IstioOperator Options

Configuration affecting Istio control plane installation version and shape.

Resources

Mirrors k8s.io.api.core.v1.ResourceRequirements for unmarshaling.

FieldTypeDescriptionRequired
limitsmap<string, string>No
requestsmap<string, string>No

Affinity

Mirrors k8s.io.api.core.v1.

FieldTypeDescriptionRequired
nodeAffinityNodeAffinityNo
podAffinityPodAffinityNo
podAntiAffinityPodAntiAffinityNo

NodeAffinity

FieldTypeDescriptionRequired
requiredDuringSchedulingIgnoredDuringExecutionNodeSelectorNo
preferredDuringSchedulingIgnoredDuringExecutionPreferredSchedulingTerm[]No

NodeSelector

FieldTypeDescriptionRequired
nodeSelectorTermsNodeSelectorTerm[]No

NodeSelectorTerm

FieldTypeDescriptionRequired
matchExpressionsNodeSelectorRequirement[]No
matchFieldsNodeSelectorRequirement[]No

NodeSelectorRequirement

FieldTypeDescriptionRequired
keystringNo
operatorstringNo
valuesstring[]No

PodAffinity

FieldTypeDescriptionRequired
requiredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm[]No
preferredDuringSchedulingIgnoredDuringExecutionWeightedPodAffinityTerm[]No

PodAntiAffinity

FieldTypeDescriptionRequired
requiredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm[]No
preferredDuringSchedulingIgnoredDuringExecutionWeightedPodAffinityTerm[]No

PodAffinityTerm

FieldTypeDescriptionRequired
labelSelectorLabelSelectorNo
namespacesstring[]No
topologyKeystringNo

WeightedPodAffinityTerm

FieldTypeDescriptionRequired
weightint32No
podAffinityTermPodAffinityTermNo

PreferredSchedulingTerm

FieldTypeDescriptionRequired
weightint32No
preferenceNodeSelectorTermNo

ReadinessProbe

Mirrors k8s.io.api.core.v1.Probe for unmarshaling.

FieldTypeDescriptionRequired
execExecActionNo
httpGetHTTPGetActionNo
tcpSocketTCPSocketActionNo
initialDelaySecondsint32No
timeoutSecondsint32No
periodSecondsint32No
successThresholdint32No
failureThresholdint32No

ExecAction

Mirrors k8s.io.api.core.v1.ExecAction for unmarshaling.

FieldTypeDescriptionRequired
commandstring[]No

HTTPGetAction

Mirrors k8s.io.api.core.v1.HTTPGetAction for unmarshaling.

FieldTypeDescriptionRequired
pathstringNo
portTypeInterface_kubernetesNo
hoststringNo
schemestringNo
httpHeadersHTTPHeader[]No

HTTPHeader

Mirrors k8s.io.api.core.v1.HTTPHeader for unmarshaling.

FieldTypeDescriptionRequired
namestringNo
valuestringNo

TCPSocketAction

Mirrors k8s.io.api.core.v1.TCPSocketAction for unmarshaling.

FieldTypeDescriptionRequired
portTypeInterface_kubernetesNo
hoststringNo

PodDisruptionBudgetSpec

Mirrors k8s.io.api.policy.v1beta1.PodDisruptionBudget for unmarshaling.

FieldTypeDescriptionRequired
minAvailableuint32No
selectorLabelSelectorNo
maxUnavailableuint32No

DeploymentStrategy

Mirrors k8s.io.api.apps.v1.DeploymentStrategy for unmarshaling.

FieldTypeDescriptionRequired
typestringNo
rollingUpdateRollingUpdateDeploymentNo

RollingUpdateDeployment

Mirrors k8s.io.api.apps.v1.RollingUpdateDeployment for unmarshaling.

FieldTypeDescriptionRequired
maxUnavailableTypeInterface_kubernetesNo
maxSurgeTypeInterface_kubernetesNo

ObjectMeta

FieldTypeDescriptionRequired
namestring

From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.

