- IstioOperator Options
- IstioOperatorSpec
- InstallStatus
- IstioComponentSetSpec
- BaseComponentSpec
- ComponentSpec
- ExternalComponentSpec
- GatewaySpec
- KubernetesResourcesSpec
- K8sObjectOverlay
- Affinity
- ConfigMapKeySelector
- ClientIPConfig
- CrossVersionObjectReference
- DeploymentStrategy
- EnvVar
- EnvVarSource
- ExecAction
- ExternalMetricSource
- HTTPGetAction
- HTTPHeader
- HorizontalPodAutoscalerSpec
- LocalObjectReference
- MetricSpec
- NodeAffinity
- NodeSelector
- NodeSelectorTerm
- NodeSelectorRequirement
- ObjectFieldSelector
- ObjectMeta
- ObjectMetricSource
- PodAffinity
- PodAntiAffinity
- PodAffinityTerm
- PodDisruptionBudgetSpec
- PodsMetricSource
- PreferredSchedulingTerm
- ReadinessProbe
- ResourceFieldSelector
- ResourceMetricSource
- Resources
- RollingUpdateDeployment
- SecretKeySelector
- ServiceSpec
- ServicePort
- SessionAffinityConfig
- TCPSocketAction
- Toleration
- WeightedPodAffinityTerm
- PodSecurityContext
- SELinuxOptions
- Sysctl
- WindowsSecurityContextOptions
- SeccompProfile
- TypeInterface
- TypeMapStringInterface
- TypeIntOrStringForPB
- TypeBoolValueForPB
- InstallStatus.VersionStatus
- K8sObjectOverlay.PathValue
- k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector
- InstallStatus.Status
IstioOperator Options
Configuration affecting Istio control plane installation version and shape.
IstioOperatorSpec
IstioOperatorSpec defines the desired installed state of Istio components. The spec is a used to define a customization of the default profile values that are supplied with each Istio release. Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio component values.
Field | Type | Description | Required |
---|---|---|---|
profile | string | Path or name for the profile e.g. - minimal (looks in profiles dir for a file called minimal.yaml) - /tmp/istio/install/values/custom/custom-install.yaml (local file path) default profile is used if this field is unset. | No |
installPackagePath | string | Path for the install package. e.g. - /tmp/istio-installer/nightly (local file path) | No |
hub | string | Root for docker image paths e.g. docker.io/istio | No |
tag | TypeInterface | Version tag for docker images e.g. 1.0.6 | No |
namespace | string | Namespace to install control plane resources into. If unset, Istio will be installed into the same namespace as the IstioOperator CR. | No |
revision | string | Identify the revision this installation is associated with. This option is currently experimental. | No |
meshConfig | TypeMapStringInterface | Config used by control plane components internally. | No |
components | IstioComponentSetSpec | Kubernetes resource settings, enablement and component-specific settings that are not internal to the component. | No |
addonComponents | map<string, ExternalComponentSpec> | Extra addon components which are not explicitly specified above. | No |
values | TypeMapStringInterface | Overrides for default values.yaml. This is a validated pass-through to Helm templates. See the Helm installation options for schema details: https://istio.io/docs/reference/config/installation-options/. Anything that is available in IstioOperatorSpec should be set above rather than using the passthrough. This includes Kubernetes resource settings for components in KubernetesResourcesSpec. | No |
unvalidatedValues | TypeMapStringInterface | Unvalidated overrides for default values.yaml. Used for custom templates where new parameters are added. | No |
InstallStatus
Observed state of IstioOperator
Field | Type | Description | Required |
---|---|---|---|
status | Status | Overall status of all components controlled by the operator. - If all components have status NONE, overall status is NONE. - If all components are HEALTHY, overall status is HEALTHY. - If one or more components are RECONCILING and others are HEALTHY, overall status is RECONCILING. - If one or more components are UPDATING and others are HEALTHY, overall status is UPDATING. - If components are a mix of RECONCILING, UPDATING and HEALTHY, overall status is UPDATING. - If any component is in ERROR state, overall status is ERROR. - If further action is needed for reconciliation to proceed, overall status is ACTION_REQUIRED. | No |
message | string | Optional message providing additional information about the existing overall status. | No |
componentStatus | map<string, VersionStatus> | Individual status of each component controlled by the operator. The map key is the name of the component. | No |
IstioComponentSetSpec
IstioComponentSpec defines the desired installed state of Istio components.
