IstioOperator Options

Configuration affecting Istio control plane installation version and shape. This resource is passed as a file input to istioctl install and istioctl manifest generate; while it has a similar format as Kubernetes objects, it is not applied to the cluster.

IstioOperatorSpec

IstioOperatorSpec defines the desired installed state of Istio components. The spec is a used to define a customization of the default profile values that are supplied with each Istio release. Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio component values.

  1. apiVersion: install.istio.io/v1alpha1
  2. kind: IstioOperator
  3. spec:
  4.   profile: default
  5.   hub: gcr.io/istio-testing
  6.   tag: latest
  7.   revision: 1-8-0
  8.   meshConfig:
  9.     accessLogFile: /dev/stdout
  10.     enableTracing: true
  11.   components:
  12.     egressGateways:
  13.     - name: istio-egressgateway
  14.       enabled: true
FieldTypeDescriptionRequired
profilestring

Path or name for the profile e.g.

  • minimal (looks in profiles dir for a file called minimal.yaml)
  • /tmp/istio/install/values/custom/custom-install.yaml (local file path)

default profile is used if this field is unset.

No
installPackagePathstring

Path for the install package. e.g.

  • /tmp/istio-installer/nightly (local file path)
No
hubstring

Root for docker image paths e.g. docker.io/istio

No
tagValue

Version tag for docker images e.g. 1.7.2

No
namespacestring

Namespace to install control plane resources into. If unset, Istio will be installed into the same namespace as the IstioOperator CR. You must also set values.global.istioNamespace if you wish to install Istio in a custom namespace. If you have enabled CNI, you must exclude this namespace by adding it to the list values.cni.excludeNamespaces.

No
revisionstring

Identify the revision this installation is associated with. This option is currently experimental.

No
compatibilityVersionstring

Compatibility version allows configuring Istio to behave like an older version by tuning various settings to align with a previous versions defaults. This accepts a major.minor format, such as 1.23. This option is currently experimental.

No
meshConfigStruct

Config used by control plane components internally.

No
componentsIstioComponentSetSpec

Kubernetes resource settings, enablement and component-specific settings that are not internal to the component.

No
valuesStruct

Overrides for default values.yaml. This is a validated pass-through to Helm templates. See the Helm installation options for schema details. Anything that is available in IstioOperatorSpec should be set above rather than using the passthrough. This includes Kubernetes resource settings for components in KubernetesResourcesSpec.

No
unvalidatedValuesStruct

Unvalidated overrides for default values.yaml. Used for custom templates where new parameters are added.

No

IstioComponentSetSpec

IstioComponentSpec defines the desired installed state of Istio components.

FieldTypeDescriptionRequired
baseBaseComponentSpecNo
pilotComponentSpecNo
cniComponentSpecNo
ztunnelComponentSpecNo
istiodRemoteComponentSpec

Remote cluster using an external control plane.

No
ingressGatewaysGatewaySpec[]No
egressGatewaysGatewaySpec[]No

BaseComponentSpec

Configuration for base component.

FieldTypeDescriptionRequired
enabledBoolValue

Selects whether this component is installed.

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

ComponentSpec

Configuration for internal components.

FieldTypeDescriptionRequired
enabledBoolValue

Selects whether this component is installed.

No
namespacestring

Namespace for the component.

No
hubstring

Hub for the component (overrides top level hub setting).

No
tagValue

Tag for the component (overrides top level tag setting).

No
specStruct

Arbitrary install time configuration for the component.

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

GatewaySpec

Configuration for gateways.

FieldTypeDescriptionRequired
enabledBoolValue

Selects whether this gateway is installed.

No
namespacestring

Namespace for the gateway.

No
namestring

Name for the gateway.

No
labelmap<string, string>

Labels for the gateway.

No
hubstring

Hub for the component (overrides top level hub setting).

No
tagValue

Tag for the component (overrides top level tag setting).

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

KubernetesResourcesSpec

KubernetesResourcesSpec is a common set of Kubernetes resource configs for components.

