diff --git a/content/en/blog/2019/performance-best-practices/index.md b/content/en/blog/2019/performance-best-practices/index.md
index ef21541917..ffb5e58b2e 100644
--- a/content/en/blog/2019/performance-best-practices/index.md
+++ b/content/en/blog/2019/performance-best-practices/index.md
@@ -33,7 +33,7 @@ Say you run 2,000 Envoy-injected pods, each handling 1,000 requests per second.
 It is also important to focus on data plane performance for **latency** reasons. This is because most application requests move through the Istio data plane, not the control plane. There are two exceptions:
 
 1.  **Telemetry reporting:** Each proxy sends raw telemetry data to {{<gloss>}}Mixer{{</gloss>}}, which Mixer processes into metrics, traces, and other telemetry. The raw telemetry data is similar to access logs, and therefore comes at a cost. Access log processing consumes CPU and keeps a worker thread from picking up the next unit of work. At higher throughput, it is more likely that the next unit of work is waiting in the queue to be picked up by the worker. This can lead to long-tail (99th percentile) latency for Envoy.
-1.  **Custom policy checks:** When using [custom Istio policy adapters](/docs/concepts/observability/), policy checks are on the request path. This means that request headers and metadata on the data path will be sent to the control plane (Mixer), resulting in higher request latency. **Note:** These policy checks are [disabled by default](/docs/reference/config/installation-options/#global-options), as the most common policy use case ([RBAC](https://archive.istio.io/1.4/docs/reference/config/security/istio.rbac.v1alpha1)) is performed entirely by the Envoy proxies.
+1.  **Custom policy checks:** When using [custom Istio policy adapters](/docs/concepts/observability/), policy checks are on the request path. This means that request headers and metadata on the data path will be sent to the control plane (Mixer), resulting in higher request latency. **Note:** These policy checks are [disabled by default](https://archive.istio.io/v1.4/docs/reference/config/installation-options/), as the most common policy use case ([RBAC](https://archive.istio.io/v1.4/docs/reference/config/security/istio.rbac.v1alpha1)) is performed entirely by the Envoy proxies.
 
 Both of these exceptions will go away in a future Istio release, when [Mixer V2](https://docs.google.com/document/d/1QKmtem5jU_2F3Lh5SqLp0IuPb80_70J7aJEYu4_gS-s) moves all policy and telemetry features directly into the proxies.
 
@@ -110,4 +110,4 @@ Istio's performance depends on your specific setup and traffic load. Because of
 
 Also check out the [Istio Performance and Scalability guide](/docs/ops/deployment/performance-and-scalability) for the most up-to-date performance data.
 
-Thank you for reading, and happy benchmarking!
\ No newline at end of file
+Thank you for reading, and happy benchmarking!
diff --git a/content/en/docs/ops/configuration/mesh/secret-creation/index.md b/content/en/docs/ops/configuration/mesh/secret-creation/index.md
index 91448dc746..86386a2a2a 100644
--- a/content/en/docs/ops/configuration/mesh/secret-creation/index.md
+++ b/content/en/docs/ops/configuration/mesh/secret-creation/index.md
@@ -17,7 +17,7 @@ deployed in a single cluster, and the following targeting rules are applied to e
 
 1. `ca.istio.io/override` namespace label: *boolean valued* label which overrides all other configurations and forces all Citadel instances either to target or ignore a namespace
 
-1. [`enableNamespacesByDefault` security configuration](/docs/reference/config/installation-options/#security-options): default behavior if no labels are found on the `ServiceAccount`'s namespace
+1. [`enableNamespacesByDefault` security configuration](https://archive.istio.io/v1.4/docs/reference/config/installation-options/): default behavior if no labels are found on the `ServiceAccount`'s namespace
 
 From these three values, the decision process mirrors that of the [`Sidecar Injection Webhook`](/docs/ops/configuration/mesh/injection-concepts/). The detailed behavior is that:
 