Field | Type | Description | Required |
---|---|---|---|
base | BaseComponentSpec | No | |
pilot | ComponentSpec | No | |
policy | ComponentSpec | No | |
telemetry | ComponentSpec | No | |
cni | ComponentSpec | No | |
istiodRemote | ComponentSpec | No | |
ingressGateways | GatewaySpec[] | No | |
egressGateways | GatewaySpec[] | No |
BaseComponentSpec
Configuration for base component.
Field | Type | Description | Required |
---|---|---|---|
enabled | TypeBoolValueForPB | Selects whether this component is installed. | No |
k8s | KubernetesResourcesSpec | Kubernetes resource spec. | No |
ComponentSpec
Configuration for internal components.
Field | Type | Description | Required |
---|---|---|---|
enabled | TypeBoolValueForPB | Selects whether this component is installed. | No |
namespace | string | Namespace for the component. | No |
hub | string | Hub for the component (overrides top level hub setting). | No |
tag | TypeInterface | Tag for the component (overrides top level tag setting). | No |
spec | TypeInterface | Arbitrary install time configuration for the component. | No |
k8s | KubernetesResourcesSpec | Kubernetes resource spec. | No |
ExternalComponentSpec
Configuration for external components.
Field | Type | Description | Required |
---|---|---|---|
enabled | TypeBoolValueForPB | Selects whether this component is installed. | No |
namespace | string | Namespace for the component. | No |
spec | TypeInterface | Arbitrary install time configuration for the component. | No |
chartPath | string | Chart path for addon components. | No |
schema | Any | Optional schema to validate spec against. | No |
k8s | KubernetesResourcesSpec | Kubernetes resource spec. | No |
GatewaySpec
Configuration for gateways.
Field | Type | Description | Required |
---|---|---|---|
enabled | TypeBoolValueForPB | Selects whether this gateway is installed. | No |
namespace | string | Namespace for the gateway. | No |
name | string | Name for the gateway. | No |
label | map<string, string> | Labels for the gateway. | No |
hub | string | Hub for the component (overrides top level hub setting). | No |
tag | TypeInterface | Tag for the component (overrides top level tag setting). | No |
k8s | KubernetesResourcesSpec | Kubernetes resource spec. | No |
KubernetesResourcesSpec
KubernetesResourcesConfig is a common set of k8s resource configs for components.
K8sObjectOverlay
Patch for an existing k8s resource.
Field | Type | Description | Required |
---|---|---|---|
apiVersion | string | Resource API version. | No |
kind | string | Resource kind. | No |
name | string | Name of resource. Namespace is always the component namespace. | No |
patches | PathValue[] | List of patches to apply to resource. | No |
Affinity
See k8s.io.api.core.v1.Affinity.
Field | Type | Description | Required |
---|---|---|---|
nodeAffinity | NodeAffinity | No | |
podAffinity | PodAffinity | No | |
podAntiAffinity | PodAntiAffinity | No |
ConfigMapKeySelector
See k8s.io.api.core.v1.ConfigMapKeySelector.
Field | Type | Description | Required |
---|---|---|---|
localObjectReference | LocalObjectReference | No | |
key | string | No | |
optional | bool | No |
ClientIPConfig
See k8s.io.api.core.v1.ClientIPConfig.
Field | Type | Description | Required |
---|---|---|---|
timeoutSeconds | int32 | No |
CrossVersionObjectReference
See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.
Field | Type | Description | Required |
---|---|---|---|
kind | string | No | |
name | string | No | |
apiVersion | string | No |
DeploymentStrategy
See k8s.io.api.apps.v1.DeploymentStrategy.
Field | Type | Description | Required |
---|---|---|---|
type | string | No | |
rollingUpdate | RollingUpdateDeployment | No |
EnvVar
See k8s.io.api.core.v1.EnvVar.
