token" and "id_token"
  # By default, Dex will ask for approval to share data with application
  # (approval for sharing data from connected IdP to Dex is separate process on IdP)
  skipApprovalScreen: false
  # If only one authentication method is enabled, the default behavior is to

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

    affinity: {}

    # Custom annotations on pod level, if you need them
    podAnnotations: {}

    # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")?
    # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case
    chained: true

    # Custom configuration happens based on the CNI provider.

SIDECAR_OUTBOUND - GATEWAY type: string listener: description: Match on envoy listener attributes. properties: filterChain: description: Match a specific filter chain in a listener. properties: applicationProtocols: description: Applies only to sidecars. type: string destinationPort: description: The destination_port value used by a filter chain's match condition. type: integer filter: description: The name of a specific filter to apply the patch to. properties: name: description: The filter name to...

                        Valid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER
                      enum:
                      - INVALID
                      - LISTENER
                      - FILTER_CHAIN
                      - NETWORK_FILTER
                      - HTTP_FILTER

# See the License for the specific language governing permissions and
# limitations under the License.
# ============================================================================

name: Scorecards supply-chain security
on:
  # Only the default branch is supported.
  branch_protection_rule:
  schedule:
    - cron: '44 15 * * 5'
  push:
    branches: [ master ]

# Declare default permissions as read only.