Jagdeep1 · May 14, 2020 09:53
diff --git a/istio.main.yaml b/istio.main.yaml
 apiVersion: install.istio.io/v1alpha1
 kind: IstioOperator
 metadata:
  namespace: istio-system
  name: main-istiocontrolplane
 spec:
 # Using Default profile for this example. You can select differnt profile for your use case
 # https://istio.io/docs/setup/additional-setup/config-profiles/
  profile: default
  values:
    security:
      selfSigned: false

    global:
      controlPlaneSecurityEnabled: true
      mtls:
        # Require all service to service communication to have mtls
        enabled: true
      multiCluster:
        clusterName: ${MAIN_CLUSTER_NAME}
      network: ${MAIN_CLUSTER_NETWORK}

      meshNetworks:
        ${MAIN_CLUSTER_NETWORK}:
          endpoints:
            - fromRegistry: Kubernetes
          gateways:
            - registry_service_name: istio-ingressgateway.istio-system.svc.cluster.local
              port: 443

        ${REMOTE_CLUSTER_NETWORK}:
          endpoints:
          # Remote cluster name is very important for service discovery across cluster
            - fromRegistry: ${REMOTE_CLUSTER_NAME}
          gateways:
            - registry_service_name: istio-ingressgateway.istio-system.svc.cluster.local
              port: 443
      # This configuration is specific to internal LoadBalancer setup
  components:
    pilot:
      k8s:
        service:
          type: LoadBalancer
        service_annotations:
        # This service annotation is specific to AKS. You can use different annotation
        # for your colud provider
          service.beta.kubernetes.io/azure-load-balancer-internal: "true"
        # Enable or desable addon components
  addonComponents:
    grafana:
      enabled: false
    kiali:
      enabled: true
    prometheus:
      enabled: true
	apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	metadata:
	namespace: istio-system
	name: main-istiocontrolplane
	spec:
	# Using Default profile for this example. You can select differnt profile for your use case
	# https://istio.io/docs/setup/additional-setup/config-profiles/
	profile: default
	values:
	security:
	selfSigned: false

	global:
	controlPlaneSecurityEnabled: true
	mtls:
	# Require all service to service communication to have mtls
	enabled: true
	multiCluster:
	clusterName: ${MAIN_CLUSTER_NAME}
	network: ${MAIN_CLUSTER_NETWORK}

	meshNetworks:
	${MAIN_CLUSTER_NETWORK}:
	endpoints:
	- fromRegistry: Kubernetes
	gateways:
	- registry_service_name: istio-ingressgateway.istio-system.svc.cluster.local
	port: 443

	${REMOTE_CLUSTER_NETWORK}:
	endpoints:
	# Remote cluster name is very important for service discovery across cluster
	- fromRegistry: ${REMOTE_CLUSTER_NAME}
	gateways:
	- registry_service_name: istio-ingressgateway.istio-system.svc.cluster.local
	port: 443
	# This configuration is specific to internal LoadBalancer setup
	components:
	pilot:
	k8s:
	service:
	type: LoadBalancer
	service_annotations:
	# This service annotation is specific to AKS. You can use different annotation
	# for your colud provider
	service.beta.kubernetes.io/azure-load-balancer-internal: "true"
	# Enable or desable addon components
	addonComponents:
	grafana:
	enabled: false
	kiali:
	enabled: true
	prometheus:
	enabled: true