FieldTypeDescriptionRequired
affinityAffinity

Kubernetes affinity. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

No
envEnvVar[]

Deployment environment variables. https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/

No
hpaSpecHorizontalPodAutoscalerSpec

Kubernetes HorizontalPodAutoscaler settings. https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

No
imagePullPolicystring

Kubernetes imagePullPolicy. https://kubernetes.io/docs/concepts/containers/images/

No
nodeSelectormap<string, string>

Kubernetes nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector

No
podDisruptionBudgetPodDisruptionBudgetSpec

Kubernetes PodDisruptionBudget settings. https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#how-disruption-budgets-work

No
podAnnotationsmap<string, string>

Kubernetes pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

No
priorityClassNamestring

Kubernetes priorityClassName. Default for all resources unless overridden. https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass

No
readinessProbeReadinessProbe

Kubernetes readinessProbe settings. https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ k8s.io.api.core.v1.Probe readiness_probe = 9;

No
replicaCountuint32

Kubernetes Deployment replicas setting. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

No
resourcesResources

Kubernetes resources settings. https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container

No
serviceServiceSpec

Kubernetes Service settings. https://kubernetes.io/docs/concepts/services-networking/service/

No
strategyDeploymentStrategy

Kubernetes deployment strategy. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

No
tolerationsToleration[]

Kubernetes toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

No
serviceAnnotationsmap<string, string>

Kubernetes service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

No
securityContextPodSecurityContext

Kubernetes pod security context https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

No
volumesVolume[]

Kubernetes volumes https://kubernetes.io/docs/concepts/storage/volumes/ Volumes defines the collection of Volume to inject into the pod.

No
volumeMountsVolumeMount[]

Kubernetes volumeMounts VolumeMounts defines the collection of VolumeMount to inject into containers.

No
overlaysK8sObjectOverlay[]

Overlays for Kubernetes resources in rendered manifests.

No

K8sObjectOverlay

Patch for an existing Kubernetes resource.

FieldTypeDescriptionRequired
apiVersionstring

Resource API version.

No
kindstring

Resource kind.

No
namestring

Name of resource. Namespace is always the component namespace.

No
patchesPathValue[]

List of patches to apply to resource.

No

Affinity

See k8s.io.api.core.v1.Affinity.

FieldTypeDescriptionRequired
nodeAffinityNodeAffinityNo
podAffinityPodAffinityNo
podAntiAffinityPodAntiAffinityNo

ConfigMapKeySelector

See k8s.io.api.core.v1.ConfigMapKeySelector.

FieldTypeDescriptionRequired
localObjectReferenceLocalObjectReferenceNo
keystringNo
optionalboolNo

ContainerResourceMetricSource

See k8s.io.api.autoscaling.v2beta2.ContainerResourceMetricSource.

FieldTypeDescriptionRequired
namestringNo
targetMetricTargetNo
containerstringNo

ContainerResourceMetricStatus

See k8s.io.api.autoscaling.v2beta2.ContainerResourceMetricStatus.

FieldTypeDescriptionRequired
namestringNo
currentMetricValueStatusNo
containerstringNo

ClientIPConfig

See k8s.io.api.core.v1.ClientIPConfig.

FieldTypeDescriptionRequired
timeoutSecondsint32No

CrossVersionObjectReference

See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.

FieldTypeDescriptionRequired
kindstringNo
namestringNo
apiVersionstringNo

DeploymentStrategy

See k8s.io.api.apps.v1.DeploymentStrategy.

FieldTypeDescriptionRequired
typestringNo
rollingUpdateRollingUpdateDeploymentNo

EnvVar

See k8s.io.api.core.v1.EnvVar.

FieldTypeDescriptionRequired
namestringNo
valuestringNo
valueFromEnvVarSourceNo

EnvVarSource

See k8s.io.api.core.v1.EnvVarSource.

FieldTypeDescriptionRequired
fieldRefObjectFieldSelectorNo
resourceFieldRefResourceFieldSelectorNo
configMapKeyRefConfigMapKeySelectorNo
secretKeyRefSecretKeySelectorNo

ExecAction

See k8s.io.api.core.v1.ExecAction.

FieldTypeDescriptionRequired
commandstring[]No

ExternalMetricSource

See k8s.io.api.autoscaling.v2beta2.ExternalMetricSource.

FieldTypeDescriptionRequired
metricMetricIdentifierNo
targetMetricTargetNo
metricNamestringNo
metricSelectorLabelSelectorNo
targetValueIntOrStringNo
targetAverageValueIntOrStringNo

ExternalMetricStatus

See k8s.io.autoscaling.v2beta2.ExternalMetricStatus.