No
namespacestringNo

EnvVar

FieldTypeDescriptionRequired
namestringNo
valuestringNo
valueFromEnvVarSourceNo

EnvVarSource

FieldTypeDescriptionRequired
fieldRefObjectFieldSelectorNo
resourceFieldRefResourceFieldSelectorNo
configMapKeyRefConfigMapKeySelectorNo
secretKeyRefSecretKeySelectorNo

ObjectFieldSelector

FieldTypeDescriptionRequired
apiVersionstringNo
fieldPathstringNo

ResourceFieldSelector

FieldTypeDescriptionRequired
containerNamestringNo
resourcestringNo
divisorQuantityNo

ConfigMapKeySelector

FieldTypeDescriptionRequired
localObjectReferenceLocalObjectReferenceNo
keystringNo
optionalboolNo

SecretKeySelector

FieldTypeDescriptionRequired
localObjectReferenceLocalObjectReferenceNo
keystringNo
optionalboolNo

LocalObjectReference

FieldTypeDescriptionRequired
namestringNo

ServiceSpec

FieldTypeDescriptionRequired
portsServicePort[]No
selectormap<string, string>No
clusterIPstringNo
typestringNo
externalIPsstring[]No
sessionAffinitystringNo
loadBalancerIPstringNo
loadBalancerSourceRangesstring[]No
externalNamestringNo
externalTrafficPolicystringNo
healthCheckNodePortint32No
publishNotReadyAddressesboolNo
sessionAffinityConfigSessionAffinityConfigNo

ServicePort

FieldTypeDescriptionRequired
namestringNo
protocolstringNo
portint32No
targetPortTypeInterface_kubernetesNo
nodePortint32No

SessionAffinityConfig

FieldTypeDescriptionRequired
clientIPClientIPConfigNo

ClientIPConfig

FieldTypeDescriptionRequired
timeoutSecondsint32No

HorizontalPodAutoscalerSpec

FieldTypeDescriptionRequired
scaleTargetRefCrossVersionObjectReferenceNo
minReplicasint32No
maxReplicasint32No
metricsMetricSpec[]No

CrossVersionObjectReference

FieldTypeDescriptionRequired
kindstringNo
namestringNo
apiVersionstringNo

MetricSpec

FieldTypeDescriptionRequired
typestringNo
objectObjectMetricSourceNo
podsPodsMetricSourceNo
resourceResourceMetricSourceNo
externalExternalMetricSourceNo

ObjectMetricSource

FieldTypeDescriptionRequired
targetCrossVersionObjectReferenceNo
metricNamestringNo
targetValueQuantityNo
selectorLabelSelectorNo
averageValueQuantityNo

PodsMetricSource

FieldTypeDescriptionRequired
metricNamestringNo
targetAverageValueQuantityNo
selectorLabelSelectorNo

ResourceMetricSource

FieldTypeDescriptionRequired
namestringNo
targetAverageUtilizationTypeInterface_kubernetesNo
targetAverageValueQuantityNo

ExternalMetricSource

FieldTypeDescriptionRequired
metricNamestringNo
metricSelectorLabelSelectorNo
targetValueQuantityNo
targetAverageValueQuantityNo

PodSecurityContext

See k8s.io.api.core.v1.PodSecurityContext.

FieldTypeDescriptionRequired
seLinuxOptionsSELinuxOptionsNo
runAsUserint64No
runAsNonRootboolNo
supplementalGroupsint64[]No
fsGroupint64No
runAsGroupint64No
sysctlsSysctl[]No
windowsOptionsWindowsSecurityContextOptionsNo
fsGroupChangePolicystringNo
seccompProfileSeccompProfileNo

SELinuxOptions

See k8s.io.api.core.v1.SELinuxOptions.

FieldTypeDescriptionRequired
userstringNo
rolestringNo
typestringNo
levelstringNo

Sysctl

See k8s.io.api.core.v1.Sysctl.

FieldTypeDescriptionRequired
namestringNo
valuestringNo

WindowsSecurityContextOptions

See k8s.io.api.core.v1.WindowsSecurityContextOptions.

FieldTypeDescriptionRequired
gmsaCredentialSpecNamestringNo
gmsaCredentialSpecstringNo
runAsUserNamestringNo

SeccompProfile

See k8s.io.api.core.v1.SeccompProfile.

FieldTypeDescriptionRequired
typestringNo
localhostProfilestringNo

TypeIntOrStringForPB

GOTYPE: *IntOrStringForPB

TypeInterface_kubernetes

GOTYPE: interface{}

k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.

FieldTypeDescriptionRequired
matchLabelsmap<string, string>

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. +optional

No
matchExpressionsLabelSelectorRequirement[]

matchExpressions is a list of label selector requirements. The requirements are ANDed. +optional

No

k8s.io.apimachinery.pkg.api.resource.Quantity

Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors.