diff --git a/content/en/docs/reference/config/installation-options/index.md b/content/en/docs/reference/config/installation-options/index.md
deleted file mode 100644
index 8a77289670..0000000000
--- a/content/en/docs/reference/config/installation-options/index.md
+++ /dev/null
@@ -1,596 +0,0 @@
----
-title: Installation Options (Helm)
-description: Describes the options available when installing Istio using Helm charts.
-weight: 15
-keywords: [kubernetes,helm]
-force_inline_toc: true
----
-
-{{< warning >}}
-Installing Istio with Helm is in the process of deprecation, however, you can use these Helm
-configuration options when [installing Istio with {{< istioctl >}}](/docs/setup/install/istioctl/)
-by prepending the string "`values.`" to the option name. For example, instead of this `helm` command:
-
-{{< text bash >}}
-$ helm template ... --set global.controlPlaneSecurityEnabled=true
-{{< /text >}}
-
-You can use this `istioctl` command:
-
-{{< text bash >}}
-$ istioctl manifest generate ... --set values.global.controlPlaneSecurityEnabled=true
-{{< /text >}}
-
-Refer to [customizing the configuration](/docs/setup/install/istioctl/#customizing-the-configuration) for details.
-{{< /warning >}}
-
-{{< warning >}}
-This document is unfortunately out of date with the latest changes in the set of supported options.
-To get the exact set of supported options, please see the [Install charts]({{< github_tree >}}/manifests).
-{{< /warning >}}
-
-<!-- Run python scripts/tablegen.py to generate this table -->
-
-<!-- AUTO-GENERATED-START -->
-## `certmanager` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `certmanager.enabled` | `false` |  |
-| `certmanager.replicaCount` | `1` |  |
-| `certmanager.hub` | `quay.io/jetstack` |  |
-| `certmanager.image` | `cert-manager-controller` |  |
-| `certmanager.tag` | `v0.8.1` |  |
-| `certmanager.resources` | `{}` |  |
-| `certmanager.nodeSelector` | `{}` |  |
-| `certmanager.tolerations` | `[]` |  |
-| `certmanager.podAnnotations` | `{}` |  |
-| `certmanager.podAntiAffinityLabelSelector` | `[]` |  |
-| `certmanager.podAntiAffinityTermLabelSelector` | `[]` |  |
-
-## `galley` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `galley.enabled` | `true` |  |
-| `galley.replicaCount` | `1` |  |
-| `galley.rollingMaxSurge` | `100%` |  |
-| `galley.rollingMaxUnavailable` | `25%` |  |
-| `galley.image` | `galley` |  |
-| `galley.nodeSelector` | `{}` |  |
-| `galley.tolerations` | `[]` |  |
-| `galley.podAnnotations` | `{}` |  |
-| `galley.podAntiAffinityLabelSelector` | `[]` |  |
-| `galley.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `galley.enableServiceDiscovery` | `false` | `Enable service discovery processing in Galley` |
-| `galley.enableAnalysis` | `false` | `Enable analysis and status update in Galley` |
-
-## `gateways` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `gateways.enabled` | `true` |  |
-| `gateways.istio-ingressgateway.enabled` | `true` |  |
-| `gateways.istio-ingressgateway.sds.enabled` | `false` | `If true, ingress gateway fetches credentials from SDS server to handle TLS connections.` |
-| `gateways.istio-ingressgateway.sds.image` | `node-agent-k8s` | `SDS server that watches kubernetes secrets and provisions credentials to ingress gateway. This server runs in the same pod as ingress gateway.` |
-| `gateways.istio-ingressgateway.sds.resources.requests.cpu` | `100m` |  |
-| `gateways.istio-ingressgateway.sds.resources.requests.memory` | `128Mi` |  |
-| `gateways.istio-ingressgateway.sds.resources.limits.cpu` | `2000m` |  |
-| `gateways.istio-ingressgateway.sds.resources.limits.memory` | `1024Mi` |  |
-| `gateways.istio-ingressgateway.labels.app` | `istio-ingressgateway` |  |
-| `gateways.istio-ingressgateway.labels.istio` | `ingressgateway` |  |
-| `gateways.istio-ingressgateway.autoscaleEnabled` | `true` |  |
-| `gateways.istio-ingressgateway.autoscaleMin` | `1` |  |
-| `gateways.istio-ingressgateway.autoscaleMax` | `5` |  |
-| `gateways.istio-ingressgateway.rollingMaxSurge` | `100%` |  |
-| `gateways.istio-ingressgateway.rollingMaxUnavailable` | `25%` |  |
-| `gateways.istio-ingressgateway.resources.requests.cpu` | `100m` |  |
-| `gateways.istio-ingressgateway.resources.requests.memory` | `128Mi` |  |
-| `gateways.istio-ingressgateway.resources.limits.cpu` | `2000m` |  |
-| `gateways.istio-ingressgateway.resources.limits.memory` | `1024Mi` |  |
-| `gateways.istio-ingressgateway.cpu.targetAverageUtilization` | `80` |  |
-| `gateways.istio-ingressgateway.loadBalancerIP` | `""` |  |
-| `gateways.istio-ingressgateway.loadBalancerSourceRanges` | `[]` |  |
-| `gateways.istio-ingressgateway.externalIPs` | `[]` |  |
-| `gateways.istio-ingressgateway.serviceAnnotations` | `{}` |  |
-| `gateways.istio-ingressgateway.podAnnotations` | `{}` |  |
-| `gateways.istio-ingressgateway.type` | `LoadBalancer` | `change to NodePort, ClusterIP or LoadBalancer if need be` |
-| `gateways.istio-ingressgateway.ports.targetPort` | `15020` |  |
-| `gateways.istio-ingressgateway.ports.name` | `status-port` |  |
-| `gateways.istio-ingressgateway.ports.targetPort` | `80` |  |
-| `gateways.istio-ingressgateway.ports.name` | `http2` |  |
-| `gateways.istio-ingressgateway.ports.nodePort` | `31380` |  |
-| `gateways.istio-ingressgateway.ports.name` | `https` |  |
-| `gateways.istio-ingressgateway.ports.nodePort` | `31390` |  |
-| `gateways.istio-ingressgateway.ports.name` | `tcp` |  |
-| `gateways.istio-ingressgateway.ports.nodePort` | `31400` |  |
-| `gateways.istio-ingressgateway.ports.targetPort` | `15029` |  |
-| `gateways.istio-ingressgateway.ports.name` | `https-kiali` |  |
-| `gateways.istio-ingressgateway.ports.targetPort` | `15030` |  |
-| `gateways.istio-ingressgateway.ports.name` | `https-prometheus` |  |
-| `gateways.istio-ingressgateway.ports.targetPort` | `15031` |  |
-| `gateways.istio-ingressgateway.ports.name` | `https-grafana` |  |
-| `gateways.istio-ingressgateway.ports.targetPort` | `15032` |  |
-| `gateways.istio-ingressgateway.ports.name` | `https-tracing` |  |
-| `gateways.istio-ingressgateway.ports.targetPort` | `15443` |  |
-| `gateways.istio-ingressgateway.ports.name` | `tls` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.targetPort` | `15011` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.name` | `tcp-pilot-grpc-tls` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.targetPort` | `15004` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.name` | `tcp-mixer-grpc-tls` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.targetPort` | `8060` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.name` | `tcp-citadel-grpc-tls` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.targetPort` | `853` |  |
-| `gateways.istio-ingressgateway.meshExpansionPorts.name` | `tcp-dns-tls` |  |
-| `gateways.istio-ingressgateway.secretVolumes.secretName` | `istio-ingressgateway-certs` |  |
-| `gateways.istio-ingressgateway.secretVolumes.mountPath` | `/etc/istio/ingressgateway-certs` |  |
-| `gateways.istio-ingressgateway.secretVolumes.secretName` | `istio-ingressgateway-ca-certs` |  |
-| `gateways.istio-ingressgateway.secretVolumes.mountPath` | `/etc/istio/ingressgateway-ca-certs` |  |
-| `gateways.istio-ingressgateway.env.ISTIO_META_ROUTER_MODE` | `"standard"` | `By default, a gateway is in "standard" mode. If the mode is set to "sni-dnat", pilot generates an additional set of clusters for internal services without Istio mTLS, to enable cross cluster routing. Enable when using multi-cluster routing.` |
-| `gateways.istio-ingressgateway.nodeSelector` | `{}` |  |
-| `gateways.istio-ingressgateway.tolerations` | `[]` |  |
-| `gateways.istio-ingressgateway.podAntiAffinityLabelSelector` | `[]` |  |
-| `gateways.istio-ingressgateway.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `gateways.istio-egressgateway.enabled` | `false` |  |
-| `gateways.istio-egressgateway.labels.app` | `istio-egressgateway` |  |
-| `gateways.istio-egressgateway.labels.istio` | `egressgateway` |  |
-| `gateways.istio-egressgateway.autoscaleEnabled` | `true` |  |
-| `gateways.istio-egressgateway.autoscaleMin` | `1` |  |
-| `gateways.istio-egressgateway.autoscaleMax` | `5` |  |
-| `gateways.istio-egressgateway.rollingMaxSurge` | `100%` |  |
-| `gateways.istio-egressgateway.rollingMaxUnavailable` | `25%` |  |
-| `gateways.istio-egressgateway.resources.requests.cpu` | `100m` |  |
-| `gateways.istio-egressgateway.resources.requests.memory` | `128Mi` |  |
-| `gateways.istio-egressgateway.resources.limits.cpu` | `2000m` |  |
-| `gateways.istio-egressgateway.resources.limits.memory` | `1024Mi` |  |
-| `gateways.istio-egressgateway.cpu.targetAverageUtilization` | `80` |  |
-| `gateways.istio-egressgateway.serviceAnnotations` | `{}` |  |
-| `gateways.istio-egressgateway.podAnnotations` | `{}` |  |
-| `gateways.istio-egressgateway.type` | `ClusterIP` | `change to NodePort or LoadBalancer if need be` |
-| `gateways.istio-egressgateway.ports.name` | `http2` |  |
-| `gateways.istio-egressgateway.ports.name` | `https` |  |
-| `gateways.istio-egressgateway.ports.targetPort` | `15443` |  |
-| `gateways.istio-egressgateway.ports.name` | `tls` |  |
-| `gateways.istio-egressgateway.secretVolumes.secretName` | `istio-egressgateway-certs` |  |
-| `gateways.istio-egressgateway.secretVolumes.mountPath` | `/etc/istio/egressgateway-certs` |  |
-| `gateways.istio-egressgateway.secretVolumes.secretName` | `istio-egressgateway-ca-certs` |  |
-| `gateways.istio-egressgateway.secretVolumes.mountPath` | `/etc/istio/egressgateway-ca-certs` |  |
-| `gateways.istio-egressgateway.env.ISTIO_META_ROUTER_MODE` | `"standard"` |  |
-| `gateways.istio-egressgateway.nodeSelector` | `{}` |  |
-| `gateways.istio-egressgateway.tolerations` | `[]` |  |
-| `gateways.istio-egressgateway.podAntiAffinityLabelSelector` | `[]` |  |
-| `gateways.istio-egressgateway.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `gateways.istio-ilbgateway.enabled` | `false` |  |
-| `gateways.istio-ilbgateway.labels.app` | `istio-ilbgateway` |  |
-| `gateways.istio-ilbgateway.labels.istio` | `ilbgateway` |  |
-| `gateways.istio-ilbgateway.autoscaleEnabled` | `true` |  |
-| `gateways.istio-ilbgateway.autoscaleMin` | `1` |  |
-| `gateways.istio-ilbgateway.autoscaleMax` | `5` |  |
-| `gateways.istio-ilbgateway.rollingMaxSurge` | `100%` |  |
-| `gateways.istio-ilbgateway.rollingMaxUnavailable` | `25%` |  |
-| `gateways.istio-ilbgateway.cpu.targetAverageUtilization` | `80` |  |
-| `gateways.istio-ilbgateway.resources.requests.cpu` | `800m` |  |
-| `gateways.istio-ilbgateway.resources.requests.memory` | `512Mi` |  |
-| `gateways.istio-ilbgateway.loadBalancerIP` | `""` |  |
-| `gateways.istio-ilbgateway.serviceAnnotations.cloud.google.com/load-balancer-type` | `"internal"` |  |
-| `gateways.istio-ilbgateway.podAnnotations` | `{}` |  |
-| `gateways.istio-ilbgateway.type` | `LoadBalancer` |  |
-| `gateways.istio-ilbgateway.ports.name` | `grpc-pilot-mtls` |  |
-| `gateways.istio-ilbgateway.ports.name` | `grpc-pilot` |  |
-| `gateways.istio-ilbgateway.ports.targetPort` | `8060` |  |
-| `gateways.istio-ilbgateway.ports.name` | `tcp-citadel-grpc-tls` |  |
-| `gateways.istio-ilbgateway.ports.name` | `tcp-dns` |  |
-| `gateways.istio-ilbgateway.secretVolumes.secretName` | `istio-ilbgateway-certs` |  |
-| `gateways.istio-ilbgateway.secretVolumes.mountPath` | `/etc/istio/ilbgateway-certs` |  |
-| `gateways.istio-ilbgateway.secretVolumes.secretName` | `istio-ilbgateway-ca-certs` |  |
-| `gateways.istio-ilbgateway.secretVolumes.mountPath` | `/etc/istio/ilbgateway-ca-certs` |  |
-| `gateways.istio-ilbgateway.nodeSelector` | `{}` |  |
-| `gateways.istio-ilbgateway.tolerations` | `[]` |  |
-
-## `global` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `global.hub` | `gcr.io/istio-testing` | `Default hub for Istio images. Releases are published to docker hub under 'istio' project. Dev builds from prow are on gcr.io` |
-| `global.tag` | `1.5-dev` | `Default tag for Istio images.` |
-| `global.logging.level` | `"default:info"` |  |
-| `global.monitoringPort` | `15014` | `monitoring port used by mixer, pilot, galley and sidecar injector` |
-| `global.k8sIngress.enabled` | `false` |  |
-| `global.k8sIngress.gatewayName` | `ingressgateway` | `Gateway used for k8s Ingress resources. By default it is using 'istio:ingressgateway' that will be installed by setting 'gateways.enabled' and 'gateways.istio-ingressgateway.enabled' flags to true.` |
-| `global.k8sIngress.enableHttps` | `false` | `enableHttps will add port 443 on the ingress. It REQUIRES that the certificates are installed  in the expected secrets - enabling this option without certificates will result in LDS rejection and the ingress will not work.` |
-| `global.proxy.image` | `proxyv2` | `use fully qualified image names for alternate path to proxy.` |
-| `global.proxy.clusterDomain` | `"cluster.local"` | `cluster domain. Default value is "cluster.local".` |
-| `global.proxy.resources.requests.cpu` | `100m` |  |
-| `global.proxy.resources.requests.memory` | `128Mi` |  |
-| `global.proxy.resources.limits.cpu` | `2000m` |  |
-| `global.proxy.resources.limits.memory` | `1024Mi` |  |
-| `global.proxy.concurrency` | `2` | `Controls number of Proxy worker threads. If set to 0, then start worker thread for each CPU thread/core.` |
-| `global.proxy.accessLogFile` | `""` |  |
-| `global.proxy.accessLogFormat` | `""` | `Configure how and what fields are displayed in sidecar access log. Setting to empty string will result in default log format` |
-| `global.proxy.accessLogEncoding` | `TEXT` | `Configure the access log for sidecar to JSON or TEXT.` |
-| `global.proxy.envoyAccessLogService.enabled` | `false` |  |
-| `global.proxy.envoyAccessLogService.host` | `` | `example: accesslog-service.istio-system` |
-| `global.proxy.envoyAccessLogService.port` | `` | `example: 15000` |
-| `global.proxy.envoyAccessLogService.tlsSettings.mode` | `DISABLE` | `DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL` |
-| `global.proxy.envoyAccessLogService.tlsSettings.clientCertificate` | `` | `example: /etc/istio/als/cert-chain.pem` |
-| `global.proxy.envoyAccessLogService.tlsSettings.privateKey` | `` | `example: /etc/istio/als/key.pem` |