Field | Type | Description | Required |
---|---|---|---|
name | string | No | |
value | string | No | |
valueFrom | EnvVarSource | No |
EnvVarSource
See k8s.io.api.core.v1.EnvVarSource.
Field | Type | Description | Required |
---|---|---|---|
fieldRef | ObjectFieldSelector | No | |
resourceFieldRef | ResourceFieldSelector | No | |
configMapKeyRef | ConfigMapKeySelector | No | |
secretKeyRef | SecretKeySelector | No |
ExecAction
See k8s.io.api.core.v1.ExecAction.
Field | Type | Description | Required |
---|---|---|---|
command | string[] | No |
ExternalMetricSource
See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.
Field | Type | Description | Required |
---|---|---|---|
metricName | string | No | |
metricSelector | LabelSelector | No | |
targetValue | TypeIntOrStringForPB | No | |
targetAverageValue | TypeIntOrStringForPB | No |
HTTPGetAction
See k8s.io.api.core.v1.HTTPGetAction.
Field | Type | Description | Required |
---|---|---|---|
path | string | No | |
port | TypeIntOrStringForPB | No | |
host | string | No | |
scheme | string | No | |
httpHeaders | HTTPHeader[] | No |
HTTPHeader
See k8s.io.api.core.v1.HTTPHeader.
Field | Type | Description | Required |
---|---|---|---|
name | string | No | |
value | string | No |
HorizontalPodAutoscalerSpec
See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.
Field | Type | Description | Required |
---|---|---|---|
scaleTargetRef | CrossVersionObjectReference | No | |
minReplicas | int32 | No | |
maxReplicas | int32 | No | |
metrics | MetricSpec[] | No |
LocalObjectReference
See k8s.io.api.core.v1.LocalObjectReference.
Field | Type | Description | Required |
---|---|---|---|
name | string | No |
MetricSpec
See k8s.io.autoscaling.v2beta1.MetricSpec.
Field | Type | Description | Required |
---|---|---|---|
type | string | No | |
object | ObjectMetricSource | No | |
pods | PodsMetricSource | No | |
resource | ResourceMetricSource | No | |
external | ExternalMetricSource | No |
NodeAffinity
See k8s.io.api.core.v1.NodeAffinity.
Field | Type | Description | Required |
---|---|---|---|
requiredDuringSchedulingIgnoredDuringExecution | NodeSelector | No | |
preferredDuringSchedulingIgnoredDuringExecution | PreferredSchedulingTerm[] | No |
NodeSelector
See k8s.io.api.core.v1.NodeSelector.
Field | Type | Description | Required |
---|---|---|---|
nodeSelectorTerms | NodeSelectorTerm[] | No |
NodeSelectorTerm
See k8s.io.api.core.v1.NodeSelectorTerm.
Field | Type | Description | Required |
---|---|---|---|
matchExpressions | NodeSelectorRequirement[] | No | |
matchFields | NodeSelectorRequirement[] | No |
NodeSelectorRequirement
See k8s.io.api.core.v1.NodeSelectorRequirement.
Field | Type | Description | Required |
---|---|---|---|
key | string | No | |
operator | string | No | |
values | string[] | No |
ObjectFieldSelector
See k8s.io.api.core.v1.ObjectFieldSelector.
Field | Type | Description | Required |
---|---|---|---|
apiVersion | string | No | |
fieldPath | string | No |
ObjectMeta
From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.
Field | Type | Description | Required |
---|---|---|---|
name | string | No | |
namespace | string | No |
ObjectMetricSource
See k8s.io.autoscaling.v2beta1.ObjectMetricSource.
Field | Type | Description | Required |
---|---|---|---|
target | CrossVersionObjectReference | No | |
metricName | string | No | |
targetValue | TypeIntOrStringForPB | No | |
selector | LabelSelector | No | |
averageValue | TypeIntOrStringForPB | No |
PodAffinity
See k8s.io.api.core.v1.PodAffinity.
