# Penetration test enahncement: check port 15010 & 8080 in istiod: According to https://istio.io/latest/docs/ops/best-practices/security/#control-plane port 15010
# is not that problematic (only resource discovery). Other parts of the documentation also say| 15010 | GRPC | XDS and CA services (Plaintext, only for secure networks) | 
# We have a secure network layer and only XDS is served. 
# Port 8080 is not listed in the service and even if it would be somehow reachable by IP it only "offers read access". 
# Nevertheless we set ENABLE_DEBUG_ON_HTTP=false do disable it entirely.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: istiod
  namespace: istio-system
spec:
  template:
    spec:
      containers:
      - name: discovery
        env:
        - name: ENABLE_DEBUG_ON_HTTP
          value: 'false'