-| `global.proxy.envoyAccessLogService.tlsSettings.caCertificates` | `` | `example: /etc/istio/als/root-cert.pem` |
-| `global.proxy.envoyAccessLogService.tlsSettings.sni` | `` | `example: als.somedomain` |
-| `global.proxy.envoyAccessLogService.tlsSettings.subjectAltNames` | `[]` |  |
-| `global.proxy.envoyAccessLogService.tcpKeepalive.probes` | `3` |  |
-| `global.proxy.envoyAccessLogService.tcpKeepalive.time` | `10s` |  |
-| `global.proxy.envoyAccessLogService.tcpKeepalive.interval` | `10s` |  |
-| `global.proxy.logLevel` | `""` | `Log level for proxy, applies to gateways and sidecars.  If left empty, "warning" is used. Expected values are: trace\|debug\|info\|warning\|error\|critical\|off` |
-| `global.proxy.componentLogLevel` | `""` | `Per Component log level for proxy, applies to gateways and sidecars. If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used.` |
-| `global.proxy.dnsRefreshRate` | `300s` | `Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS This must be given it terms of seconds. For example, 300s is valid but 5m is invalid.` |
-| `global.proxy.outlierLogPath` | `# example: /dev/stdout` | `Specifies the path to the outlier event log. example: /dev/stdout` |
-| `global.proxy.protocolDetectionTimeout` | `100ms` | `Automatic protocol detection uses a set of heuristics to determine whether the connection is using TLS or not (on the server side), as well as the application protocol being used (e.g., http vs tcp). These heuristics rely on the client sending the first bits of data. For server first protocols like MySQL, MongoDB, etc., Envoy will timeout on the protocol detection after the specified period, defaulting to non mTLS plain TCP traffic. Set this field to tweak the period that Envoy will wait for the client to send the first bits of data. (MUST BE >=1ms)` |
-| `global.proxy.privileged` | `false` | `If set to true, istio-proxy container will have privileged securityContext` |
-| `global.proxy.enableCoreDump` | `false` | `If set, newly injected sidecars will have core dumps enabled.` |
-| `global.proxy.enableCoreDumpImage` | `ubuntu:xenial` | `Image used to enable core dumps. This is only used, when "enableCoreDump" is set to true.` |
-| `global.proxy.statusPort` | `15020` | `Default port for Pilot agent health checks. A value of 0 will disable health checking.` |
-| `global.proxy.readinessInitialDelaySeconds` | `1` | `The initial delay for readiness probes in seconds.` |
-| `global.proxy.readinessPeriodSeconds` | `2` | `The period between readiness probes.` |
-| `global.proxy.readinessFailureThreshold` | `30` | `The number of successive failed probes before indicating readiness failure.` |
-| `global.proxy.includeIPRanges` | `"*"` |  |
-| `global.proxy.excludeIPRanges` | `""` |  |
-| `global.proxy.excludeOutboundPorts` | `""` |  |
-| `global.proxy.kubevirtInterfaces` | `""` | `pod internal interfaces` |
-| `global.proxy.includeInboundPorts` | `"*"` |  |
-| `global.proxy.excludeInboundPorts` | `""` |  |
-| `global.proxy.autoInject` | `enabled` | `This controls the 'policy' in the sidecar injector.` |
-| `global.proxy.envoyStatsd.enabled` | `false` | `If enabled is set to true, host and port must also be provided. Istio no longer provides a statsd collector.` |
-| `global.proxy.envoyStatsd.host` | `` | `example: statsd-svc.istio-system` |
-| `global.proxy.envoyStatsd.port` | `` | `example: 9125` |
-| `global.proxy.envoyMetricsService.enabled` | `false` |  |
-| `global.proxy.envoyMetricsService.host` | `` | `example: metrics-service.istio-system` |
-| `global.proxy.envoyMetricsService.port` | `` | `example: 15000` |
-| `global.proxy.envoyMetricsService.tlsSettings.mode` | `DISABLE` | `DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL` |
-| `global.proxy.envoyMetricsService.tlsSettings.clientCertificate` | `` | `example: /etc/istio/ms/cert-chain.pem` |
-| `global.proxy.envoyMetricsService.tlsSettings.privateKey` | `` | `example: /etc/istio/ms/key.pem` |
-| `global.proxy.envoyMetricsService.tlsSettings.caCertificates` | `` | `example: /etc/istio/ms/root-cert.pem` |
-| `global.proxy.envoyMetricsService.tlsSettings.sni` | `` | `example: ms.somedomain` |
-| `global.proxy.envoyMetricsService.tlsSettings.subjectAltNames` | `[]` |  |
-| `global.proxy.envoyMetricsService.tcpKeepalive.probes` | `3` |  |
-| `global.proxy.envoyMetricsService.tcpKeepalive.time` | `10s` |  |
-| `global.proxy.envoyMetricsService.tcpKeepalive.interval` | `10s` |  |
-| `global.proxy.tracer` | `"zipkin"` | `Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file.` |
-| `global.proxy_init.image` | `proxyv2` | `Base name for the istio-init container, used to configure iptables.` |
-| `global.proxy_init.resources.limits.cpu` | `100m` |  |
-| `global.proxy_init.resources.limits.memory` | `50Mi` |  |
-| `global.proxy_init.resources.requests.cpu` | `10m` |  |
-| `global.proxy_init.resources.requests.memory` | `10Mi` |  |
-| `global.imagePullPolicy` | `IfNotPresent` |  |
-| `global.controlPlaneSecurityEnabled` | `false` | `controlPlaneSecurityEnabled enabled. Will result in delays starting the pods while secrets are propagated, not recommended for tests.` |
-| `global.disablePolicyChecks` | `true` | `disablePolicyChecks disables mixer policy checks. if mixer.policy.enabled==true then disablePolicyChecks has affect. Will set the value with same name in istio config map - pilot needs to be restarted to take effect.` |
-| `global.policyCheckFailOpen` | `false` | `policyCheckFailOpen allows traffic in cases when the mixer policy service cannot be reached. Default is false which means the traffic is denied when the client is unable to connect to Mixer.` |
-| `global.enableTracing` | `true` | `EnableTracing sets the value with same name in istio config map, requires pilot restart to take effect.` |
-| `global.tracer.lightstep.address` | `""` | `example: lightstep-satellite:443` |
-| `global.tracer.lightstep.accessToken` | `""` | `example: abcdefg1234567` |
-| `global.tracer.lightstep.secure` | `true` | `example: true\|false` |
-| `global.tracer.lightstep.cacertPath` | `""` | `example: /etc/lightstep/cacert.pem` |
-| `global.tracer.zipkin.address` | `""` |  |
-| `global.tracer.datadog.address` | `"$(HOST_IP):8126"` |  |
-| `global.tracer.stackdriver.debug` | `false` | `enables trace output to stdout.` |
-| `global.tracer.stackdriver.maxNumberOfAttributes` | `200` | `The global default max number of attributes per span.` |
-| `global.tracer.stackdriver.maxNumberOfAnnotations` | `200` | `The global default max number of annotation events per span.` |
-| `global.tracer.stackdriver.maxNumberOfMessageEvents` | `200` | `The global default max number of message events per span.` |
-| `global.mtls.enabled` | `false` | `Default setting for service-to-service mtls. Can be set explicitly using destination rules or service annotations.` |
-| `global.mtls.auto` | `true` | `If set to true, and a given service does not have a corresponding DestinationRule configured, or its DestinationRule does not have TLSSettings specified, Istio configures client side TLS configuration automatically, based on the server side mTLS authentication policy and the availibity of sidecars.` |
-| `global.imagePullSecrets` | `[]` | `Lists the secrets you need to use to pull Istio images from a private registry.` |
-| `global.arch.amd64` | `2` |  |
-| `global.arch.s390x` | `2` |  |
-| `global.arch.ppc64le` | `2` |  |
-| `global.oneNamespace` | `false` | `Whether to restrict the applications namespace the controller manages; If not set, controller watches all namespaces` |
-| `global.defaultNodeSelector` | `{}` | `Default node selector to be applied to all deployments so that all pods can be constrained to run a particular nodes. Each component can overwrite these default values by adding its node selector block in the relevant section below and setting the desired values.` |
-| `global.defaultTolerations` | `[]` | `Default node tolerations to be applied to all deployments so that all pods can be scheduled to a particular nodes with matching taints. Each component can overwrite these default values by adding its tolerations block in the relevant section below and setting the desired values. Configure this field in case that all pods of Istio control plane are expected to be scheduled to particular nodes with specified taints.` |
-| `global.configValidation` | `true` | `Whether to perform server-side validation of configuration.` |
-| `global.meshExpansion.enabled` | `false` |  |
-| `global.meshExpansion.useILB` | `false` | `If set to true, the pilot and citadel mtls and the plaintext pilot ports will be exposed on an internal gateway` |
-| `global.multiCluster.enabled` | `false` | `Set to true to connect two kubernetes clusters via their respective ingressgateway services when pods in each cluster cannot directly talk to one another. All clusters should be using Istio mTLS and must have a shared root CA for this model to work.` |
-| `global.multiCluster.clusterName` | `""` | `Should be set to the name of the cluster this installation will run in. This is required for sidecar injection to properly label proxies` |
-| `global.defaultResources.requests.cpu` | `10m` |  |
-| `global.defaultPodDisruptionBudget.enabled` | `true` |  |
-| `global.priorityClassName` | `""` |  |
-| `global.useMCP` | `true` | `Use the Mesh Control Protocol (MCP) for configuring Mixer and Pilot. Requires galley (--set galley.enabled=true).` |
-| `global.trustDomain` | `""` |  |
-| `global.trustDomainAliases` | `[]` |  |
-| `global.meshID` | `""` | `Mesh ID means Mesh Identifier. It should be unique within the scope where meshes will interact with each other, but it is not required to be globally/universally unique. For example, if any of the following are true, then two meshes must have different Mesh IDs: - Meshes will have their telemetry aggregated in one place - Meshes will be federated together - Policy will be written referencing one mesh from the other If an administrator expects that any of these conditions may become true in the future, they should ensure their meshes have different Mesh IDs assigned. Within a multicluster mesh, each cluster must be (manually or auto) configured to have the same Mesh ID value. If an existing cluster 'joins' a multicluster mesh, it will need to be migrated to the new mesh ID. Details of migration TBD, and it may be a disruptive operation to change the Mesh ID post-install. If the mesh admin does not specify a value, Istio will use the value of the mesh's Trust Domain. The best practice is to select a proper Trust Domain value.` |
-| `global.outboundTrafficPolicy.mode` | `ALLOW_ANY` |  |
-| `global.sds.enabled` | `false` | `SDS enabled. IF set to true, mTLS certificates for the sidecars will be distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates.` |
-| `global.sds.udsPath` | `""` |  |
-| `global.sds.token.aud` | `istio-ca` |  |
-| `global.meshNetworks` | `{}` |  |
-| `global.network` | `""` | `Network defines the network this cluster belong to. This name corresponds to the networks in the map of mesh networks.` |
-| `global.localityLbSetting.enabled` | `true` |  |
-| `global.enableHelmTest` | `false` | `Specifies whether helm test is enabled or not. This field is set to false by default, so 'helm template ...' will ignore the helm test yaml files when generating the template` |
-| `global.certificates` | `[]` |  |
-| `global.operatorManageWebhooks` | `false` | `Configure whether Operator manages webhook configurations. The current behavior of Galley and Sidecar Injector is that they manage their own webhook configurations. When this option is set as true, Istio Operator, instead of webhooks, manages the webhook configurations. When this option is set as false, webhooks manage their own webhook configurations.` |
-
-## `grafana` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `grafana.enabled` | `false` |  |
-| `grafana.replicaCount` | `1` |  |
-| `grafana.image.repository` | `grafana/grafana` |  |
-| `grafana.image.tag` | `6.4.3` |  |
-| `grafana.ingress.enabled` | `false` |  |
-| `grafana.ingress.hosts` | `grafana.local` | `Used to create an Ingress record.` |
-| `grafana.ingress.annotations` | `{}` |  |
-| `grafana.ingress.tls` | `[]` |  |
-| `grafana.persist` | `false` |  |
-| `grafana.storageClassName` | `""` |  |
-| `grafana.accessMode` | `ReadWriteMany` |  |
-| `grafana.security.enabled` | `false` |  |
-| `grafana.security.secretName` | `grafana` |  |
-| `grafana.security.usernameKey` | `username` |  |
-| `grafana.security.passphraseKey` | `passphrase` |  |
-| `grafana.nodeSelector` | `{}` |  |
-| `grafana.tolerations` | `[]` |  |
-| `grafana.env` | `{}` |  |
-| `grafana.envSecrets` | `{}` |  |
-| `grafana.podAntiAffinityLabelSelector` | `[]` |  |
-| `grafana.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `grafana.contextPath` | `/grafana` |  |
-| `grafana.service.annotations` | `{}` |  |
-| `grafana.service.name` | `http` |  |
-| `grafana.service.type` | `ClusterIP` |  |
-| `grafana.service.externalPort` | `3000` |  |
-| `grafana.service.loadBalancerSourceRanges` | `[]` |  |
-| `grafana.datasources.datasources.apiVersion` | `1` |  |
-| `grafana.datasources.datasources.datasources.type` | `prometheus` |  |
-| `grafana.datasources.datasources.datasources.type.orgId` | `1` |  |
-| `grafana.datasources.datasources.datasources.type.url` | `http://prometheus:9090` |  |
-| `grafana.datasources.datasources.datasources.type.access` | `proxy` |  |
-| `grafana.datasources.datasources.datasources.type.isDefault` | `true` |  |
-| `grafana.datasources.datasources.datasources.type.jsonData.timeInterval` | `5s` |  |
-| `grafana.datasources.datasources.datasources.type.editable` | `true` |  |
-| `grafana.dashboardProviders.dashboardproviders.apiVersion` | `1` |  |
-| `grafana.dashboardProviders.dashboardproviders.providers.orgId` | `1` |  |
-| `grafana.dashboardProviders.dashboardproviders.providers.orgId.folder` | `'istio'` |  |
-| `grafana.dashboardProviders.dashboardproviders.providers.orgId.type` | `file` |  |
-| `grafana.dashboardProviders.dashboardproviders.providers.orgId.disableDeletion` | `false` |  |
