DavadDi · February 5, 2019 11:57
diff --git a/mesh b/mesh
 # cat /etc/istio/config/mesh
 # Set the following variable to true to disable policy checks by the Mixer.
 # Note that metrics will still be reported to the Mixer.
 disablePolicyChecks: false

 # Set enableTracing to false to disable request tracing.
 enableTracing: true

 # Set accessLogFile to empty string to disable access log.
 accessLogFile: "/dev/stdout"
 #
 # Deprecated: mixer is using EDS
 mixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091
 mixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091

 # policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached.
 # Default is false which means the traffic is denied when the client is unable to connect to Mixer.
 policyCheckFailOpen: false

 # Unix Domain Socket through which envoy communicates with NodeAgent SDS to get
 # key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.
 sdsUdsPath: ""

 # How frequently should Envoy fetch key/cert from NodeAgent.
 sdsRefreshDelay: 15s

 #
 defaultConfig:
  #
  # TCP connection timeout between Envoy & the application, and between Envoys.
  connectTimeout: 10s
  #
  ### ADVANCED SETTINGS #############
  # Where should envoy's configuration be stored in the istio-proxy container
  configPath: "/etc/istio/proxy"
  binaryPath: "/usr/local/bin/envoy"
  # The pseudo service name used for Envoy.
  serviceCluster: istio-proxy
  # These settings that determine how long an old Envoy
  # process should be kept alive after an occasional reload.
  drainDuration: 45s
  parentShutdownDuration: 1m0s
  #
  # The mode used to redirect inbound connections to Envoy. This setting
  # has no effect on outbound traffic: iptables REDIRECT is always used for
  # outbound connections.
  # If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy.
  # The "REDIRECT" mode loses source addresses during redirection.
  # If "TPROXY", use iptables TPROXY to redirect to Envoy.
  # The "TPROXY" mode preserves both the source and destination IP
  # addresses and ports, so that they can be used for advanced filtering
  # and manipulation.
  # The "TPROXY" mode also configures the sidecar to run with the
  # CAP_NET_ADMIN capability, which is required to use TPROXY.
  #interceptionMode: REDIRECT
  #
  # Port where Envoy listens (on local host) for admin commands
  # You can exec into the istio-proxy container in a pod and
  # curl the admin port (curl http://localhost:15000/) to obtain
  # diagnostic information from Envoy. See
  # https://lyft.github.io/envoy/docs/operations/admin.html
  # for more details
  proxyAdminPort: 15000
  #
  # Set concurrency to a specific number to control the number of Proxy worker threads.
  # If set to 0 (default), then start worker thread for each CPU thread/core.
  concurrency: 0
  #
  # Zipkin trace collector
  zipkinAddress: zipkin.istio-system:9411
  #
  # Mutual TLS authentication between sidecars and istio control plane.
  controlPlaneAuthPolicy: NONE
  #
  # Address where istio Pilot service is running
	# cat /etc/istio/config/mesh
	# Set the following variable to true to disable policy checks by the Mixer.
	# Note that metrics will still be reported to the Mixer.
	disablePolicyChecks: false

	# Set enableTracing to false to disable request tracing.
	enableTracing: true

	# Set accessLogFile to empty string to disable access log.
	accessLogFile: "/dev/stdout"
	#
	# Deprecated: mixer is using EDS
	mixerCheckServer: istio-policy.istio-system.svc.cluster.local:9091
	mixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091

	# policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached.
	# Default is false which means the traffic is denied when the client is unable to connect to Mixer.
	policyCheckFailOpen: false

	# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get
	# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.
	sdsUdsPath: ""

	# How frequently should Envoy fetch key/cert from NodeAgent.
	sdsRefreshDelay: 15s

	#
	defaultConfig:
	#
	# TCP connection timeout between Envoy & the application, and between Envoys.
	connectTimeout: 10s
	#
	### ADVANCED SETTINGS #############
	# Where should envoy's configuration be stored in the istio-proxy container
	configPath: "/etc/istio/proxy"
	binaryPath: "/usr/local/bin/envoy"
	# The pseudo service name used for Envoy.
	serviceCluster: istio-proxy
	# These settings that determine how long an old Envoy
	# process should be kept alive after an occasional reload.
	drainDuration: 45s
	parentShutdownDuration: 1m0s
	#
	# The mode used to redirect inbound connections to Envoy. This setting
	# has no effect on outbound traffic: iptables REDIRECT is always used for
	# outbound connections.
	# If "REDIRECT", use iptables REDIRECT to NAT and redirect to Envoy.
	# The "REDIRECT" mode loses source addresses during redirection.
	# If "TPROXY", use iptables TPROXY to redirect to Envoy.
	# The "TPROXY" mode preserves both the source and destination IP
	# addresses and ports, so that they can be used for advanced filtering
	# and manipulation.
	# The "TPROXY" mode also configures the sidecar to run with the
	# CAP_NET_ADMIN capability, which is required to use TPROXY.
	#interceptionMode: REDIRECT
	#
	# Port where Envoy listens (on local host) for admin commands
	# You can exec into the istio-proxy container in a pod and
	# curl the admin port (curl http://localhost:15000/) to obtain
	# diagnostic information from Envoy. See
	# https://lyft.github.io/envoy/docs/operations/admin.html
	# for more details
	proxyAdminPort: 15000
	#
	# Set concurrency to a specific number to control the number of Proxy worker threads.
	# If set to 0 (default), then start worker thread for each CPU thread/core.
	concurrency: 0
	#
	# Zipkin trace collector
	zipkinAddress: zipkin.istio-system:9411
	#
	# Mutual TLS authentication between sidecars and istio control plane.
	controlPlaneAuthPolicy: NONE
	#
	# Address where istio Pilot service is running