IstioOperator Options 10 minute read
Configuration affecting Istio control plane installation version and shape.
IstioOperatorSpec IstioOperatorSpec defines the desired installed state of Istio components.
The spec is a used to define a customization of the default profile values that are supplied with each Istio release.
Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio
component values.
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
profile: default
hub: gcr.io/istio-testing
tag: latest
revision: 1-8-0
meshConfig:
accessLogFile: /dev/stdout
enableTracing: true
components:
egressGateways:
- name: istio-egressgateway
enabled: true
Field Type Description Required profile
string
Path or name for the profile e.g.
minimal (looks in profiles dir for a file called minimal.yaml) /tmp/istio/install/values/custom/custom-install.yaml (local file path) default profile is used if this field is unset.
No installPackagePath
string
Path for the install package. e.g.
/tmp/istio-installer/nightly (local file path) No hub
string
Root for docker image paths e.g. docker.io/istio
No tag
TypeInterface
Version tag for docker images e.g. 1.7.2
No namespace
string
Namespace to install control plane resources into. If unset, Istio will be installed into the same namespace
as the IstioOperator
CR. You must also set values.global.istioNamespace
if you wish to install Istio in
a custom namespace.
If you have enabled CNI, you must exclude this namespace by adding it to the list values.cni.excludeNamespaces
.
No revision
string
Identify the revision this installation is associated with.
This option is currently experimental.
No meshConfig
TypeMapStringInterface
Config used by control plane components internally.
No components
IstioComponentSetSpec
Kubernetes resource settings, enablement and component-specific settings that are not internal to the
component.
No values
TypeMapStringInterface
Overrides for default values.yaml
. This is a validated pass-through to Helm templates.
See the Helm installation options for schema details.
Anything that is available in IstioOperatorSpec
should be set above rather than using the passthrough. This
includes Kubernetes resource settings for components in KubernetesResourcesSpec
.
No unvalidatedValues
TypeMapStringInterface
Unvalidated overrides for default values.yaml
. Used for custom templates where new parameters are added.
No addonComponents
map<string, ExternalComponentSpec >
Deprecated.
Users should manage the installation of addon components on their own.
Refer to samples/addons for demo installation of addon components.
No
InstallStatus Observed state of IstioOperator
Field Type Description Required status
Status
Overall status of all components controlled by the operator.
If all components have status NONE
, overall status is NONE
. If all components are HEALTHY
, overall status is HEALTHY
. If one or more components are RECONCILING
and others are HEALTHY
, overall status is RECONCILING
. If one or more components are UPDATING
and others are HEALTHY
, overall status is UPDATING
. If components are a mix of RECONCILING
, UPDATING
and HEALTHY
, overall status is UPDATING
. If any component is in ERROR
state, overall status is ERROR
. If further action is needed for reconciliation to proceed, overall status is ACTION_REQUIRED
. No message
string
Optional message providing additional information about the existing overall status.
No componentStatus
map<string, VersionStatus >
Individual status of each component controlled by the operator. The map key is the name of the component.
No
IstioComponentSetSpec IstioComponentSpec defines the desired installed state of Istio components.
BaseComponentSpec Configuration for base component.
ComponentSpec Configuration for internal components.
Field Type Description Required enabled
TypeBoolValueForPB
Selects whether this component is installed.
No namespace
string
Namespace for the component.
No hub
string
Hub for the component (overrides top level hub setting).
No tag
TypeInterface
Tag for the component (overrides top level tag setting).
No spec
TypeInterface
Arbitrary install time configuration for the component.
No k8s
KubernetesResourcesSpec
Kubernetes resource spec.
No
ExternalComponentSpec Configuration for external components.
Field Type Description Required enabled
TypeBoolValueForPB
Selects whether this component is installed.
No namespace
string
Namespace for the component.
No spec
TypeInterface
Arbitrary install time configuration for the component.
No chartPath
string
Chart path for addon components.
No schema
Any
Optional schema to validate spec against.
No k8s
KubernetesResourcesSpec
Kubernetes resource spec.
No
GatewaySpec Configuration for gateways.