-| `grafana.dashboardProviders.dashboardproviders.providers.orgId.options.path` | `/var/lib/grafana/dashboards/istio` |  |
-
-## `istio_cni` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `istio_cni.enabled` | `false` |  |
-
-## `istiocoredns` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `istiocoredns.enabled` | `false` |  |
-| `istiocoredns.replicaCount` | `1` |  |
-| `istiocoredns.rollingMaxSurge` | `100%` |  |
-| `istiocoredns.rollingMaxUnavailable` | `25%` |  |
-| `istiocoredns.coreDNSImage` | `coredns/coredns` |  |
-| `istiocoredns.coreDNSTag` | `1.6.2` |  |
-| `istiocoredns.coreDNSPluginImage` | `istio/coredns-plugin:0.2-istio-1.1` |  |
-| `istiocoredns.nodeSelector` | `{}` |  |
-| `istiocoredns.tolerations` | `[]` |  |
-| `istiocoredns.podAnnotations` | `{}` |  |
-| `istiocoredns.podAntiAffinityLabelSelector` | `[]` |  |
-| `istiocoredns.podAntiAffinityTermLabelSelector` | `[]` |  |
-
-## `kiali` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `kiali.enabled` | `false` | `Note that if using the demo or demo-auth yaml when installing via Helm, this default will be true.` |
-| `kiali.replicaCount` | `1` |  |
-| `kiali.hub` | `quay.io/kiali` |  |
-| `kiali.image` | `kiali` |  |
-| `kiali.tag` | `v1.9` |  |
-| `kiali.contextPath` | `/kiali` | `The root context path to access the Kiali UI.` |
-| `kiali.nodeSelector` | `{}` |  |
-| `kiali.tolerations` | `[]` |  |
-| `kiali.podAnnotations` | `{}` |  |
-| `kiali.podAntiAffinityLabelSelector` | `[]` |  |
-| `kiali.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `kiali.ingress.enabled` | `false` |  |
-| `kiali.ingress.hosts` | `kiali.local` | `Used to create an Ingress record.` |
-| `kiali.ingress.annotations` | `{}` |  |
-| `kiali.dashboard.auth.strategy` | `login` | `Can be anonymous, login, openshift, or ldap` |
-| `kiali.dashboard.secretName` | `kiali` | `You must create a secret with this name - one is not provided out-of-box.` |
-| `kiali.dashboard.viewOnlyMode` | `false` | `Bind the service account to a role with only read access` |
-| `kiali.dashboard.grafanaURL` | `` | `If you have Grafana installed and it is accessible to client browsers, then set this to its external URL. Kiali will redirect users to this URL when Grafana metrics are to be shown.` |
-| `kiali.dashboard.grafanaInClusterURL` | `"http://grafana:3000"` | `In Kubernetes cluster with ELB in front this option is needed, since public IP of ELB is not reachable from inside the cluster` |
-| `kiali.dashboard.jaegerURL` | `` | `If you have Jaeger installed and it is accessible to client browsers, then set this property to its external URL. Kiali will redirect users to this URL when Jaeger tracing is to be shown.` |
-| `kiali.dashboard.jaegerInClusterURL` | `"http://tracing/jaeger"` | `If you have Jaeger installed and accessible from Kiali pod (typically in cluster), then set this property to enable more tracing charts within Kiali.` |
-| `kiali.prometheusAddr` | `http://prometheus:9090` |  |
-| `kiali.createDemoSecret` | `false` | `When true, a secret will be created with a default username and password. Useful for demos.` |
-| `kiali.security.enabled` | `false` |  |
-| `kiali.security.cert_file` | `/kiali-cert/cert-chain.pem` |  |
-| `kiali.security.private_key_file` | `/kiali-cert/key.pem` |  |
-
-## `mixer` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `mixer.image` | `mixer` |  |
-| `mixer.env.GOMAXPROCS` | `"6"` | `max procs should be ceil(cpu limit + 1)` |
-| `mixer.policy.enabled` | `false` | `if policy is enabled, global.disablePolicyChecks has affect.` |
-| `mixer.policy.replicaCount` | `1` |  |
-| `mixer.policy.autoscaleEnabled` | `true` |  |
-| `mixer.policy.autoscaleMin` | `1` |  |
-| `mixer.policy.autoscaleMax` | `5` |  |
-| `mixer.policy.cpu.targetAverageUtilization` | `80` |  |
-| `mixer.policy.rollingMaxSurge` | `100%` |  |
-| `mixer.policy.rollingMaxUnavailable` | `25%` |  |
-| `mixer.telemetry.enabled` | `true` |  |
-| `mixer.telemetry.replicaCount` | `1` |  |
-| `mixer.telemetry.autoscaleEnabled` | `true` |  |
-| `mixer.telemetry.autoscaleMin` | `1` |  |
-| `mixer.telemetry.autoscaleMax` | `5` |  |
-| `mixer.telemetry.cpu.targetAverageUtilization` | `80` |  |
-| `mixer.telemetry.rollingMaxSurge` | `100%` |  |
-| `mixer.telemetry.rollingMaxUnavailable` | `25%` |  |
-| `mixer.telemetry.sessionAffinityEnabled` | `false` |  |
-| `mixer.telemetry.loadshedding.mode` | `enforce` | `disabled, logonly or enforce` |
-| `mixer.telemetry.loadshedding.latencyThreshold` | `100ms` | `based on measurements 100ms p50 translates to p99 of under 1s. This is ok for telemetry which is inherently async.` |
-| `mixer.telemetry.resources.requests.cpu` | `1000m` |  |
-| `mixer.telemetry.resources.requests.memory` | `1G` |  |
-| `mixer.telemetry.resources.limits.cpu` | `4800m` | `It is best to do horizontal scaling of mixer using moderate cpu allocation. We have experimentally found that these values work well.` |
-| `mixer.telemetry.resources.limits.memory` | `4G` |  |
-| `mixer.telemetry.reportBatchMaxEntries` | `100` | `Set reportBatchMaxEntries to 0 to use the default batching behavior (i.e., every 100 requests). A positive value indicates the number of requests that are batched before telemetry data is sent to the mixer server` |
-| `mixer.telemetry.reportBatchMaxTime` | `1s` | `Set reportBatchMaxTime to 0 to use the default batching behavior (i.e., every 1 second). A positive time value indicates the maximum wait time since the last request will telemetry data be batched before being sent to the mixer server` |
-| `mixer.podAnnotations` | `{}` |  |
-| `mixer.nodeSelector` | `{}` |  |
-| `mixer.tolerations` | `[]` |  |
-| `mixer.podAntiAffinityLabelSelector` | `[]` |  |
-| `mixer.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `mixer.adapters.kubernetesenv.enabled` | `true` |  |
-| `mixer.adapters.stdio.enabled` | `false` |  |
-| `mixer.adapters.stdio.outputAsJson` | `true` |  |
-| `mixer.adapters.prometheus.enabled` | `true` |  |
-| `mixer.adapters.prometheus.metricsExpiryDuration` | `10m` |  |
-| `mixer.adapters.useAdapterCRDs` | `false` | `Setting this to false sets the useAdapterCRDs mixer startup argument to false` |
-
-## `nodeagent` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `nodeagent.enabled` | `false` |  |
-| `nodeagent.image` | `node-agent-k8s` |  |
-| `nodeagent.env.CA_PROVIDER` | `"Citadel"` | `name of authentication provider.` |
-| `nodeagent.env.CA_ADDR` | `"istio-citadel:8060"` | `CA endpoint.` |
-| `nodeagent.env.PLUGINS` | `""` | `names of authentication provider's plugins.` |
-| `nodeagent.env.VALID_TOKEN` | `true` |  |
-| `nodeagent.nodeSelector` | `{}` |  |
-| `nodeagent.tolerations` | `[]` |  |
-| `nodeagent.podAntiAffinityLabelSelector` | `[]` |  |
-| `nodeagent.podAntiAffinityTermLabelSelector` | `[]` |  |
-
-## `pilot` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `pilot.enabled` | `true` |  |
-| `pilot.autoscaleEnabled` | `true` |  |
-| `pilot.autoscaleMin` | `1` |  |
-| `pilot.autoscaleMax` | `5` |  |
-| `pilot.rollingMaxSurge` | `100%` |  |
-| `pilot.rollingMaxUnavailable` | `25%` |  |
-| `pilot.image` | `pilot` |  |
-| `pilot.sidecar` | `true` |  |
-| `pilot.traceSampling` | `1.0` |  |
-| `pilot.enableProtocolSniffingForOutbound` | `true` | `if protocol sniffing is enabled for outbound` |
-| `pilot.enableProtocolSniffingForInbound` | `false` | `if protocol sniffing is enabled for inbound` |
-| `pilot.resources.requests.cpu` | `500m` |  |
-| `pilot.resources.requests.memory` | `2048Mi` |  |
-| `pilot.env.PILOT_PUSH_THROTTLE` | `100` |  |
-| `pilot.cpu.targetAverageUtilization` | `80` |  |
-| `pilot.nodeSelector` | `{}` |  |
-| `pilot.tolerations` | `[]` |  |
-| `pilot.podAnnotations` | `{}` |  |
-| `pilot.podAntiAffinityLabelSelector` | `[]` |  |
-| `pilot.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `pilot.keepaliveMaxServerConnectionAge` | `30m` | `The following is used to limit how long a sidecar can be connected to a pilot. It balances out load across pilot instances at the cost of increasing system churn.` |
-
-## `prometheus` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `prometheus.enabled` | `true` |  |
-| `prometheus.replicaCount` | `1` |  |
-| `prometheus.hub` | `docker.io/prom` |  |
-| `prometheus.image` | `prometheus` |  |
-| `prometheus.tag` | `v2.12.0` |  |
-| `prometheus.retention` | `6h` |  |
-| `prometheus.nodeSelector` | `{}` |  |
-| `prometheus.tolerations` | `[]` |  |
-| `prometheus.podAntiAffinityLabelSelector` | `[]` |  |
-| `prometheus.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `prometheus.scrapeInterval` | `15s` | `Controls the frequency of prometheus scraping` |
-| `prometheus.contextPath` | `/prometheus` |  |
-| `prometheus.ingress.enabled` | `false` |  |
-| `prometheus.ingress.hosts` | `prometheus.local` | `Used to create an Ingress record.` |
-| `prometheus.service.annotations` | `{}` |  |
-| `prometheus.service.nodePort.enabled` | `false` |  |
-| `prometheus.service.nodePort.port` | `32090` |  |
-| `prometheus.security.enabled` | `true` |  |
-
-## `security` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `security.enabled` | `true` |  |
-| `security.replicaCount` | `1` |  |
-| `security.rollingMaxSurge` | `100%` |  |
-| `security.rollingMaxUnavailable` | `25%` |  |
-| `security.image` | `citadel` |  |
-| `security.selfSigned` | `true` | `indicate if self-signed CA is used.` |
-| `security.createMeshPolicy` | `true` |  |
-| `security.nodeSelector` | `{}` |  |
-| `security.tolerations` | `[]` |  |
-| `security.podAnnotations` | `{}` |  |
-| `security.citadelHealthCheck` | `false` |  |
-| `security.workloadCertTtl` | `2160h` | `90*24hour = 2160h` |
-| `security.env` | `{}` | `Environment variables that configure Citadel.` |
-| `security.enableNamespacesByDefault` | `true` | `Determines Citadel default behavior if the ca.istio.io/env or ca.istio.io/override labels are not found on a given namespace. For example: consider a namespace called "target", which has neither the "ca.istio.io/env" nor the "ca.istio.io/override" namespace labels. To decide whether or not to generate secrets for service accounts created in this "target" namespace, Citadel will defer to this option. If the value of this option is "true" in this case, secrets will be generated for the "target" namespace. If the value of this option is "false" Citadel will not generate secrets upon service account creation.` |
-| `security.podAntiAffinityLabelSelector` | `[]` |  |
-| `security.podAntiAffinityTermLabelSelector` | `[]` |  |
-
-## `sidecarInjectorWebhook` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `sidecarInjectorWebhook.enabled` | `true` |  |
-| `sidecarInjectorWebhook.replicaCount` | `1` |  |
-| `sidecarInjectorWebhook.rollingMaxSurge` | `100%` |  |
-| `sidecarInjectorWebhook.rollingMaxUnavailable` | `25%` |  |
-| `sidecarInjectorWebhook.image` | `sidecar_injector` |  |
-| `sidecarInjectorWebhook.enableNamespacesByDefault` | `false` |  |
-| `sidecarInjectorWebhook.nodeSelector` | `{}` |  |
-| `sidecarInjectorWebhook.tolerations` | `[]` |  |
-| `sidecarInjectorWebhook.podAnnotations` | `{}` |  |
-| `sidecarInjectorWebhook.podAntiAffinityLabelSelector` | `[]` |  |
-| `sidecarInjectorWebhook.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `sidecarInjectorWebhook.rewriteAppHTTPProbe` | `false` | `If true, webhook or istioctl injector will rewrite PodSpec for liveness health check to redirect request to sidecar. This makes liveness check work even when mTLS is enabled.` |
-| `sidecarInjectorWebhook.neverInjectSelector` | `[]` | `You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or always skip the injection on pods that match that label selector, regardless of the global policy. See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/more-control-adding-exceptions` |
-| `sidecarInjectorWebhook.alwaysInjectSelector` | `[]` |  |
-| `sidecarInjectorWebhook.injectedAnnotations` | `{}` |  |
-
-## `tracing` options
-
-| Key | Default Value | Description |
-| --- | --- | --- |
-| `tracing.enabled` | `false` |  |
-| `tracing.provider` | `jaeger` |  |
-| `tracing.nodeSelector` | `{}` |  |
-| `tracing.tolerations` | `[]` |  |
-| `tracing.podAntiAffinityLabelSelector` | `[]` |  |
-| `tracing.podAntiAffinityTermLabelSelector` | `[]` |  |
-| `tracing.jaeger.hub` | `docker.io/jaegertracing` |  |
-| `tracing.jaeger.image` | `all-in-one` |  |
-| `tracing.jaeger.tag` | `1.16` |  |
-| `tracing.jaeger.podAnnotations` | `{}` |  |
-| `tracing.jaeger.memory.max_traces` | `50000` |  |
-| `tracing.jaeger.spanStorageType` | `badger` | `spanStorageType value can be "memory" and "badger" for all-in-one image` |
-| `tracing.jaeger.persist` | `false` |  |
-| `tracing.jaeger.storageClassName` | `""` |  |
-| `tracing.jaeger.accessMode` | `ReadWriteMany` |  |
-| `tracing.zipkin.hub` | `docker.io/openzipkin` |  |
-| `tracing.zipkin.image` | `zipkin` |  |
-| `tracing.zipkin.tag` | `2.14.2` |  |
-| `tracing.zipkin.podAnnotations` | `{}` |  |
-| `tracing.zipkin.probeStartupDelay` | `200` |  |
-| `tracing.zipkin.queryPort` | `9411` |  |
-| `tracing.zipkin.resources.limits.cpu` | `300m` |  |
-| `tracing.zipkin.resources.limits.memory` | `900Mi` |  |
-| `tracing.zipkin.resources.requests.cpu` | `150m` |  |
-| `tracing.zipkin.resources.requests.memory` | `900Mi` |  |
-| `tracing.zipkin.javaOptsHeap` | `700` |  |
-| `tracing.zipkin.maxSpans` | `500000` |  |
-| `tracing.zipkin.node.cpus` | `2` |  |
-| `tracing.service.annotations` | `{}` |  |
-| `tracing.service.name` | `http` |  |
-| `tracing.service.type` | `ClusterIP` |  |
-| `tracing.service.externalPort` | `80` |  |
-| `tracing.ingress.enabled` | `false` |  |
-
-<!-- AUTO-GENERATED-END -->
diff --git a/content/en/docs/reference/config/policy-and-telemetry/mixer-overview/index.md b/content/en/docs/reference/config/policy-and-telemetry/mixer-overview/index.md
index d699fb542f..6d72bd61e3 100644
--- a/content/en/docs/reference/config/policy-and-telemetry/mixer-overview/index.md
+++ b/content/en/docs/reference/config/policy-and-telemetry/mixer-overview/index.md
@@ -43,7 +43,7 @@ At a high level, Mixer provides:
 