FieldTypeDescriptionRequired
metricMetricIdentifierNo
currentMetricValueStatusNo

HTTPGetAction

See k8s.io.api.core.v1.HTTPGetAction.

FieldTypeDescriptionRequired
pathstringNo
portIntOrStringNo
hoststringNo
schemestringNo
httpHeadersHTTPHeader[]No

HTTPHeader

See k8s.io.api.core.v1.HTTPHeader.

FieldTypeDescriptionRequired
namestringNo
valuestringNo

HorizontalPodAutoscalerSpec

See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.

FieldTypeDescriptionRequired
scaleTargetRefCrossVersionObjectReferenceNo
minReplicasint32No
maxReplicasint32No
metricsMetricSpec[]No
behaviorHorizontalPodAutoScalerBehaviorNo

HorizontalPodAutoScalerBehavior

See k8s.io.autoscaling.v2beta2.HorizontalPodAutoScalerBehavior.

FieldTypeDescriptionRequired
scaleUpHPAScalingRulesNo
scaleDownHPAScalingRulesNo

HPAScalingRules

See k8s.io.autoscaling.v2beta2.HPAScalingRules.

FieldTypeDescriptionRequired
stabilizationWindowSecondsint32No
selectPolicystringNo
policiesHPAScalingPolicy[]No

HPAScalingPolicy

See k8s.io.autoscaling.v2beta2.HPAScalingPolicy.

FieldTypeDescriptionRequired
typestringNo
valueint32No
periodSecondsint32No

LocalObjectReference

See k8s.io.api.core.v1.LocalObjectReference.

FieldTypeDescriptionRequired
namestringNo

MetricIdentifier

See k8s.io.autoscaling.v2beta2.MetricIdentifier.

FieldTypeDescriptionRequired
namestring (oneof)No
selectorLabelSelectorNo

MetricSpec

See k8s.io.autoscaling.v2beta2.MetricSpec.

FieldTypeDescriptionRequired
typestringNo
objectObjectMetricSourceNo
podsPodsMetricSourceNo
resourceResourceMetricSourceNo
containerResourceContainerResourceMetricSourceNo
externalExternalMetricSourceNo

MetricStatus

See k8s.io.autoscaling.v2beta2.MetricStatus.

FieldTypeDescriptionRequired
typestringNo
objectObjectMetricStatusNo
podsPodsMetricStatusNo
resourceResourceMetricStatusNo
containerResourceContainerResourceMetricStatusNo
externalExternalMetricStatusNo

MetricTarget

See k8s.io.autoscaling.v2beta2.MetricTarget.

FieldTypeDescriptionRequired
typestringNo
valueIntOrStringNo
averageValueIntOrStringNo
averageUtilizationint32No

MetricValueStatus

See k8s.io.autoscaling.v2beta2.MetricValueStatus.

FieldTypeDescriptionRequired
valueIntOrStringNo
averageValueIntOrStringNo
averageUtilizationint32No

NodeAffinity

See k8s.io.api.core.v1.NodeAffinity.

FieldTypeDescriptionRequired
requiredDuringSchedulingIgnoredDuringExecutionNodeSelectorNo
preferredDuringSchedulingIgnoredDuringExecutionPreferredSchedulingTerm[]No

NodeSelector

See k8s.io.api.core.v1.NodeSelector.

FieldTypeDescriptionRequired
nodeSelectorTermsNodeSelectorTerm[]No

NodeSelectorTerm

See k8s.io.api.core.v1.NodeSelectorTerm.

FieldTypeDescriptionRequired
matchExpressionsNodeSelectorRequirement[]No
matchFieldsNodeSelectorRequirement[]No

NodeSelectorRequirement

See k8s.io.api.core.v1.NodeSelectorRequirement.

FieldTypeDescriptionRequired
keystringNo
operatorstringNo
valuesstring[]No

ObjectFieldSelector

See k8s.io.api.core.v1.ObjectFieldSelector.

FieldTypeDescriptionRequired
apiVersionstringNo
fieldPathstringNo

ObjectMeta

From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.

FieldTypeDescriptionRequired
namestringNo
namespacestringNo

ObjectMetricSource

See k8s.io.autoscaling.v2beta2.ObjectMetricSource.

