namespace: {{ .Values.global.istioNamespace }}
  labels:
    app: istiod
    release: {{ .Release.Name }}
rules:
# permissions to verify the webhook is ready and rejecting
# invalid config. We use --server-dry-run so no config is persisted.
- apiGroups: ["networking.istio.io"]
  verbs: ["create"]
  resources: ["gateways"]

# For storing CA secret
- apiGroups: [""]
  resources: ["secrets"]

defaults:
  cni:
    hub: ""
    tag: ""
    variant: ""
    image: install-cni
    pullPolicy: ""

    # Configuration log level of istio-cni binary
    # by default istio-cni send all logs to UDS server
    # if want to see them you need change global.logging.level with cni:debug
    logLevel: debug

    # Configuration file to insert istio-cni plugin configuration
    # by default this will be the first file found in the cni-conf-dir

      # JWT is intended for the CA.
      token:
        aud: istio-ca
    sts:
      # The service port used by Security Token Service (STS) server to handle token exchange requests.
      # Setting this port to a non-zero value enables STS server.
      servicePort: 0
    # The name of the CA for workload certificates.
    # For example, when caName=GkeWorkloadCertificate, GKE workload certificates

  namespace: {{ .Values.global.istioNamespace }}
  labels:
    app: istiod
    release: {{ .Release.Name }}
rules:
# permissions to verify the webhook is ready and rejecting
# invalid config. We use --server-dry-run so no config is persisted.
- apiGroups: ["networking.istio.io"]
  verbs: ["create"]
  resources: ["gateways"]

# For storing CA secret
- apiGroups: [""]
  resources: ["secrets"]

        client version: 1.0.0
        control plane version: 1.0.0
        data plane version: 1.0.0 (100 proxies)
        $ kubectl version
        Client Version: v1.0.0
        Kustomize Version: v1.0.0
        Server Version: v1.0.0
      render: Text
    validations:
      required: true
  - type: textarea
    id: additional-info
    attributes:
      label: Additional Information
      description: |

      # JWT is intended for the CA.
      token:
        aud: istio-ca

    sts:
      # The service port used by Security Token Service (STS) server to handle token exchange requests.
      # Setting this port to a non-zero value enables STS server.
      servicePort: 0

    # whether to use autoscaling/v2 template for HPA settings
    # for internal usage only, not to be configured by users.

      # JWT is intended for the CA.
      token:
        aud: istio-ca

    sts:
      # The service port used by Security Token Service (STS) server to handle token exchange requests.
      # Setting this port to a non-zero value enables STS server.
      servicePort: 0
    # whether to use autoscaling/v2 template for HPA settings
    # for internal usage only, not to be configured by users.
    autoscalingv2API: true