 Policy enforcement and telemetry collection are entirely driven from configuration.
 Policy check is disabled by default, avoiding the need to go through the Mixer policy component.
-Refer to [Installation Options](/docs/reference/config/installation-options/) for more information.
+Refer to [Installation Options](https://archive.istio.io/v1.4/docs/reference/config/installation-options/) for more information.
 
 ## Adapters
 
diff --git a/content/en/docs/setup/install/istioctl/index.md b/content/en/docs/setup/install/istioctl/index.md
index 4266c76d84..b09980d6bb 100644
--- a/content/en/docs/setup/install/istioctl/index.md
+++ b/content/en/docs/setup/install/istioctl/index.md
@@ -274,7 +274,7 @@ $ istioctl manifest apply -f samples/operator/pilot-k8s.yaml
 {{< /text >}}
 
 {{< tip >}}
-For backwards compatibility, the previous [Helm installation options](/docs/reference/config/installation-options/), with the exception of Kubernetes resource settings,
+For backwards compatibility, the previous [Helm installation options](https://archive.istio.io/v1.4/docs/reference/config/installation-options/), with the exception of Kubernetes resource settings,
 are also fully supported. To set them on the command line, prepend the option name with "`values.`".
 For example, the following command overrides the `pilot.traceSampling` Helm configuration option:
 
@@ -505,7 +505,7 @@ $ istioctl manifest apply -f samples/operator/pilot-k8s.yaml
 
 ### Customize Istio settings using the Helm API
 
-The `IstioOperator` API includes a pass-through interface to the [Helm API](/docs/reference/config/installation-options/)
+The `IstioOperator` API includes a pass-through interface to the [Helm API](https://archive.istio.io/v1.4/docs/reference/config/installation-options/)
 using the `values` field.
 
 The following YAML file configures global and Pilot settings through the Helm API:
diff --git a/content/en/docs/tasks/observability/logs/access-log/index.md b/content/en/docs/tasks/observability/logs/access-log/index.md
index 4340b6a83c..5b8fe2fffb 100644
--- a/content/en/docs/tasks/observability/logs/access-log/index.md
+++ b/content/en/docs/tasks/observability/logs/access-log/index.md
@@ -48,7 +48,7 @@ You may also want to customize the
 [format](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log#format-rules) of the access log by editing `accessLogFormat`.
 
 {{< tip >}}
-All three of these parameters may also be configured via [install options](/docs/reference/config/installation-options/):
+All three of these parameters may also be configured via [install options](https://archive.istio.io/v1.4/docs/reference/config/installation-options/):
 {{< /tip >}}
 
 * `values.global.proxy.accessLogFile`
diff --git a/content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md b/content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
index 096ec33d8d..f601f27763 100644
--- a/content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
+++ b/content/en/docs/tasks/observability/metrics/using-istio-dashboard/index.md
@@ -17,7 +17,7 @@ the example application throughout this task.
 
 ## Before you begin
 
-* [Install Istio](/docs/setup) in your cluster. If not enabled in your chosen configuration profile, enable the Grafana addon `--set values.grafana.enabled=true` [option](/docs/reference/config/installation-options/).
+* [Install Istio](/docs/setup) in your cluster. If not enabled in your chosen configuration profile, enable the Grafana addon `--set values.grafana.enabled=true` [option](https://archive.istio.io/v1.4/docs/reference/config/installation-options/).
 * Deploy [Bookinfo](/docs/examples/bookinfo/) application.
 
 ## Viewing the Istio dashboard
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
index 53c7be270b..c4209cde3e 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
@@ -51,7 +51,7 @@ This task shows you how to access external services in three different ways:
 
 ## Envoy passthrough to external services
 
-Istio has an [installation option](/docs/reference/config/installation-options/),
+Istio has an [installation option](https://archive.istio.io/v1.4/docs/reference/config/installation-options/),
 `global.outboundTrafficPolicy.mode`, that configures the sidecar handling
 of external services, that is, those services that are not defined in Istio's internal service registry.
 If this option is set to `ALLOW_ANY`, the Istio proxy lets calls to unknown services pass through.
@@ -294,7 +294,7 @@ If you want to completely bypass Istio for a specific IP range,
 you can configure the Envoy sidecars to prevent them from
 [intercepting](/docs/concepts/traffic-management/)
 external requests. To set up the bypass, change either the `global.proxy.includeIPRanges`
-or the `global.proxy.excludeIPRanges` [configuration option](/docs/reference/config/installation-options/) and
+or the `global.proxy.excludeIPRanges` [configuration option](https://archive.istio.io/v1.4/docs/reference/config/installation-options/) and
 update the `istio-sidecar-injector` configuration map using the `kubectl apply` command. This can also
 be configured on a pod by setting corresponding [annotations](/docs/reference/config/annotations/) such as
 `traffic.sidecar.istio.io/includeOutboundIPRanges`.
diff --git a/content/en/news/releases/1.2.x/announcing-1.2/change-notes/index.md b/content/en/news/releases/1.2.x/announcing-1.2/change-notes/index.md
index 00275f606b..9b4ac92c95 100644
--- a/content/en/news/releases/1.2.x/announcing-1.2/change-notes/index.md
+++ b/content/en/news/releases/1.2.x/announcing-1.2/change-notes/index.md
@@ -14,10 +14,10 @@ aliases:
 ## Traffic management
 
 - **Improved** [locality based routing](/docs/ops/configuration/traffic-management/locality-load-balancing/) in multicluster environments.
-- **Improved** outbound traffic policy in [`ALLOW_ANY` mode](/docs/reference/config/installation-options/#global-options). Traffic for unknown HTTP/HTTPS hosts on an existing port will be [forwarded as is](/docs/tasks/traffic-management/egress/egress-control/#envoy-passthrough-to-external-services). Unknown traffic will be logged in Envoy access logs.
+- **Improved** outbound traffic policy in [`ALLOW_ANY` mode](https://archive.istio.io/v1.2/docs/reference/config/installation-options/#global-options). Traffic for unknown HTTP/HTTPS hosts on an existing port will be [forwarded as is](/docs/tasks/traffic-management/egress/egress-control/#envoy-passthrough-to-external-services). Unknown traffic will be logged in Envoy access logs.
 - **Added** support for setting HTTP idle timeouts to upstream services.
 - **Improved** Sidecar support for [NONE mode](/docs/reference/config/networking/sidecar/#CaptureMode) (without iptables) .
-- **Added** ability to configure the [DNS refresh rate](/docs/reference/config/installation-options/#global-options) for sidecar Envoys, to reduce the load on the DNS servers.
+- **Added** ability to configure the [DNS refresh rate](https://archive.istio.io/v1.2/docs/reference/config/installation-options/#global-options) for sidecar Envoys, to reduce the load on the DNS servers.
 - **Graduated** [Sidecar API](/docs/reference/config/networking/sidecar/) from Alpha to Alpha API and Beta runtime.
 
 ## Security
@@ -55,7 +55,7 @@ aliases:
 - **Added** pod [anti-affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) and [toleration](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) support to all of our control plane components.
 - **Added** `sidecarInjectorWebhook.neverInjectSelector` and `sidecarInjectorWebhook.alwaysInjectSelector` to allow users to further refine whether workloads should have sidecar automatically injected or not, based on label selectors.
 - **Added** `global.logging.level` and `global.proxy.logLevel` to allow users to easily configure logs for control plane and data plane components globally.
-- **Added** support to configure the Datadog location via [`global.tracer.datadog.address`](/docs/reference/config/installation-options/#global-options).
+- **Added** support to configure the Datadog location via [`global.tracer.datadog.address`](https://archive.istio.io/v1.2/docs/reference/config/installation-options/#global-options).
 - **Removed** Previously [deprecated]( https://discuss.istio.io/t/deprecation-notice-custom-mixer-adapter-crds/2055) Adapter and Template CRDs are disabled by default. Use  `mixer.templates.useTemplateCRDs=true` and `mixer.adapters.useAdapterCRDs=true` install options to re-enable them.
 
 Refer to the [installation option change page](/news/releases/1.2.x/announcing-1.2/helm-changes/) to view the complete list of changes.
diff --git a/content/en/news/security/istio-security-2019-006/index.md b/content/en/news/security/istio-security-2019-006/index.md
index 5ab77d4d16..a850656a6e 100644
--- a/content/en/news/security/istio-security-2019-006/index.md
+++ b/content/en/news/security/istio-security-2019-006/index.md
@@ -25,7 +25,7 @@ Both Istio gateways and sidecars are vulnerable to this issue. If you are runnin
 
 ## Mitigation
 
-* Workaround: The exploitation of that vulnerability can be prevented by customizing Istio installation (as described in [installation options](/docs/reference/config/installation-options/#pilot-options) ), using Helm to override the following options:
+* Workaround: The exploitation of that vulnerability can be prevented by customizing Istio installation (as described in [installation options](https://archive.istio.io/v1.3/docs/reference/config/installation-options/#pilot-options) ), using Helm to override the following options:
 