The serialization format is:

::= (Note that may be empty, from the “” case in .) ::= 0 | 1 | … | 9 ::= | ::= | . | . | . ::= “+” | “-” ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) ::= m | “” | k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn’t choose the capitalization.) ::= “e” | “E”

No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.

When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.

Before serializing, Quantity will be put in “canonical form”. This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: a. No precision is lost b. No fractional digits will be emitted c. The exponent (or suffix) is as large as possible. The sign will be omitted unless the number is negative.

Examples: 1.5 will be serialized as “1500m” 1.5Gi will be serialized as “1536Mi”

Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.

Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don’t diff.)

This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.

+protobuf=true +protobuf.embed=string +protobuf.options.marshal=false +protobuf.options.(gogoproto.goproto_stringer)=false +k8s:deepcopy-gen=true +k8s:openapi-gen=true

FieldTypeDescriptionRequired
stringstringNo

IstioComponentSetSpec

IstioComponentSpec defines the desired installed state of Istio components.

FieldTypeDescriptionRequired
baseBaseComponentSpecNo
pilotComponentSpecNo
proxyComponentSpecNo
sidecarInjectorComponentSpecNo
policyComponentSpecNo
telemetryComponentSpecNo
citadelComponentSpecNo
nodeAgentComponentSpecNo
galleyComponentSpecNo
cniComponentSpecNo
istiodRemoteComponentSpecNo
ingressGatewaysGatewaySpec[]No
egressGatewaysGatewaySpec[]No

BaseComponentSpec

Configuration for base component.

FieldTypeDescriptionRequired
enabledTypeBoolValueForPB

Selects whether this component is installed.

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

ComponentSpec

Configuration for internal components.

FieldTypeDescriptionRequired
enabledTypeBoolValueForPB

Selects whether this component is installed.

No
namespacestring

Namespace for the component.

No
hubstring

Hub for the component (overrides top level hub setting).

No
tagTypeInterface

Tag for the component (overrides top level tag setting).

No
specTypeInterface

Arbitrary install time configuration for the component.

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

ExternalComponentSpec

Configuration for external components.

FieldTypeDescriptionRequired
enabledTypeBoolValueForPB

Selects whether this component is installed.

No
namespacestring

Namespace for the component.

No
specTypeInterface

Arbitrary install time configuration for the component.

No
chartPathstring

Chart path for addon components.

No
schemaAny

Optional schema to validate spec against.

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

GatewaySpec

Configuration for gateways.

FieldTypeDescriptionRequired
enabledTypeBoolValueForPB

Selects whether this gateway is installed.

No
namespacestring

Namespace for the gateway.

No
namestring

Name for the gateway.

No
labelmap<string, string>

Labels for the gateway.

No
hubstring

Hub for the component (overrides top level hub setting).

No
tagTypeInterface

Tag for the component (overrides top level tag setting).

No
k8sKubernetesResourcesSpec

Kubernetes resource spec.

No

KubernetesResourcesSpec

KubernetesResourcesConfig is a common set of k8s resource configs for components.

FieldTypeDescriptionRequired
affinityAffinity

k8s affinity. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

No
envEnvVar[]

Deployment environment variables. https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/

No
hpaSpecHorizontalPodAutoscalerSpec

k8s HorizontalPodAutoscaler settings. https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

No
imagePullPolicystring

k8s imagePullPolicy. https://kubernetes.io/docs/concepts/containers/images/

No
nodeSelectormap<string, string>

k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector

No
podDisruptionBudgetPodDisruptionBudgetSpec

k8s PodDisruptionBudget settings. https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#how-disruption-budgets-work

No
podAnnotationsmap<string, string>

k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

No
priorityClassNamestring

k8s priorityclassname. Default for all resources unless overridden. https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass

No
readinessProbeReadinessProbe

k8s readinessProbe settings. https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ k8s.io.api.core.v1.Probe readiness_probe = 9;

No
replicaCountuint32

k8s Deployment replicas setting. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

No
resourcesResources

k8s resources settings. https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container

No
serviceServiceSpec

k8s Service settings. https://kubernetes.io/docs/concepts/services-networking/service/

No
strategyDeploymentStrategy

k8s deployment strategy. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

No
tolerationsToleration[]

k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

No
serviceAnnotationsmap<string, string>

k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

No
securityContextPodSecurityContext

k8s pod security context https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

No
overlaysK8sObjectOverlay[]

Overlays for k8s resources in rendered manifests.

