format: int32
                              type: integer
                            splitExternalLocalOriginErrors:
                              description: Determines whether to distinguish local
                                origin failures from external errors.
                              type: boolean
                          type: object
                        portLevelSettings:

        that actually comes up in the real world. We want to hear the real-world use case so the
        community can discuss and debate whether this feature is actually the *best* way to address
        the real use case, or whether or not a different abstraction might be more appropriate.


        It's okay if you can't provide complete context on a use case. We understand if you are not

      targetPort: 443
    annotations: {}
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    externalTrafficPolicy: ""
    externalIPs: []
    ipFamilyPolicy: ""
    ipFamilies: []
    ## Whether to automatically allocate NodePorts (only for LoadBalancers).
    # allocateLoadBalancerNodePorts: false

  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits:
      cpu: 2000m

    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1
        with:

    name: "validate"
    runs-on: ubuntu-latest
    steps:
      - name: Check out a copy of the repository
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0

      - name: Check whether the citation metadata from CITATION.cff is valid
        uses: citation-file-format/cffconvert-github-action@4cf11baa70a673bfdf9dad0acc7ee33b3f4b6084 # v2.0.0
        with:

        that it's for a use case that actually comes up in the real world. We want to hear the
        real-world use case so the community can discuss and debate whether this feature is actually
        the *best* way to address the real use case, or whether or not a different approach might be
        more appropriate.


        It's okay if you can't provide complete context on a use case. We understand if you are not

    app: istiod
    release: {{ .Release.Name }}
    istio: istiod
    istio.io/rev: {{ .Values.revision | default "default" | quote }}
webhooks:
  # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks
  # are rejecting invalid configs on a per-revision basis.
  - name: rev.validation.istio.io
    clientConfig:
      # Should change from base but cannot for API compat
      {{- if .Values.base.validationURL }}

  docs-all-green:  # This job does nothing and is only used for the branch protection
    if: always()
    needs:
      - build-docs
    runs-on: ubuntu-latest
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}

    resources:
      requests:
        cpu: 500m
        memory: 2048Mi
    # Set to `type: RuntimeDefault` to use the default profile if available.
    seccompProfile: {}
    # Whether to use an existing CNI installation
    cni:
      enabled: false
      provider: default
    # Additional container arguments
    extraContainerArgs: []
    env: {}
    # Settings related to the untaint controller

the secret that holds the TLS certs for the client including the CA certificates. type: string insecureSkipVerify: description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.' nullable: true type: boolean mode: description: Indicates whether connections to this port should be secured using TLS. enum: - DISABLE - SIMPLE - MUTUAL - ISTIO_MUTUAL type: string privateKey: description: REQUIRED if mode...