Describe scenario
I am using the AKS Istio add-on (managed Istio) for a project. Project namespaces have a policy that only allows container images to be pulled only from an internal/private registry and not MCR (mcr.microsoft.com).
Question
Is there a supported way to configure a custom container registry URL for the Istio sidecar proxy injected by the AKS Istio add-on?
For example, in self-managed Istio this is possible via global.hub in the IstioOperator spec, but since the add-on manages the MutatingWebhookConfiguration and sidecar injector, it's unclear if this can be overridden. If not currently supported, is this on the roadmap?
PS: I know that AppNet is currently in preview, and I would prefer to use Ambient Mesh instead once it is GA.
Describe scenario
I am using the AKS Istio add-on (managed Istio) for a project. Project namespaces have a policy that only allows container images to be pulled only from an internal/private registry and not MCR (
mcr.microsoft.com).Question
Is there a supported way to configure a custom container registry URL for the Istio sidecar proxy injected by the AKS Istio add-on?
For example, in self-managed Istio this is possible via
global.hubin theIstioOperatorspec, but since the add-on manages theMutatingWebhookConfigurationand sidecar injector, it's unclear if this can be overridden. If not currently supported, is this on the roadmap?PS: I know that AppNet is currently in preview, and I would prefer to use Ambient Mesh instead once it is GA.