Field | Type | Description | Required |
---|---|---|---|
requiredDuringSchedulingIgnoredDuringExecution | PodAffinityTerm[] | No | |
preferredDuringSchedulingIgnoredDuringExecution | WeightedPodAffinityTerm[] | No |
PodAntiAffinity
See k8s.io.api.core.v1.PodAntiAffinity.
Field | Type | Description | Required |
---|---|---|---|
requiredDuringSchedulingIgnoredDuringExecution | PodAffinityTerm[] | No | |
preferredDuringSchedulingIgnoredDuringExecution | WeightedPodAffinityTerm[] | No |
PodAffinityTerm
See k8s.io.api.core.v1.PodAntiAffinity.
Field | Type | Description | Required |
---|---|---|---|
labelSelector | LabelSelector | No | |
namespaces | string[] | No | |
topologyKey | string | No |
PodDisruptionBudgetSpec
See k8s.io.api.policy.v1beta1.PodDisruptionBudget.
Field | Type | Description | Required |
---|---|---|---|
minAvailable | uint32 | No | |
selector | LabelSelector | No | |
maxUnavailable | uint32 | No |
PodsMetricSource
See k8s.io.api.core.v1.PodsMetricSource.
Field | Type | Description | Required |
---|---|---|---|
metricName | string | No | |
targetAverageValue | TypeIntOrStringForPB | No | |
selector | LabelSelector | No |
PreferredSchedulingTerm
See k8s.io.api.core.v1.PreferredSchedulingTerm.
Field | Type | Description | Required |
---|---|---|---|
weight | int32 | No | |
preference | NodeSelectorTerm | No |
ReadinessProbe
See k8s.io.api.core.v1.ReadinessProbe.
Field | Type | Description | Required |
---|---|---|---|
exec | ExecAction | No | |
httpGet | HTTPGetAction | No | |
tcpSocket | TCPSocketAction | No | |
initialDelaySeconds | int32 | No | |
timeoutSeconds | int32 | No | |
periodSeconds | int32 | No | |
successThreshold | int32 | No | |
failureThreshold | int32 | No |
ResourceFieldSelector
See k8s.io.api.core.v1..
Field | Type | Description | Required |
---|---|---|---|
containerName | string | No | |
resource | string | No | |
divisor | TypeIntOrStringForPB | No |
ResourceMetricSource
See k8s.io.api.core.v1.ResourceMetricSource.
Field | Type | Description | Required |
---|---|---|---|
name | string | No | |
targetAverageUtilization | int32 | No | |
targetAverageValue | TypeIntOrStringForPB | No |
Resources
See k8s.io.api.core.v1.ResourceRequirements.
Field | Type | Description | Required |
---|---|---|---|
limits | map<string, string> | No | |
requests | map<string, string> | No |
RollingUpdateDeployment
See k8s.io.api.apps.v1.RollingUpdateDeployment.
Field | Type | Description | Required |
---|---|---|---|
maxUnavailable | TypeIntOrStringForPB | No | |
maxSurge | TypeIntOrStringForPB | No |
SecretKeySelector
See k8s.io.api.core.v1.SecretKeySelector.
Field | Type | Description | Required |
---|---|---|---|
localObjectReference | LocalObjectReference | No | |
key | string | No | |
optional | bool | No |
ServiceSpec
See k8s.io.api.core.v1.ServiceSpec.
Field | Type | Description | Required |
---|---|---|---|
ports | ServicePort[] | No | |
selector | map<string, string> | No | |
clusterIP | string | No | |
type | string | No | |
externalIPs | string[] | No | |
sessionAffinity | string | No | |
loadBalancerIP | string | No | |
loadBalancerSourceRanges | string[] | No | |
externalName | string | No | |
externalTrafficPolicy | string | No | |
healthCheckNodePort | int32 | No | |
publishNotReadyAddresses | bool | No | |
sessionAffinityConfig | SessionAffinityConfig | No |
ServicePort
See k8s.io.api.core.v1..
Field | Type | Description | Required |
---|---|---|---|
name | string | No | |
protocol | string | No | |
port | int32 | No | |
targetPort | TypeIntOrStringForPB | No | |
nodePort | int32 | No |
SessionAffinityConfig
See k8s.io.api.core.v1.SessionAffinityConfig.