     {{< text plain >}}
     --set pilot.env.PILOT_INBOUND_PROTOCOL_DETECTION_TIMEOUT=0s --set global.proxy.protocolDetectionTimeout=0s
diff --git a/scripts/tablegen.py b/scripts/tablegen.py
deleted file mode 100755
index 74bdc0676b..0000000000
--- a/scripts/tablegen.py
+++ /dev/null
@@ -1,372 +0,0 @@
-#!/usr/bin/python
-
-# Copyright Istio Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import collections
-import linecache
-import requests
-import string
-import sys
-import os
-import re
-
-from ruamel import yaml
-
-#
-# This script generates the installation options from the helm charts
-# for the current release (by parsing the values.yaml files under the
-# charts and subcharts directory).
-#
-
-#
-# Reads a documented Helm values.yaml file and produces a
-# MD formatted table.  pip install ruamel to obtain the proper
-# YAML decoder.  ruamel maintains ordering and comments.  The
-# comments are needed in order to decode the commented helm
-# values.yaml file
-#
-ISTIO_CONFIG_DIR = "install/kubernetes/helm/istio"
-YAML_CONFIG_DIR = ISTIO_CONFIG_DIR + "/charts"
-VALUES_YAML = "values.yaml"
-CONFIG_INDEX_DIR = "content/en/docs/reference/config/installation-options/index.md"
-ISTIO_REPO = "https://github.com/istio/istio.git@master"
-ISTIO_LOCAL_REPO = "istio-repo"
-
-
-def downloadIstioRepo():
-    repoInfo = ISTIO_REPO.split('@')
-    repo_url = repoInfo[0]
-    repo_release = repoInfo[1]
-    curl_command = "git clone --depth=1 -q -b %s %s %s"
-    status = os.system(curl_command % (repo_release, repo_url, ISTIO_LOCAL_REPO))
-    if status != 0:
-        print("An error occured trying to clone Istio repo for release: %s." % releaseName)
-        exit()
-
-
-def deleteIstioRepo():
-    os.system("rm -rf %s" % ISTIO_LOCAL_REPO)
-
-
-def endOfTheList(context, lineNum, lastLineNum, totalNum):
-    flag = 0
-    valueList = []
-    nextLineNum = lineNum + 1
-    currentLine = context[lastLineNum]
-    whitespaces = (len(currentLine) - len(currentLine.lstrip())) / 2
-
-    if lineNum != lastLineNum:
-        return False, valueList
-
-    for nextLineNum in range(lineNum + 1, totalNum):
-        nextLine = context[nextLineNum]
-
-        if len(nextLine.lstrip()) != 0 and '#' != nextLine.lstrip()[0] and ':' in nextLine:
-            if whitespaces >= (len(nextLine) - len(nextLine.lstrip())) / 2:
-                if flag == 0:
-                    valueList.append(currentLine.split(':', 1)[1].strip())
-                return True, valueList
-            else:
-                return True, valueList
-        elif len(nextLine.lstrip()) != 0 and '#' != nextLine.lstrip()[0] and ':' not in nextLine and len(nextLine.strip()) != 0:
-            value = nextLine.replace(' ', '')
-            valueList.append(value.lstrip('-').strip())
-            flag += 1
-        nextLineNum += 1
-
-    if lastLineNum == totalNum - 1 and len(currentLine.lstrip()) != 0 and '#' != currentLine.lstrip()[0]:
-        valueList.append(currentLine.split(':', 1)[1].strip())
-
-    return True, valueList
-
-
-prdict = collections.defaultdict(list)
-
-
-def decode_helm_yaml(s):
-    ret_val = ''
-    #
-    # Iterate through all the directories under /istio/install/kubernetes/helm/subcharts
-    # and process the configuration options from the respective values.yaml. The
-    # configuration option name is the name of the directory that contains values.yaml.
-    # This name will be passed in to the the function process_helm_yaml
-    #
-    subchart_dir = os.path.join(ISTIO_LOCAL_REPO, YAML_CONFIG_DIR)
-    for cfile in os.listdir(subchart_dir):
-        values_yaml_dir = os.path.join(subchart_dir, cfile)
-        values_yaml_file = os.path.join(values_yaml_dir, VALUES_YAML)
-        process_helm_yaml(values_yaml_file, cfile)
-
-    #
-    # Process configuration options in values.yaml under istio/install/kubernetes/helm/istio.
-    # The configuration option names are present in the values.yaml, hence we do not need to
-    # pass it to process_helm_yaml.
-    #
-    istio_yaml_config_dir = os.path.join(ISTIO_LOCAL_REPO, ISTIO_CONFIG_DIR)
-    values_yaml_file = os.path.join(istio_yaml_config_dir, VALUES_YAML)
-    process_helm_yaml(values_yaml_file, '')
-
-    return ret_val
-
-
-def process_helm_yaml(values_yaml, option):
-    ret_val = ''
-    storekey = ''
-    desc = ''
-    newkey = ''
-    whitespaces = 0
-    flag = 0
-    lineNum = 0
-    newConfigList = []
-    loaded = None
-
-    context = linecache.getlines(values_yaml)
-    totalNum = len(context)
-    lastLineNum = 0
-    key = option
-
-    count = 0
-    with open(values_yaml, 'r') as f_v:
-        d_v = f_v.read()
-        loaded = yaml.round_trip_load(d_v)
-
-    for lineNum in range(0, totalNum):
-        if context[lineNum].strip().startswith('- '):
-            pass
-        elif '#' in context[lineNum] and '#' == context[lineNum].lstrip()[0]:
-            if "Description: " in context[lineNum]:
-                desc = context[lineNum].strip()
-        elif ':' in context[lineNum] and '#' != context[lineNum].lstrip()[0]:
-            lastLineNum = lineNum
-            if flag == 1:
-                whitespaces = (len(context[lineNum]) - len(context[lineNum].lstrip())) / 2
-                periods = key.count('.')
-                if (option == ''):
-                    while (whitespaces <= periods):
-                        key = key.rstrip(string.ascii_letters[::-1] + string.digits + '_' + '-' + '/').rstrip('.')
-                        whitespaces += 1
-                else:
-                    while (whitespaces < periods):
-                        key = key.rstrip(string.ascii_letters[::-1] + string.digits + '_' + '-' + '/').rstrip('.')
-                        whitespaces += 1
-                    flag = 0
-
-            key = key + '.' + context[lineNum].split(':', 1)[0].strip()
-            isEnd, ValueList = endOfTheList(context, lineNum, lastLineNum, totalNum)
-            if isEnd:
-                flag = 1
-
-        storekey = key
-        sk = storekey.split('.', 2)
-        if len(sk) > 1:
-            storekey = '.'.join(sk[:1]).lstrip('.')
-        else:
-            storekey = '.'.join(sk[:0]).lstrip('.')
-
-        #
-        # If we are processing the configurations options within the values.yaml under istio,
-        # if the options have already been processed (from the subcharts directory), then we
-        # do not want to process it again. If the configuration option has not been processed
-        # before, then it is a new configuration option which needs to be processed (for e.g,
-        # global, istiocoredns)
-        #
-        # option == '' - This condition means that we are looking at the values.yaml under the
-        #                istio directory. Hence, the configuration option names will be inside
-        #                the values.yaml file. (On the other hand, for the values.yaml file under
-        #                the subcharts directory, we get the name of the configuration option
-        #                from the name of the directories under the subcharts directory.)
-        # newConfigList - This list is used to track configuration options in istio/values.yaml
-        #                that haven't been processed before (or that does not have a corresponding
-        #                directory under subcharts directory with values.yaml. E.g: global,
-        #                istiocoredns)
-        #
-        # This first condition checks that if this is the values.yaml file under istio directory,
-        # and the configuration option to process (storekey) has not already been processed (this
-        # conditions: "prdict.get(storekey) != None and (storekey in newConfigList)" together
-        # makes sure that the condition where some parameters for a new configuration option like
-        # 'global' has been processed and entered into the dictionary 'prdict' is still processed
-        # because it is in the newConfigList. If a configuration option was processed from
-        # the values.yaml under the subcharts directory, it will not be in the newConfigList.
-        # subcharts directory), then go ahead and process the parameters for this option.
-        #
-        if option == '' and prdict.get(storekey) is not None and (storekey in newConfigList):
-            pass
-        #
-        # This second condition checks if this is the values.yaml file under istio directory, and
-        # the configuration option to process (storekey) has not been processed (this could
-        # happen the first time we read a configuration option from the istio/values.yaml file),
-        # then add this configuration option to the newConfigList to mark it as an option that
-        # needs to be processed.
-        #
-        elif option == '' and prdict.get(storekey) is None:
-            newConfigList.append(storekey)
-        #
-        # This third condition checks if this is the values.yaml file under istio directory,
-        # and the configuration option to process (storekey) has already been processed and if
-        # this is not a new configuration option, (this could happen if we have already
-        # processed the corresponding values.yaml under the subcharts directory), then ignore
-        # this configuration option and do not process the values in this file.
-        #
-        elif option == '' and prdict.get(storekey) is not None:
-            continue
-
-        if len(context[lastLineNum].lstrip()) != 0 and '#' != context[lastLineNum].lstrip()[0]:
-            isEnd, ValueList = endOfTheList(context, lineNum, lastLineNum, totalNum)
-
-            if (isEnd):
-                flag = 1
-                keysplit = key.split('.')
-                for kv in keysplit:
-                    if kv != '':
-                        newkey = newkey + '.' + kv
-
-                newkey = newkey.lstrip('.')
-
-                # Filling Description Fields
-                if ("." in newkey):
-                    plist = newkey.split('.')
-                    da = None
-                    for item in plist:
-                        desc = ''
-                        # If this is the same as the configuration option name, then
-                        # continue to the next key in the list
-                        if item.rstrip() == option.rstrip():
-                            continue
-                        if da is None:
-                            if loaded.ca.items:
-                                if item in loaded.ca.items:
-                                    desc = processComments(loaded.ca.items[item])
-                            da = loaded[item]
-                        elif isinstance(da, dict):
-                            if item in da.keys()[0]:
-                                commentTokens = da.ca.comment
-                                if commentTokens is not None:
-                                    desc = processComments(commentTokens)
-
-                            if da.ca.items:
-                                if item in da.ca.items:
-                                    desc = desc + processComments(da.ca.items[item])
-                                da = da[item]
-                            else:
-                                if item in da.keys():
-                                    da = da.get(item)
-                                else:
-                                    da = da.values()[0]
-
-                ValueStr = (' ').join(ValueList)
-                if ValueStr:
-                    if (desc in ValueStr):
-                        ValueStr = ValueStr.replace("#" + desc, "")
-                        desc = desc.replace('`', '')
-                    desc = sanitizeValueStr(desc)
-                    if desc.strip():
-                        desc = '`' + desc.strip() + '`'
-                    prdict[storekey].append("| `%s` | `%s` | %s |" % (newkey, ValueStr.rstrip(), desc))
-                desc = ''
-
-                key = newkey
-                newkey = ''
-
-        lineNum += 1
-    return ret_val
-
-
-def processComments(comments):
-    description = ''
-    for c in comments:
-        if c is None:
-            pass
-        elif isinstance(c, list):
-            for comment in c:
-                if (comment is None):
-                    pass
-                else:
-                    # We want to avoid including commented out key: value pairs in the values.yaml as
-                    # part of the description/comments. For example:
-                    #    # minAvailable: 1
-                    #    # maxUnavailable: 1
-                    #    # - secretName: grafana-tls
-                    #    sessionAffinityEnabled: false
-                    # We do not want the commented out key-value pairs (minAvailable,maxUnavailable, secretName)
-                    # to be included as part of the description for 'sessionAffinityEnabled'
-                    #
-                    pattern = re.compile(r"#\s[-\s]*[\S]+:(?:\s(?!\S+:)\S+)*")
-                    groups = pattern.match(comment.value)
-                    if groups:
-                        description = ''
-                        break
-                    if comment.value.endswith('\n\n'):
-                        description = ''
-                    else:
-                        if comment.value.rstrip() == '#':
-                            continue
-                        else:
-                            description = description + comment.value.replace('`', '').replace("#", '').rstrip()
-        elif isinstance(c, yaml.Token):
-            description = description + c.value.rstrip().replace("#", '')
-
-    return description
-
-
-def sanitizeValueStr(value):
-    # We can include more special characters later if they need to
-    # be escaped. For now just including the 'pipe' symbol appearing
-    # in the value of a configuration option.