FieldTypeDescriptionRequired
targetValue

Type changes from CrossVersionObjectReference to ResourceMetricTarget in autoscaling v2beta2/v2 compared with v2beta1 Change it to dynamic type to keep backward compatible

No
describedObjectCrossVersionObjectReferenceNo
metricMetricIdentifierNo
metricNamestringNo
targetValueIntOrStringNo
selectorLabelSelectorNo
averageValueIntOrStringNo

ObjectMetricStatus

See k8s.io.autoscaling.v2beta2.ObjectMetricStatus.

FieldTypeDescriptionRequired
metricMetricIdentifierNo
currentMetricValueStatusNo
describedObjectCrossVersionObjectReferenceNo

PodAffinity

See k8s.io.api.core.v1.PodAffinity.

FieldTypeDescriptionRequired
requiredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm[]No
preferredDuringSchedulingIgnoredDuringExecutionWeightedPodAffinityTerm[]No

PodAntiAffinity

See k8s.io.api.core.v1.PodAntiAffinity.

FieldTypeDescriptionRequired
requiredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm[]No
preferredDuringSchedulingIgnoredDuringExecutionWeightedPodAffinityTerm[]No

PodAffinityTerm

See k8s.io.api.core.v1.PodAntiAffinity.

FieldTypeDescriptionRequired
labelSelectorLabelSelectorNo
namespacesstring[]No
topologyKeystringNo

PodDisruptionBudgetSpec

See k8s.io.api.policy.v1beta1.PodDisruptionBudget.

FieldTypeDescriptionRequired
minAvailableIntOrStringNo
selectorLabelSelectorNo
maxUnavailableIntOrStringNo

PodsMetricSource

See k8s.io.autoscaling.v2beta2.PodsMetricSource.

FieldTypeDescriptionRequired
metricMetricIdentifier

v2beta2/v2 fields

No
targetMetricTargetNo
metricNamestringNo
targetAverageValueIntOrStringNo
selectorLabelSelectorNo

PodsMetricStatus

See k8s.io.autoscaling.v2beta2.PodsMetricStatus.

FieldTypeDescriptionRequired
metricMetricIdentifierNo
currentMetricValueStatusNo

PreferredSchedulingTerm

See k8s.io.api.core.v1.PreferredSchedulingTerm.

FieldTypeDescriptionRequired
weightint32No
preferenceNodeSelectorTermNo

ReadinessProbe

See k8s.io.api.core.v1.ReadinessProbe.

FieldTypeDescriptionRequired
execExecActionNo
httpGetHTTPGetActionNo
tcpSocketTCPSocketActionNo
initialDelaySecondsint32No
timeoutSecondsint32No
periodSecondsint32No
successThresholdint32No
failureThresholdint32No

ResourceFieldSelector

See k8s.io.api.core.v1..

FieldTypeDescriptionRequired
containerNamestringNo
resourcestringNo
divisorIntOrStringNo

ResourceMetricSource

See k8s.io.autoscaling.v2beta2.ResourceMetricSource.

FieldTypeDescriptionRequired
namestringNo
targetMetricTargetNo
targetAverageUtilizationint32No
targetAverageValueIntOrStringNo

ResourceMetricStatus

See k8s.io.autoscaling.v2beta2.ResourceMetricStatus.

FieldTypeDescriptionRequired
namestringNo
currentMetricValueStatusNo

Resources

See k8s.io.api.core.v1.ResourceRequirements.

FieldTypeDescriptionRequired
limitsmap<string, string>No
requestsmap<string, string>No

RollingUpdateDeployment

See k8s.io.api.apps.v1.RollingUpdateDeployment.

FieldTypeDescriptionRequired
maxUnavailableIntOrStringNo
maxSurgeIntOrStringNo

SecretKeySelector

See k8s.io.api.core.v1.SecretKeySelector.

FieldTypeDescriptionRequired
localObjectReferenceLocalObjectReferenceNo
keystringNo
optionalboolNo

ServiceSpec

See k8s.io.api.core.v1.ServiceSpec.

FieldTypeDescriptionRequired
portsServicePort[]No
selectormap<string, string>No
clusterIPstringNo
typestringNo
externalIPsstring[]No
sessionAffinitystringNo
loadBalancerIPstringNo
loadBalancerSourceRangesstring[]No
externalNamestringNo
externalTrafficPolicystringNo
healthCheckNodePortint32No
publishNotReadyAddressesboolNo
sessionAffinityConfigSessionAffinityConfigNo
loadBalancerClassstringNo

ServicePort

See k8s.io.api.core.v1..