Field | Type | Description | Required |
---|---|---|---|
clientIP | ClientIPConfig | No |
TCPSocketAction
See k8s.io.api.core.v1.TCPSocketAction.
Field | Type | Description | Required |
---|---|---|---|
port | TypeIntOrStringForPB | No | |
host | string | No |
Toleration
See k8s.io.api.core.v1.Toleration.
Field | Type | Description | Required |
---|---|---|---|
key | string | No | |
operator | string | No | |
value | string | No | |
effect | string | No | |
tolerationSeconds | int64 | No |
WeightedPodAffinityTerm
See k8s.io.api.core.v1.WeightedPodAffinityTerm.
Field | Type | Description | Required |
---|---|---|---|
weight | int32 | No | |
podAffinityTerm | PodAffinityTerm | No |
PodSecurityContext
See k8s.io.api.core.v1.PodSecurityContext.
Field | Type | Description | Required |
---|---|---|---|
seLinuxOptions | SELinuxOptions | No | |
runAsUser | int64 | No | |
runAsNonRoot | bool | No | |
supplementalGroups | int64[] | No | |
fsGroup | int64 | No | |
runAsGroup | int64 | No | |
sysctls | Sysctl[] | No | |
windowsOptions | WindowsSecurityContextOptions | No | |
fsGroupChangePolicy | string | No | |
seccompProfile | SeccompProfile | No |
SELinuxOptions
See k8s.io.api.core.v1.SELinuxOptions.
Field | Type | Description | Required |
---|---|---|---|
user | string | No | |
role | string | No | |
type | string | No | |
level | string | No |
Sysctl
See k8s.io.api.core.v1.Sysctl.
Field | Type | Description | Required |
---|---|---|---|
name | string | No | |
value | string | No |
WindowsSecurityContextOptions
See k8s.io.api.core.v1.WindowsSecurityContextOptions.
Field | Type | Description | Required |
---|---|---|---|
gmsaCredentialSpecName | string | No | |
gmsaCredentialSpec | string | No | |
runAsUserName | string | No |
SeccompProfile
See k8s.io.api.core.v1.SeccompProfile.
Field | Type | Description | Required |
---|---|---|---|
type | string | No | |
localhostProfile | string | No |
TypeInterface
Synthetic type for generating Go structs. GOTYPE: interface{}
TypeMapStringInterface
Synthetic type for generating Go structs. GOTYPE: map[string]interface{}
TypeIntOrStringForPB
Synthetic type for generating Go structs. GOTYPE: *IntOrStringForPB
TypeBoolValueForPB
Synthetic type for generating Go structs. GOTYPE: *BoolValueForPB
InstallStatus.VersionStatus
VersionStatus is the status and version of a component.
Field | Type | Description | Required |
---|---|---|---|
version | string | No | |
status | Status | No | |
error | string | No |
K8sObjectOverlay.PathValue
Field | Type | Description | Required |
---|---|---|---|
path | string | Path of the form a.[key1:value1].b.[:value2] Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value selector to identify a list element in a leaf list. All path intermediate nodes must exist. | No |
value | TypeInterface | Value to add, delete or replace. For add, the path should be a new leaf. For delete, value should be unset. For replace, path should reference an existing node. All values are strings but are converted into appropriate type based on schema. | No |
k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
Field | Type | Description | Required |
---|---|---|---|
matchLabels | map<string, string> | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. +optional | No |
matchExpressions | LabelSelectorRequirement[] | matchExpressions is a list of label selector requirements. The requirements are ANDed. +optional | No |
InstallStatus.Status
Status describes the current state of a component.
Name | Description |
---|---|
NONE | Component is not present. |
UPDATING | Component is being updated to a different version. |
RECONCILING | Controller has started but not yet completed reconciliation loop for the component. |
HEALTHY | Component is healthy. |
ERROR | Component is in an error state. |
ACTION_REQUIRED | Overall status only and would not be set as a component status. Action is needed from the user for reconciliation to proceed e.g. There are proxies still pointing to the control plane revision when try to remove an IstioOperator CR. |