if [ -z "${JOB_NAME:-}" ] || ! command -v otel-cli &> /dev/null
  then
    "${@:2}"
    return "$?"
  fi

  # Disable execution tracing to avoid noise
  { [[ $- = *x* ]] && was_execution_trace=1 || was_execution_trace=0; } 2>/dev/null
  { set +x; } 2>/dev/null
  # Throughout, "local" usage is critical to avoid nested calls overwriting things

This allows the same configurations and lifecycle to apply to gateways as sidecars.

Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label.
See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info.

### Examples

#### Egress Gateway

{{ $pilotVals := pick .Values.pilot "cni" -}}
{{ $vals = set $vals "pilot" $pilotVals -}}
{{ $vals | toPrettyJson | indent 4 }}

  # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching
  # and istiod webhook functionality.
  #
  # New fields should not use Values - it is a 'primary' config object, users should be able

          - telemetry.istio.io
          - extensions.istio.io
        apiVersions:
          - "*"
        resources:
          - "*"

    {{- if .Values.base.validationCABundle }}
    # Disable webhook controller in Pilot to stop patching it
    failurePolicy: Fail
    {{- else }}
    # Fail open until the validation webhook is ready. The webhook controller

          - telemetry.istio.io
          - extensions.istio.io
        apiVersions:
          - "*"
        resources:
          - "*"
    {{- if .Values.base.validationCABundle }}
    # Disable webhook controller in Pilot to stop patching it
    failurePolicy: Fail
    {{- else }}
    # Fail open until the validation webhook is ready. The webhook controller

|OUTPUT_CERT|write all fetched certificates to some directory. Used to support applications that need certificates (Prometheus) as well as rotating mTLS control plane authentication.|
|FILE_MOUNTED_CERTS|completely disable CA path, exclusively use certs mounted into the pod with set certificate file locations|
|CREDENTIAL_FETCHER_TYPE|allows using custom credential fetcher, for VMs with existing identity|

{{ $pilotVals := pick .Values.pilot "cni" -}}
{{ $vals = set $vals "pilot" $pilotVals -}}
{{ $vals | toPrettyJson | indent 4 }}

  # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching
  # and istiod webhook functionality.
  #
  # New fields should not use Values - it is a 'primary' config object, users should be able

# Avoid creating a bunch of RBAC rules for features we are not enabling
rbac:
  create: false
  pspEnabled: false

# Disable test pods
testFramework:
  enabled: false

podLabels:
  sidecar.istio.io/inject: "false"

# Demo only, so we will have no authentication
admin:
  existingSecret: ""
ldap:
  existingSecret: true
env:
  GF_SECURITY_ADMIN_USER: "admin"
  GF_SECURITY_ADMIN_PASSWORD: "admin"

          - telemetry.istio.io
          - extensions.istio.io
        apiVersions:
          - "*"
        resources:
          - "*"
    {{- if .Values.base.validationCABundle }}
    # Disable webhook controller in Pilot to stop patching it
    failurePolicy: Fail
    {{- else }}
    # Fail open until the validation webhook is ready. The webhook controller

#!/bin/bash
# shellcheck disable=SC2034

# WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY
#
# The original version of this file is located in the https://github.com/istio/common-files repo.
# If you're looking at this file in a different repo and want to make a change, please go to the
# common-files repo, make the change there and check it in. Then come back to this repo and run
# "make update-common".

# Copyright Istio Authors
#