FieldTypeDescriptionRequired
namestringNo
protocolstringNo
portint32No
targetPortIntOrStringNo
nodePortint32No
appProtocolstringNo

SessionAffinityConfig

See k8s.io.api.core.v1.SessionAffinityConfig.

FieldTypeDescriptionRequired
clientIPClientIPConfigNo

TCPSocketAction

See k8s.io.api.core.v1.TCPSocketAction.

FieldTypeDescriptionRequired
portIntOrStringNo
hoststringNo

Toleration

See k8s.io.api.core.v1.Toleration.

FieldTypeDescriptionRequired
keystringNo
operatorstringNo
valuestringNo
effectstringNo
tolerationSecondsint64No

WeightedPodAffinityTerm

See k8s.io.api.core.v1.WeightedPodAffinityTerm.

FieldTypeDescriptionRequired
weightint32No
podAffinityTermPodAffinityTermNo

PodSecurityContext

See k8s.io.api.core.v1.PodSecurityContext.

FieldTypeDescriptionRequired
seLinuxOptionsSELinuxOptionsNo
runAsUserint64No
runAsNonRootboolNo
supplementalGroupsint64[]No
fsGroupint64No
runAsGroupint64No
sysctlsSysctl[]No
windowsOptionsWindowsSecurityContextOptionsNo
fsGroupChangePolicystringNo
seccompProfileSeccompProfileNo

SELinuxOptions

See k8s.io.api.core.v1.SELinuxOptions.

FieldTypeDescriptionRequired
userstringNo
rolestringNo
typestringNo
levelstringNo

Sysctl

See k8s.io.api.core.v1.Sysctl.

FieldTypeDescriptionRequired
namestringNo
valuestringNo

WindowsSecurityContextOptions

See k8s.io.api.core.v1.WindowsSecurityContextOptions.

FieldTypeDescriptionRequired
gmsaCredentialSpecNamestringNo
gmsaCredentialSpecstringNo
runAsUserNamestringNo

SeccompProfile

See k8s.io.api.core.v1.SeccompProfile.

FieldTypeDescriptionRequired
typestringNo
localhostProfilestringNo

IntOrString

IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.

FieldTypeDescriptionRequired
typeint64No
intValInt32ValueNo
strValStringValueNo

K8sObjectOverlay.PathValue

FieldTypeDescriptionRequired
pathstring

Path of the form a.[key1:value1].b.[:value2] Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value selector to identify a list element in a leaf list. All path intermediate nodes must exist.

No
valueValue

Value to add, delete or replace. For add, the path should be a new leaf. For delete, value should be unset. For replace, path should reference an existing node. All values are strings but are converted into appropriate type based on schema.

No

google.protobuf.Value

Value represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values. A producer of value is expected to set one of that variants, absence of any variant indicates an error.

The JSON representation for Value is JSON value.

FieldTypeDescriptionRequired
nullValueNullValue (oneof)

Represents a null value.

No
numberValuedouble (oneof)

Represents a double value.

No
stringValuestring (oneof)

Represents a string value.

No
boolValuebool (oneof)

Represents a boolean value.

No
structValueStruct (oneof)

Represents a structured value.

No
listValueListValue (oneof)

Represents a repeated Value.

No

k8s.io.api.core.v1.Volume

Volume represents a named volume in a pod that may be accessed by any container in the pod.

FieldTypeDescriptionRequired
namestring

name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

No
volumeSourceVolumeSource

volumeSource represents the location and type of the mounted volume. If not specified, the Volume is implied to be an EmptyDir. This implied behavior is deprecated and will be removed in a future version.

No

k8s.io.api.core.v1.VolumeMount

VolumeMount describes a mounting of a Volume within a container.

FieldTypeDescriptionRequired
namestring

This must match the Name of a Volume.

No
readOnlybool

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

No
mountPathstring

Path within the container at which the volume should be mounted. Must not contain ‘:’.

No
subPathstring

Path within the volume from which the container’s volume should be mounted. Defaults to “” (volume’s root).

No
mountPropagationstring

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

No
subPathExprstring

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to “” (volume’s root). SubPathExpr and SubPath are mutually exclusive.

No

k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.

FieldTypeDescriptionRequired
matchLabelsmap<string, string>

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

No
matchExpressionsLabelSelectorRequirement[]

matchExpressions is a list of label selector requirements. The requirements are ANDed.

No