-    # e.g: | `global.tracer.lightstep.secure` | `true     # example: true\|false` |  |
-    #
-    # Without escaping the 'pipe' character, it was interpreting it as the end/start
-    # of table column. Using the example above, without escaping the pipe symbol, it
-    # was interpreting it as:
-    # | `global.tracer.lightstep.secure` | `true   # example: true |false` |  |
-    #
-    regex = re.compile(r"\|")
-    if value is not None and regex.search(value) is not None:
-        value = value.replace("|", r"\|")
-    return value
-
-
-downloadIstioRepo()
-
-# transform values.yaml into a encoded string dictionary
-pyaml = yaml.YAML()
-pyaml.explicit_start = True
-pyaml.dump('', sys.stdout, transform=decode_helm_yaml)
-
-# Order the encoded string dictionary
-od = collections.OrderedDict(sorted(prdict.items(), key=lambda t: t[0]))
-indexFile = open(CONFIG_INDEX_DIR, 'r+')
-meta = ""
-for d in indexFile:
-    meta = meta + d
-    if "<!-- AUTO-GENERATED-START -->" in d:
-        break
-
-indexFile.seek(0)
-indexFile.write(meta)
-
-# Print encoded string dictionary
-for k, v in od.items():
-    indexFile.write("## `%s` options\n" % k)
-    indexFile.write('\n| Key | Default Value | Description |\n')
-    indexFile.write('| --- | --- | --- |\n')
-    for value in v:
-        indexFile.write('%s\n' % (value))
-    indexFile.write('\n')
-
-indexFile.write("\n<!-- AUTO-GENERATED-END -->\n")
-indexFile.truncate()
-indexFile.close()
-
-deleteIstioRepo()
diff --git a/scripts/tablegen_diff.py b/scripts/tablegen_diff.py
deleted file mode 100755
index 52d8a4847f..0000000000
--- a/scripts/tablegen_diff.py
+++ /dev/null
@@ -1,615 +0,0 @@
-#!/usr/bin/python
-
-# Copyright Istio Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import collections
-import linecache
-import string
-import sys
-import os
-import re
-import requests
-
-from ruamel import yaml
-
-#
-# This script generates the installation option differences between the
-# current release and the previous release. It generates the index.md content for
-# the current release from the values.yaml files under the charts and subcharts
-# directory and compares the configuration options against the index.md from
-# the previous release (It gets the previous release version from the github api:
-# https://api.github.com/repos/istio/istio/branches).
-#
-
-#
-# Reads a documented Helm values.yaml file and produces a
-# MD formatted table.  pip install ruamel to obtain the proper
-# YAML decoder.  ruamel maintains ordering and comments.  The
-# comments are needed in order to decode the commented helm
-# values.yaml file
-#
-ISTIO_CONFIG_DIR = "istio/install/kubernetes/helm/istio"
-YAML_CONFIG_DIR = ISTIO_CONFIG_DIR + "/charts"
-VALUES_YAML = "values.yaml"
-ISTIO_IO_DIR = os.path.abspath(__file__ + "/../../")
-CONFIG_INDEX_DIR = "content/en/docs/reference/config/installation-options/index.md"
-CONFIG_INDEX_DIFF_DIR = "content/en/docs/reference/config/installation-options-changes/index.md"
-CONFIG_IGNORE_LIST = ["global.hub"]
-
-
-def endOfTheList(context, lineNum, lastLineNum, totalNum):
-    flag = 0
-    valueList = []
-    nextLineNum = lineNum + 1
-    currentLine = context[lastLineNum]
-    whitespaces = (len(currentLine) - len(currentLine.lstrip())) / 2
-
-    if lineNum != lastLineNum:
-        return False, valueList
-
-    for nextLineNum in range(lineNum + 1, totalNum):
-        nextLine = context[nextLineNum]
-
-        if len(nextLine.lstrip()) != 0 and '#' != nextLine.lstrip()[0] and ':' in nextLine:
-            if whitespaces >= (len(nextLine) - len(nextLine.lstrip())) / 2:
-                if flag == 0:
-                    valueList.append(currentLine.split(':', 1)[1].strip())
-                return True, valueList
-            else:
-                return True, valueList
-        elif len(nextLine.lstrip()) != 0 and '#' != nextLine.lstrip()[0] and ':' not in nextLine and len(nextLine.strip()) != 0:
-            value = nextLine.replace(' ', '')
-            valueList.append(value.lstrip('-').strip())
-            flag += 1
-        nextLineNum += 1
-
-    if lastLineNum == totalNum - 1 and len(currentLine.lstrip()) != 0 and '#' != currentLine.lstrip()[0]:
-        valueList.append(currentLine.split(':', 1)[1].strip())
-
-    return True, valueList
-
-
-# ordered dictionary to store the configuration options for the subcomponents of Istio. This
-# will be used to populate a new index.md
-prdict = collections.defaultdict(list)
-# ordered dictionary to store the differences of configuration options between the new
-# index.md and the previous version (i.e, configurations options already listed in the index.md).
-od_diff = collections.defaultdict(list)
-od_diff_new = collections.defaultdict(list)
-od_diff_removed = collections.defaultdict(list)
-od_diff_unchanged = collections.defaultdict(list)
-
-
-def decode_helm_yaml(s):
-    ret_val = ''
-    #
-    # Iterate through all the directories under /istio/install/kubernetes/heml/subcharts
-    # and process the configuration options from the respective values.yaml. The
-    # configuration option name is the name of the directory that contains values.yaml.
-    # This name will be passed in to the the function process_helm_yaml
-    #
-    subchart_dir = os.path.join(ISTIO_IO_DIR, YAML_CONFIG_DIR)
-    for cfile in os.listdir(subchart_dir):
-        values_yaml_dir = os.path.join(subchart_dir, cfile)
-        values_yaml_file = os.path.join(values_yaml_dir, VALUES_YAML)
-        process_helm_yaml(values_yaml_file, cfile)
-
-    #
-    # Process configuration options in values.yaml under istio/install/kubernetes/helm/istio.
-    # The configuration option names are present in the values.yaml, hence we do not need to
-    # pass it to process_helm_yaml.
-    #
-    istio_yaml_config_dir = os.path.join(ISTIO_IO_DIR, ISTIO_CONFIG_DIR)
-    values_yaml_file = os.path.join(istio_yaml_config_dir, VALUES_YAML)
-    process_helm_yaml(values_yaml_file, '')
-
-    return ret_val
-
-
-def process_helm_yaml(values_yaml, option):
-    ret_val = ''
-    storekey = ''
-    desc = ''
-    newkey = ''
-    whitespaces = 0
-    flag = 0
-    lineNum = 0
-    newConfigList = []
-    loaded = None
-
-    context = linecache.getlines(values_yaml)
-    totalNum = len(context)
-    lastLineNum = 0
-    key = option
-
-    count = 0
-    with open(values_yaml, 'r') as f_v:
-        d_v = f_v.read()
-        loaded = yaml.round_trip_load(d_v)
-
-    for lineNum in range(0, totalNum):
-        if context[lineNum].strip().startswith('- '):
-            pass
-        elif '#' in context[lineNum] and '#' == context[lineNum].lstrip()[0]:
-            if "Description: " in context[lineNum]:
-                desc = context[lineNum].strip()
-        elif ':' in context[lineNum] and '#' != context[lineNum].lstrip()[0]:
-            lastLineNum = lineNum
-            if flag == 1:
-                whitespaces = (len(context[lineNum]) - len(context[lineNum].lstrip())) / 2
-                periods = key.count('.')
-                if (option == ''):
-                    while (whitespaces <= periods):
-                        key = key.rstrip(string.ascii_letters[::-1] + string.digits + '_' + '-' + '/').rstrip('.')
-                        whitespaces += 1
-                else:
-                    while (whitespaces < periods):
-                        key = key.rstrip(string.ascii_letters[::-1] + string.digits + '_' + '-' + '/').rstrip('.')
-                        whitespaces += 1
-                    flag = 0
-
-            key = key + '.' + context[lineNum].split(':', 1)[0].strip()
-            isEnd, ValueList = endOfTheList(context, lineNum, lastLineNum, totalNum)
-            if isEnd:
-                flag = 1
-
-        storekey = key
-        sk = storekey.split('.', 2)
-        if len(sk) > 1:
-            storekey = '.'.join(sk[:1]).lstrip('.')
-        else:
-            storekey = '.'.join(sk[:0]).lstrip('.')
-
-        #
-        # If we are processing the configurations options within the values.yaml under istio,
-        # if the options have already been processed (from the subcharts directory), then we
-        # do not want to process it again. If the configuration option has not been processed
-        # before, then it is a new configuration option which needs to be processed (for e.g,
-        # global, istiocoredns)
-        #
-        # option == '' - This condition means that we are looking at the values.yaml under the
-        #                istio directory. Hence, the configuration option names will be inside
-        #                the values.yaml file. (On the other hand, for the values.yaml file under
-        #                the subcharts directory, we get the name of the configuration option
-        #                from the name of the directories under the subcharts directory.)
-        # newConfigList - This list is used to track configuration options in istio/values.yaml
-        #                that haven't been processed before (or that does not have a corresponding
-        #                directory under subcharts directory with values.yaml. E.g: global,
-        #                istiocoredns)
-        #
-        # This first condition checks that if this is the values.yaml file under istio directory,
-        # and the configuration option to process (storekey) has not already been processed (this
-        # conditions: "prdict.get(storekey) != None and (storekey in newConfigList)" together
-        # makes sure that the condition where some parameters for a new configuration option like
-        # 'global' has been processed and entered into the dictionary 'prdict' is still processed
-        # because it is in the newConfigList. If a configuration option was processed from
-        # the values.yaml under the subcharts directory, it will not be in the newConfigList.
-        # subcharts directory), then go ahead and process the parameters for this option.
-        #
-        if option == '' and prdict.get(storekey) is not None and (storekey in newConfigList):
-            pass
-        #
-        # This second condition checks if this is the values.yaml file under istio directory, and
-        # the configuration option to process (storekey) has not been processed (this could
-        # happen the first time we read a configuration option from the istio/values.yaml file),
-        # then add this configuration option to the newConfigList to mark it as an option that
-        # needs to be processed.
-        #
-        elif option == '' and prdict.get(storekey) is None:
-            newConfigList.append(storekey)
-        #
-        # This third condition checks if this is the values.yaml file under istio directory,
-        # and the configuration option to process (storekey) has already been processed and if
-        # this is not a new configuration option, (this could happen if we have already
-        # processed the corresponding values.yaml under the subcharts directory), then ignore
-        # this configuration option and do not process the values in this file.
-        #
-        elif option == '' and prdict.get(storekey) is not None:
-            continue
-
-        if len(context[lastLineNum].lstrip()) != 0 and '#' != context[lastLineNum].lstrip()[0]:
-            isEnd, ValueList = endOfTheList(context, lineNum, lastLineNum, totalNum)
-
-            if (isEnd):
-                flag = 1
-                keysplit = key.split('.')
-                for kv in keysplit:
-                    if kv != '':
-                        newkey = newkey + '.' + kv
-
-                newkey = newkey.lstrip('.')
-
-                # Filling Description Fields
-                if ("." in newkey):
-                    plist = newkey.split('.')
-                    da = None
-                    for item in plist:
-                        desc = ''
-                        # If this is the same as the configuration option name, then
-                        # continue to the next key in the list
-                        if item.rstrip() == option.rstrip():
-                            continue
-                        if da is None:
-                            if loaded.ca.items:
-                                if item in loaded.ca.items:
-                                    desc = processComments(loaded.ca.items[item])
-                            da = loaded[item]
-                        elif isinstance(da, dict):
-                            if item in da.keys()[0]:
-                                commentTokens = da.ca.comment
-                                if commentTokens is not None:
-                                    desc = processComments(commentTokens)
-
-                            if da.ca.items:
-                                if item in da.ca.items:
-                                    desc = desc + processComments(da.ca.items[item])
-                                da = da[item]
-                            else:
-                                if item in da.keys():
-                                    da = da.get(item)
-                                else:
-                                    da = da.values()[0]
-
-                ValueStr = (' ').join(ValueList)
-                if ValueStr:
-                    if (desc in ValueStr):
-                        ValueStr = ValueStr.replace("#" + desc, "")
-                        desc = desc.replace('`', '')
-                    desc = sanitizeValueStr(desc)
-                    if desc.strip():
-                        desc = '`' + desc.strip() + '`'
-                    prdict[storekey].append("| `%s` | `%s` | %s |" % (newkey, ValueStr.rstrip(), desc))
-                desc = ''
-
-                key = newkey
-                newkey = ''
-
-        lineNum += 1
-    return ret_val
-
-
-def processComments(comments):
-    description = ''
-    for c in comments:
-        if c is None:
-            pass
-        elif isinstance(c, list):
