# This is used to generate istio-auth-multicluster.yaml, used for CI/CD.
global:
  # controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are
  # propagated, not recommended for tests.
  controlPlaneSecurityEnabled: true

  mtls:
    # Default setting for service-to-service mtls. Can be set explicitly using
    # destination rules or service annotations.
    enabled: true

  proxy:
    accessLogFile: "/dev/stdout"

  ## imagePullSecrets for all ServiceAccount. Must be set for any cluster configured with private docker registry.
  # imagePullSecrets:
  #   - name: "private-registry-key"

# In a multiple cluster environment, citadel uses the same root certificate in all the clusters
security:
  selfSigned: false