global:
  controlPlaneSecurityEnabled: true

  mtls:
    # Default setting for service-to-service mtls. Can be set explicitly using
    # destination rules or service annotations.
    enabled: true

  sds:
    enabled: true
    udsPath: "unix:/var/run/sds/uds_path"
    # For GoogleCA, the aud field need to be set to the trustDomain, which is also set at the
    # installation/configuration time, e.g. by running helm template.
    token:
      aud: ""

  trustDomain: ""

  useMCP: true

nodeagent:
  enabled: true
  image: node-agent-k8s
  env:
    CA_PROVIDER: "GoogleCA"
    CA_ADDR: "meshca.googleapis.com:443"
    PLUGINS: "GoogleTokenExchange"
    GKE_CLUSTER_URL: ""