IstioOperator Options

IstioOperatorSpec defines the desired installed state of Istio components. The spec is a used to define a customization of the default profile values that are supplied with each Istio release. Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio component values.

InstallStatus

Observed state of IstioOperator

Field Type Description Required

Field	Type	Description	Required
`status`		Overall status of all components controlled by the operator. If all components have status `NONE`, overall status is `NONE`. If all components are `HEALTHY`, overall status is `HEALTHY`. If one or more components are `RECONCILING` and others are `HEALTHY`, overall status is `RECONCILING`. If one or more components are `UPDATING` and others are `HEALTHY`, overall status is `UPDATING`. If components are a mix of `RECONCILING`, `UPDATING` and `HEALTHY`, overall status is `UPDATING`. If any component is in `ERROR` state, overall status is `ERROR`. If further action is needed for reconciliation to proceed, overall status is `ACTION_REQUIRED`.	No
`message`	`string`	Optional message providing additional information about the existing overall status.	No
`componentStatus`	`map<string, VersionStatus>`	Individual status of each component controlled by the operator. The map key is the name of the component.	No

status

Overall status of all components controlled by the operator.

If all components have status NONE, overall status is NONE.
If all components are HEALTHY, overall status is HEALTHY.
If one or more components are RECONCILING and others are HEALTHY, overall status is RECONCILING.
If one or more components are UPDATING and others are HEALTHY, overall status is UPDATING.
If components are a mix of RECONCILING, UPDATING and HEALTHY, overall status is UPDATING.
If any component is in ERROR state, overall status is ERROR.
If further action is needed for reconciliation to proceed, overall status is ACTION_REQUIRED.

message

string

Optional message providing additional information about the existing overall status.

componentStatus

map<string, VersionStatus>

Individual status of each component controlled by the operator. The map key is the name of the component.

IstioComponentSetSpec

IstioComponentSpec defines the desired installed state of Istio components.

Field	Type	Required
`base`	`BaseComponentSpec`	No
`pilot`		No
`cni`	`ComponentSpec`	No
`istiodRemote`		No
`ingressGateways`	`GatewaySpec[]`	No
`egressGateways`		No

BaseComponentSpec

Configuration for base component.

Field	Type	Description	Required
`enabled`		Selects whether this component is installed.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

ComponentSpec

Configuration for internal components.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether this component is installed.	No
`namespace`	`string`	Namespace for the component.	No
`hub`	`string`	Hub for the component (overrides top level hub setting).	No
`tag`		Tag for the component (overrides top level tag setting).	No
`spec`	`TypeInterface`	Arbitrary install time configuration for the component.	No
`k8s`		Kubernetes resource spec.	No

ExternalComponentSpec

Configuration for external components.

Field	Type	Description	Required
`enabled`		Selects whether this component is installed.	No
`namespace`	`string`	Namespace for the component.	No
`spec`	`TypeInterface`	Arbitrary install time configuration for the component.	No
`chartPath`	`string`	Chart path for addon components.	No
`schema`		Optional schema to validate spec against.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

GatewaySpec

Configuration for gateways.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether this gateway is installed.	No
`namespace`	`string`	Namespace for the gateway.	No
`name`	`string`	Name for the gateway.	No
`label`	`map<string, string>`	Labels for the gateway.	No
`hub`	`string`	Hub for the component (overrides top level hub setting).	No
`tag`			No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

KubernetesResourcesSpec

KubernetesResourcesConfig is a common set of k8s resource configs for components.

Field	Type	Description	Required
`affinity`	`Affinity`	k8s affinity.	No
`env`	`EnvVar[]`	Deployment environment variables.	No
`hpaSpec`	`HorizontalPodAutoscalerSpec`	k8s HorizontalPodAutoscaler settings.	No
`imagePullPolicy`	`string`	k8s imagePullPolicy. https://kubernetes.io/docs/concepts/containers/images/	No
`nodeSelector`	`map<string, string>`	k8s nodeSelector.	No
`podDisruptionBudget`	`PodDisruptionBudgetSpec`	k8s PodDisruptionBudget settings.	No
`podAnnotations`	`map<string, string>`	k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/	No
`priorityClassName`	`string`	k8s priorityclassname. Default for all resources unless overridden.	No
`readinessProbe`	`ReadinessProbe`	k8s readinessProbe settings. k8s.io.api.core.v1.Probe readiness_probe = 9;	No
`replicaCount`	`uint32`	k8s Deployment replicas setting. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/	No
`resources`		k8s resources settings. https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container	No
`service`		k8s Service settings. https://kubernetes.io/docs/concepts/services-networking/service/	No
`strategy`		k8s deployment strategy. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/	No
`tolerations`		k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/	No
`serviceAnnotations`	`map<string, string>`	k8s service annotations.	No
`securityContext`	`PodSecurityContext`	k8s pod security context	No
`overlays`	`K8sObjectOverlay[]`	Overlays for k8s resources in rendered manifests.	No

