istio
diff --git a/‎mesh/v1alpha1/config.pb.go‎
Lines changed: 107 additions & 54 deletions b/‎mesh/v1alpha1/config.pb.go‎
Lines changed: 107 additions & 54 deletions
diff --git a/‎mesh/v1alpha1/config.proto‎
Lines changed: 6 additions & 1 deletion b/‎mesh/v1alpha1/config.proto‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎mesh/v1alpha1/istio.mesh.v1alpha1.pb.html‎
Lines changed: 10 additions & 0 deletions b/‎mesh/v1alpha1/istio.mesh.v1alpha1.pb.html‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎proto.lock‎
Lines changed: 5 additions & 0 deletions b/‎proto.lock‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎python/istio_api/mesh/v1alpha1/config_pb2.py‎
Lines changed: 15 additions & 8 deletions b/‎python/istio_api/mesh/v1alpha1/config_pb2.py‎
Lines changed: 15 additions & 8 deletions
@@ -157,8 +157,13 @@ message MeshConfig {
   // will be used to generate key/cert eventually. This isn't supported for non-k8s case.
   bool enable_sds_token_mount = 23;
 
+  // The trust domain corresponds to the trust root of a system.
+  // Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
+  // Fallback to old identity format(without trust domain) if not set.
+  string trust_domain = 26;
+
   // $hide_from_docs
-  // Next available field number: 26
+  // Next available field number: 27
 }
 
 // ConfigSource describes information about a configuration store inside a
 
@@ -263,6 +263,16 @@ <h2 id="MeshConfig">MeshConfig</h2>
 rules, and other Istio configuration artifacts. Multiple data sources
 can be configured for a single control plane.</p>
 
+</td>
+</tr>
+<tr id="MeshConfig-trust_domain">
+<td><code>trustDomain</code></td>
+<td><code>string</code></td>
+<td>
+<p>The trust domain corresponds to the trust root of a system.
+Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
+Fallback to old identity format(without trust domain) if not set.</p>
+
 </td>
 </tr>
 </tbody>
 
@@ -761,6 +761,11 @@
                 "id": 23,
                 "name": "enable_sds_token_mount",
                 "type": "bool"
+              },
+              {
+                "id": 26,
+                "name": "trust_domain",
+                "type": "string"
               }
             ],
             "reserved_ids": [