No

K8sObjectOverlay

Patch for an existing k8s resource.

FieldTypeDescriptionRequired
apiVersionstring

Resource API version.

No
kindstring

Resource kind.

No
namestring

Name of resource. Namespace is always the component namespace.

No
patchesPathValue[]

List of patches to apply to resource.

No

TypeMapStringInterface

GOTYPE: map[string]interface{}

TypeInterface

GOTYPE: interface{}

TypeBoolValueForPB

GOTYPE: *BoolValueForPB

K8sObjectOverlay.PathValue

FieldTypeDescriptionRequired
pathstring

Path of the form a.[key1:value1].b.[:value2] Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value selector to identify a list element in a leaf list. All path intermediate nodes must exist.

No
valueTypeInterface

Value to add, delete or replace. For add, the path should be a new leaf. For delete, value should be unset. For replace, path should reference an existing node. All values are strings but are converted into appropriate type based on schema.

No

k8s.io.api.core.v1.Toleration

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.

FieldTypeDescriptionRequired
keystring

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +optional

No
operatorstring

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +optional

No
valuestring

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. +optional

No
effectstring

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +optional

No
tolerationSecondsint64

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +optional

No

IstioOperatorSpec

IstioOperatorSpec defines the desired installed state of Istio components. The spec is a used to define a customization of the default profile values that are supplied with each Istio release. Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio component values.

FieldTypeDescriptionRequired
profilestring

Path or name for the profile e.g. - minimal (looks in profiles dir for a file called minimal.yaml) - /tmp/istio/install/values/custom/custom-install.yaml (local file path) default profile is used if this field is unset.

No
installPackagePathstring

Path for the install package. e.g. - /tmp/istio-installer/nightly (local file path)

No
hubstring

Root for docker image paths e.g. docker.io/istio

No
tagTypeInterface2

Version tag for docker images e.g. 1.0.6

No
namespacestring

Namespace to install control plane resources into. If unset, Istio will be installed into the same namespace as the IstioOperator CR.

No
revisionstring

Identify the revision this installation is associated with. This option is currently experimental.

No
meshConfigTypeMapStringInterface2

Config used by control plane components internally.

No
componentsIstioComponentSetSpec

Kubernetes resource settings, enablement and component-specific settings that are not internal to the component.

No
addonComponentsmap<string, ExternalComponentSpec>

Extra addon components which are not explicitly specified above.

No
valuesTypeMapStringInterface2

Overrides for default values.yaml. This is a validated pass-through to Helm templates. See the Helm installation options for schema details: https://istio.io/docs/reference/config/installation-options/. Anything that is available in IstioOperatorSpec should be set above rather than using the passthrough. This includes Kubernetes resource settings for components in KubernetesResourcesSpec.

No
unvalidatedValuesTypeMapStringInterface2

Unvalidated overrides for default values.yaml. Used for custom templates where new parameters are added.

No

InstallStatus

Observed state of IstioOperator

FieldTypeDescriptionRequired
statusStatus

Overall status of all components controlled by the operator. - If all components have status NONE, overall status is NONE. - If all components are HEALTHY, overall status is HEALTHY. - If one or more components are RECONCILING and others are HEALTHY, overall status is RECONCILING. - If one or more components are UPDATING and others are HEALTHY, overall status is UPDATING. - If components are a mix of RECONCILING, UPDATING and HEALTHY, overall status is UPDATING. - If any component is in ERROR state, overall status is ERROR.

No
componentStatusmap<string, VersionStatus>

Individual status of each component controlled by the operator. The map key is the name of the component.

No

TypeMapStringInterface2

This is required because synthetic type definition has file rather than package scope. GOTYPE: map[string]interface{}

TypeInterface2

GOTYPE: interface{}

InstallStatus.VersionStatus

VersionStatus is the status and version of a component.

FieldTypeDescriptionRequired
versionstringNo
statusStatusNo
errorstringNo

InstallStatus.Status

Status describes the current state of a component.

NameDescription
NONE

Component is not present.

UPDATING

Component is being updated to a different version.

RECONCILING

Controller has started but not yet completed reconciliation loop for the component.

HEALTHY

Component is healthy.

ERROR

Component is in an error state.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!