Field Type Description Required enabled
TypeBoolValueForPB
Selects whether this gateway is installed.
No namespace
string
Namespace for the gateway.
No name
string
Name for the gateway.
No label
map<string, string>
Labels for the gateway.
No hub
string
Hub for the component (overrides top level hub setting).
No tag
TypeInterface
Tag for the component (overrides top level tag setting).
No k8s
KubernetesResourcesSpec
Kubernetes resource spec.
No
KubernetesResourcesSpec KubernetesResourcesConfig is a common set of k8s resource configs for components.
K8sObjectOverlay Patch for an existing k8s resource.
Field Type Description Required apiVersion
string
Resource API version.
No kind
string
Resource kind.
No name
string
Name of resource.
Namespace is always the component namespace.
No patches
PathValue[]
List of patches to apply to resource.
No
Affinity See k8s.io.api.core.v1.Affinity.
ConfigMapKeySelector See k8s.io.api.core.v1.ConfigMapKeySelector.
ClientIPConfig See k8s.io.api.core.v1.ClientIPConfig.
Field Type Description Required timeoutSeconds
int32
No
CrossVersionObjectReference See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.
Field Type Description Required kind
string
No name
string
No apiVersion
string
No
DeploymentStrategy See k8s.io.api.apps.v1.DeploymentStrategy.
EnvVar See k8s.io.api.core.v1.EnvVar.
Field Type Description Required name
string
No value
string
No valueFrom
EnvVarSource
No
EnvVarSource See k8s.io.api.core.v1.EnvVarSource.
ExecAction See k8s.io.api.core.v1.ExecAction.
Field Type Description Required command
string[]
No
ExternalMetricSource See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.
HTTPGetAction See k8s.io.api.core.v1.HTTPGetAction.
See k8s.io.api.core.v1.HTTPHeader.
Field Type Description Required
HorizontalPodAutoscalerSpec See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.
LocalObjectReference See k8s.io.api.core.v1.LocalObjectReference.
Field Type Description Required name
string
No
MetricSpec See k8s.io.autoscaling.v2beta1.MetricSpec.
NodeAffinity See k8s.io.api.core.v1.NodeAffinity.
NodeSelector See k8s.io.api.core.v1.NodeSelector.
NodeSelectorTerm See k8s.io.api.core.v1.NodeSelectorTerm.
NodeSelectorRequirement See k8s.io.api.core.v1.NodeSelectorRequirement.
Field Type Description Required key
string
No operator
string
No values
string[]
No
ObjectFieldSelector See k8s.io.api.core.v1.ObjectFieldSelector.
Field Type Description Required apiVersion
string
No fieldPath
string
No
From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.
Field Type Description Required name
string
No namespace
string
No
ObjectMetricSource See k8s.io.autoscaling.v2beta1.ObjectMetricSource.
PodAffinity See k8s.io.api.core.v1.PodAffinity.
PodAntiAffinity See k8s.io.api.core.v1.PodAntiAffinity.
PodAffinityTerm See k8s.io.api.core.v1.PodAntiAffinity.
Field Type Description Required labelSelector
LabelSelector
No namespaces
string[]
No topologyKey
string
No
PodDisruptionBudgetSpec See k8s.io.api.policy.v1beta1.PodDisruptionBudget.
Field Type Description Required minAvailable
uint32
No selector
LabelSelector
No maxUnavailable
uint32
No
PodsMetricSource See k8s.io.api.core.v1.PodsMetricSource.
PreferredSchedulingTerm See k8s.io.api.core.v1.PreferredSchedulingTerm.
ReadinessProbe See k8s.io.api.core.v1.ReadinessProbe.
Field Type Description Required exec
ExecAction
No httpGet
HTTPGetAction
No tcpSocket
TCPSocketAction
No initialDelaySeconds
int32
No timeoutSeconds
int32
No periodSeconds
int32
No successThreshold
int32
No failureThreshold
int32
No
ResourceFieldSelector ResourceMetricSource See k8s.io.api.core.v1.ResourceMetricSource.