-            for comment in c:
-                if (comment is None):
-                    pass
-                else:
-                    # We want to avoid including commented out key: value pairs in the values.yaml as
-                    # part of the description/comments. For example:
-                    #    # minAvailable: 1
-                    #    # maxUnavailable: 1
-                    #    # - secretName: grafana-tls
-                    #    sessionAffinityEnabled: false
-                    # We do not want the commented out key-value pairs (minAvailable,maxUnavailable, secretName)
-                    # to be included as part of the description for 'sessionAffinityEnabled'
-                    #
-                    pattern = re.compile(r"#\s[-\s]*[\S]+:(?:\s(?!\S+:)\S+)*")
-                    groups = pattern.match(comment.value)
-                    if groups:
-                        description = ''
-                        break
-                    if comment.value.endswith('\n\n'):
-                        description = ''
-                    else:
-                        if comment.value.rstrip() == '#':
-                            continue
-                        else:
-                            description = description + comment.value.replace('`', '').replace("#", '').rstrip()
-        elif isinstance(c, yaml.Token):
-            description = description + c.value.rstrip().replace("#", '')
-
-    return description
-
-
-def sanitizeValueStr(value):
-    # We can include more special characters later if they need to
-    # be escaped. For now just including the 'pipe' symbol appearing
-    # in the value of a configuration option.
-    # e.g: | `global.tracer.lightstep.secure` | `true     # example: true\|false` |  |
-    #
-    # Without escaping the 'pipe' character, it was interpreting it as the end/start
-    # of table column. Using the example above, without escaping the pipe symbol, it
-    # was interpreting it as:
-    # | `global.tracer.lightstep.secure` | `true   # example: true |false` |  |
-    #
-    regex = re.compile(r"\|")
-    if value is not None and regex.search(value) is not None:
-        value = value.replace("|", r"\|")
-    return value
-
-# Compares the configuration option value from the newly discovered set of values (stored
-# in prdict dictionary) and its previous version (stored in index.md). If there is no
-# change in the configuration option value between the 2 versions, it will be ignored. If
-# there are any differences, we will store the differences (will track differences for key,
-# value and description of a configuration option) in the 'od_diff' dictionary. The values
-# stored in this dictionary will later be written to CONFIG_INDEX_DIFF_DIR.
-#
-# The difference between the configuration option values is stored in the CONFIG_INDEX_DIFF_DIR
-# in the format:
-# |  KEY | OLD DEFAULT VALUE | NEW DEFAULT VALUE | OLD DESCRIPTION | NEW DESCRIPTION |
-# | ------ | ------------ | ------------ | ------------ | ------------ |
-# | Key | oldValue | newValue | oldDesc | newDesc |
-#
-# If a configuration option is present only in the latest version, then the oldKey, oldValue
-# and oldDescription will be represented as 'n/a' (vice-versa applies to newKey, newValue and
-# newDescription).
-#
-# oValue - configuration option from the existing index.md
-# nValue - configuration option from the current processing of configuration options to be
-#          stored in a new version of index.md
-# k - istio component name for which these configuration options are being processed. This is
-#     used to populate the contents of 'od_diff' dictionary.
-#
-
-
-def compareValues(oValue, nValue, k):
-    # oValue and nVAlue contains configuration option in the format:
-    # '| `<Key>` | `<Value>` | `<Description>` |
-    # This needs to be split in order to get the Key, Value and Description values to compare.
-    oldKey = ''
-    oldValue = ''
-    oldDesc = ''
-
-    newKey = ''
-    newValue = ''
-    newDesc = ''
-
-    key = None
-
-    if nValue is not None:
-        groups = re.search(r"\| \`(.*)\` \| \`(.*)\` \| (.*) |", nValue.strip())
-        if groups:
-            newKey = groups.group(1)
-            newValue = groups.group(2)
-            newDesc = groups.group(3)
-
-    if oValue is not None and nValue is not None:
-        if len(oValue) == 1:
-            item = oValue[0]
-
-            if item == nValue:
-                key = newKey
-                oValue.remove(item)
-                od_diff_unchanged[k].append("| `%s` | `%s` | %s |" % (newKey, newValue.rstrip(), newDesc))
-            else:
-                groups = re.search(r"\| \`(.*)\` \| \`(.*)\` \|\s*(.*)\s*\|", item.strip())
-                if groups:
-                    oldKey = groups.group(1)
-                    oldValue = groups.group(2)
-                    oldDesc = groups.group(3)
-                    key = oldKey
-
-                if oldKey in CONFIG_IGNORE_LIST:
-                    oValue.remove(item)
-                    return key
-
-                if oldValue != newValue:
-                    if oldValue is None:
-                        oldValue = 'n/a'
-                    if newValue is None:
-                        newValue = 'n/a'
-
-                    if oldDesc.strip() != newDesc.strip():
-                        if (newDesc is None or newDesc == '') and (oldDesc is None or oldDesc == ''):
-                            pass
-                        if oldDesc is None:
-                            oldDesc = 'n/a'
-                        if newDesc is None or newDesc == '':
-                            newDesc = 'n/a'
-                    oValue.remove(item)
-                    od_diff[k].append("| `%s` | `%s` | `%s` | %s | %s |" % (newKey, oldValue.rstrip(), newValue.rstrip(), oldDesc, newDesc))
-                else:
-                    # This is the case where values are the same but descriptions are different. Right now, there is nothing more to do since
-                    # we do not care about displaying values that haven't changed between releases.
-                    oValue.remove(item)
-
-                    #od_diff_unchanged[k].append("| `%s` | `%s` | %s |" % (newKey, newValue.rstrip(), newDesc))
-        else:
-            foundItem = 'false'
-            for item in oValue:
-                if item == nValue:
-                    key = newKey
-                    oValue.remove(item)
-                    od_diff_unchanged[k].append("| `%s` | `%s` | %s |" % (newKey, newValue.rstrip(), newDesc))
-                    foundItem = 'true'
-                    break
-                else:
-                    groups = re.search(r"\| \`(.*)\` \| \`(.*)\` \|\s*(.*)\s*\|", item.strip())
-                    if groups:
-                        oldKey = groups.group(1)
-                        oldValue = groups.group(2)
-                        oldDesc = groups.group(3)
-
-                    if oldKey == newKey:
-                        if oldValue == newValue and oldDesc != newDesc:
-                            key = newKey
-                            od_diff[k].append("| `%s` | `%s` | `%s` | %s | %s |" % (newKey, oldValue.rstrip(), newValue.rstrip(), oldDesc, newDesc))
-                            oValue.remove(item)
-                            foundItem = 'true'
-                            break
-
-            if foundItem == 'false':
-                od_diff_new[k].append("| `%s` | `%s` | %s |" % (newKey, newValue.rstrip(), newDesc))
-    elif oValue is None:
-        key = newKey
-        od_diff_new[k].append("| `%s` | `%s` | %s |" % (newKey, newValue.rstrip(), newDesc))
-    elif nValue is None:
-        for item in oValue:
-            groups = re.search(r"\| \`(.*)\` \| \`(.*)\` \|\s*(.*)\s*\|", item.strip())
-            if groups:
-                oldKey = groups.group(1)
-                oldValue = groups.group(2)
-                oldDesc = groups.group(3)
-
-            key = oldKey
-            od_diff_removed[k].append("| `%s` | `%s` | %s |" % (oldKey, oldValue.rstrip(), oldDesc))
-
-    return key
-
-#
-# Get the previous release number so that we can retrieve the index.md for that
-# release. The release branches are tagged in the following format: release-<number>
-#
-
-
-def getPreviousRelease():
-    req = requests.get("https://api.github.com/repos/istio/istio/branches")
-    jsonData = req.json()
-    previousRelease = 0.0
-
-    for x in jsonData:
-        releaseName = x['name']
-        if releaseName.startswith('release-'):
-            releaseNum = releaseName.split('release-')
-            if releaseNum[1] > previousRelease:
-                previousRelease = releaseNum[1]
-    return previousRelease
-
-#
-# Get the index.md for the previous release.
-#
-
-
-def getContentFromPreviousRelease(releaseName):
-    istio_url = 'https://raw.githubusercontent.com/istio/istio.io/release-' + releaseName + '/content/en/docs/reference/config/installation-options/index.md'
-    req = requests.get(istio_url)
-    content = req.text
-    indexMap = collections.defaultdict(list)
-
-    # store all the configurations options from the index.md file into the indexMap
-    # dictionary. This will be used to compare the values with the latest version
-    # of configuration options.
-    data = content.split('\n')
-    for d in data:
-        if d.rstrip() != '' and d != '| Key | Default Value | Description |' and d != '| --- | --- | --- |' and d[0:1] == '|' and d[-1] == '|':
-            groups = re.search(r"\| \`(.*)\` \| \`(.*)\` \| (.*) |", d.strip())
-            if groups:
-                key = groups.group(1)
-                if key in indexMap:
-                    value = indexMap.get(key)
-                    value.append(d.strip())
-                else:
-                    indexMap[key].append(d.strip())
-    return indexMap
-
-
-def writeVersionDiffs(index_diff_file):
-    meta = ""
-
-    for d in index_diff_file:
-        meta = meta + d
-        if "<!-- AUTO-GENERATED-START -->" in d:
-            break
-
-    index_diff_file.seek(0)
-    index_diff_file.write(meta)
-
-    '''
-    if od_diff_unchanged:
-        index_diff_file.write('\n## Unmodified configuration options\n')
-
-    for k, v in od_diff_unchanged.items():
-        index_diff_file.write("\n### Unmodified `%s` key/value pairs\n\n" % k)
-        index_diff_file.write('| Key | Default Value | Description |\n')
-        index_diff_file.write('| --- | --- | --- |\n')
-
-        for value in v:
-            index_diff_file.write('%s\n' % (value))
-    '''
-
-    if od_diff:
-        index_diff_file.write('\n## Modified configuration options\n')
-
-    for k, v in od_diff.items():
-        index_diff_file.write("\n### Modified `%s` key/value pairs\n\n" % k)
-        index_diff_file.write('| Key | Old Default Value | New Default Value | Old Description | New Description |\n')
-        index_diff_file.write('| --- | --- | --- | --- | --- |\n')
-
-        for value in v:
-            index_diff_file.write('%s\n' % (value))
-
-    if od_diff_new:
-        index_diff_file.write('\n## New configuration options\n')
-
-    for k, v in od_diff_new.items():
-        index_diff_file.write("\n### New `%s` key/value pairs\n\n" % k)
-        index_diff_file.write('| Key | Default Value | Description |\n')
-        index_diff_file.write('| --- | --- | --- |\n')
-
-        for value in v:
-            index_diff_file.write('%s\n' % (value))
-
-    if od_diff_removed:
-        index_diff_file.write('\n## Removed configuration options\n')
-
-    for k, v in od_diff_removed.items():
-        index_diff_file.write("\n### Removed `%s` key/value pairs\n\n" % k)
-        index_diff_file.write('| Key | Default Value | Description |\n')
-        index_diff_file.write('| --- | --- | --- |\n')
-
-        for value in v:
-            index_diff_file.write('%s\n' % (value))
-
-    index_diff_file.write("\n<!-- AUTO-GENERATED-END -->\n")
-    index_diff_file.truncate()
-
-
-with open(os.path.join(ISTIO_IO_DIR, CONFIG_INDEX_DIR), 'r') as f:
-    endReached = False
-    key = ''
-    # A list used to track the configuration options that has been compared and processed when going
-    # through the configurations processed in the latest version
-    indexList = []
-    previousRelease = getPreviousRelease()
-    indexMap = getContentFromPreviousRelease(previousRelease)
-
-    # transform values.yaml into a encoded string dictionary
-    pyaml = yaml.YAML()
-    pyaml.explicit_start = True
-    pyaml.dump('', sys.stdout, transform=decode_helm_yaml)
-
-    # Order the encoded string dictionary
-    od = collections.OrderedDict(sorted(prdict.items(), key=lambda t: t[0]))
-
-    # Print encoded string dictionary
-    for k, v in od.items():
-        for value in v:
-            # Compare configuration option values from the latest version
-            # with the older version.
-            groups = re.search(r"\| \`(.*)\` \| \`(.*)\` \| (.*) |", value.strip())
-            if groups:
-                key = groups.group(1)
-                indexValue = indexMap.get(key)
-
-                indexList.append(compareValues(indexValue, value, k))
-
-    # We want to include any configuration options that was discovered in
-    # the older version but not available in the current version
-    for k in indexMap.keys():
-        key = k.split('.')[0]
-        indexList.append(compareValues(indexMap.get(k), None, key))
-
-    # This index.md file is used to track the differences of configuration
-    # option values between the current and previous release. All the
-    # differences in configuration option values between the current
-    # and previous release (tracked in the 'od_diff' dictionary) will be
-    # written to the index.md file
-    index_diff_file = open(os.path.join(ISTIO_IO_DIR, CONFIG_INDEX_DIFF_DIR), 'r+')
-    writeVersionDiffs(index_diff_file)
-    index_diff_file.close()