#
# sidecar-injector webhook configuration
#
enabled: true
replicaCount: 1
rollingMaxSurge: 100%
rollingMaxUnavailable: 25%
image: sidecar_injector
enableNamespacesByDefault: false
nodeSelector: {}
tolerations: []
podAnnotations: {}

# Specify the pod anti-affinity that allows you to constrain which nodes
# your pod is eligible to be scheduled based on labels on pods that are
# already running on the node rather than based on labels on nodes.
# There are currently two types of anti-affinity:
#    "requiredDuringSchedulingIgnoredDuringExecution"
#    "preferredDuringSchedulingIgnoredDuringExecution"
# which denote "hard" vs. "soft" requirements, you can define your values
# in "podAntiAffinityLabelSelector" and "podAntiAffinityTermLabelSelector"
# correspondingly.
# For example:
# podAntiAffinityLabelSelector:
# - key: security
#   operator: In
#   values: S1,S2
#   topologyKey: "kubernetes.io/hostname"
# This pod anti-affinity rule says that the pod requires not to be scheduled
# onto a node if that node is already running a pod with label having key
# "security" and value "S1".
podAntiAffinityLabelSelector: []
podAntiAffinityTermLabelSelector: []

# If true, webhook or istioctl injector will rewrite PodSpec for liveness
# health check to redirect request to sidecar. This makes liveness check work
# even when mTLS is enabled.
rewriteAppHTTPProbe: false

# You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or
# always skip the injection on pods that match that label selector, regardless of the global policy.
# See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions
neverInjectSelector: []

alwaysInjectSelector: []

# injectedAnnotations are additional annotations that will be added to the pod spec after injection
# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations:
#
# annotations:
#   apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
#   apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
#
# The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before
# the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify:
# injectedAnnotations:
#   container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default
#   container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default
injectedAnnotations: {}