Field Type Description Required name
string
No targetAverageUtilization
int32
No targetAverageValue
TypeIntOrStringForPB
No
Resources See k8s.io.api.core.v1.ResourceRequirements.
Field Type Description Required limits
map<string, string>
No requests
map<string, string>
No
RollingUpdateDeployment See k8s.io.api.apps.v1.RollingUpdateDeployment.
SecretKeySelector See k8s.io.api.core.v1.SecretKeySelector.
ServiceSpec See k8s.io.api.core.v1.ServiceSpec.
Field Type Description Required ports
ServicePort[]
No selector
map<string, string>
No clusterIP
string
No type
string
No externalIPs
string[]
No sessionAffinity
string
No loadBalancerIP
string
No loadBalancerSourceRanges
string[]
No externalName
string
No externalTrafficPolicy
string
No healthCheckNodePort
int32
No publishNotReadyAddresses
bool
No sessionAffinityConfig
SessionAffinityConfig
No
ServicePort See k8s.io.api.core.v1..
Field Type Description Required name
string
No protocol
string
No port
int32
No targetPort
TypeIntOrStringForPB
No nodePort
int32
No
SessionAffinityConfig See k8s.io.api.core.v1.SessionAffinityConfig.
TCPSocketAction See k8s.io.api.core.v1.TCPSocketAction.
Toleration See k8s.io.api.core.v1.Toleration.
Field Type Description Required key
string
No operator
string
No value
string
No effect
string
No tolerationSeconds
int64
No
WeightedPodAffinityTerm See k8s.io.api.core.v1.WeightedPodAffinityTerm.
PodSecurityContext See k8s.io.api.core.v1.PodSecurityContext.
SELinuxOptions See k8s.io.api.core.v1.SELinuxOptions.
Field Type Description Required user
string
No role
string
No type
string
No level
string
No
Sysctl See k8s.io.api.core.v1.Sysctl.
Field Type Description Required name
string
No value
string
No
WindowsSecurityContextOptions See k8s.io.api.core.v1.WindowsSecurityContextOptions.
Field Type Description Required gmsaCredentialSpecName
string
No gmsaCredentialSpec
string
No runAsUserName
string
No
SeccompProfile See k8s.io.api.core.v1.SeccompProfile.
Field Type Description Required type
string
No localhostProfile
string
No
TypeInterface Synthetic type for generating Go structs.
GOTYPE: interface{}
TypeMapStringInterface Synthetic type for generating Go structs.
GOTYPE: map[string]interface{}
TypeIntOrStringForPB Synthetic type for generating Go structs.
GOTYPE: *IntOrStringForPB
TypeBoolValueForPB Synthetic type for generating Go structs.
GOTYPE: *BoolValueForPB
InstallStatus.VersionStatus VersionStatus is the status and version of a component.
Field Type Description Required version
string
No status
Status
No error
string
No
K8sObjectOverlay.PathValue Field Type Description Required path
string
Path of the form a.[key1:value1].b.[:value2]
Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value
selector to identify a list element in a leaf list.
All path intermediate nodes must exist.
No value
TypeInterface
Value to add, delete or replace.
For add, the path should be a new leaf.
For delete, value should be unset.
For replace, path should reference an existing node.
All values are strings but are converted into appropriate type based on schema.
No
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
Field Type Description Required matchLabels
map<string, string>
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is “key”, the
operator is “In”, and the values array contains only “value”. The requirements are ANDed.
+optional
No matchExpressions
LabelSelectorRequirement[]
matchExpressions is a list of label selector requirements. The requirements are ANDed.
+optional
No
InstallStatus.Status Status describes the current state of a component.
Name Description NONE
Component is not present.
UPDATING
Component is being updated to a different version.
RECONCILING
Controller has started but not yet completed reconciliation loop for the component.
HEALTHY
Component is healthy.
ERROR
Component is in an error state.
ACTION_REQUIRED
Overall status only and would not be set as a component status.
Action is needed from the user for reconciliation to proceed
e.g. There are proxies still pointing to the control plane revision when try to remove an IstioOperator
CR.