K8sObjectOverlay

Patch for an existing k8s resource.

Field	Type	Description	Required
`apiVersion`	`string`	Resource API version.	No
`kind`	`string`	Resource kind.	No
`name`	`string`	Name of resource. Namespace is always the component namespace.	No
`patches`	`PathValue[]`	List of patches to apply to resource.	No

Affinity

See k8s.io.api.core.v1.Affinity.

Field	Type	Required
`nodeAffinity`	`NodeAffinity`	No
`podAffinity`		No
`podAntiAffinity`		No

ConfigMapKeySelector

See k8s.io.api.core.v1.ConfigMapKeySelector.

Field	Type	Required
`localObjectReference`		No
`key`	`string`	No
`optional`	`bool`	No

ClientIPConfig

See k8s.io.api.core.v1.ClientIPConfig.

Field	Type	Description	Required
`timeoutSeconds`	`int32`		No

CrossVersionObjectReference

See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.

Field	Type	Required
`kind`	`string`	No
`name`	`string`	No
`apiVersion`	`string`	No

DeploymentStrategy

See k8s.io.api.apps.v1.DeploymentStrategy.

Field	Type	Description	Required
`type`	`string`		No
`rollingUpdate`			No

EnvVar

See k8s.io.api.core.v1.EnvVar.

Field	Type	Required
`name`	`string`	No
`value`	`string`	No
`valueFrom`		No

EnvVarSource

See k8s.io.api.core.v1.EnvVarSource.

Field	Type	Required
`fieldRef`		No
`resourceFieldRef`	`ResourceFieldSelector`	No
`configMapKeyRef`		No
`secretKeyRef`	`SecretKeySelector`	No

ExecAction

See k8s.io.api.core.v1.ExecAction.

Field	Type	Description	Required
`command`	`string[]`		No

ExternalMetricSource

See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.

Field	Type	Required
`metricName`	`string`	No
`metricSelector`		No
`targetValue`	`TypeIntOrStringForPB`	No
`targetAverageValue`		No

HTTPGetAction

See k8s.io.api.core.v1.HTTPGetAction.

Field	Type	Required
`path`	`string`	No
`port`		No
`host`	`string`	No
`scheme`	`string`	No
`httpHeaders`	`HTTPHeader[]`	No

HTTPHeader

See k8s.io.api.core.v1.HTTPHeader.

See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.

Field	Type	Required
`scaleTargetRef`	`CrossVersionObjectReference`	No
`minReplicas`	`int32`	No
`maxReplicas`	`int32`	No
`metrics`		No

LocalObjectReference

See k8s.io.api.core.v1.LocalObjectReference.

Field	Type	Description	Required
`name`	`string`		No

MetricSpec

See k8s.io.autoscaling.v2beta1.MetricSpec.

Field	Type	Required
`type`	`string`	No
`object`	`ObjectMetricSource`	No
`pods`		No
`resource`	`ResourceMetricSource`	No
`external`		No

NodeAffinity

See k8s.io.api.core.v1.NodeAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`			No
`preferredDuringSchedulingIgnoredDuringExecution`	`PreferredSchedulingTerm[]`		No

NodeSelector

See k8s.io.api.core.v1.NodeSelector.

Field	Type	Description	Required
`nodeSelectorTerms`	`NodeSelectorTerm[]`		No

NodeSelectorTerm

See k8s.io.api.core.v1.NodeSelectorTerm.

Field	Type	Description	Required
`matchExpressions`	`NodeSelectorRequirement[]`		No
`matchFields`			No

NodeSelectorRequirement

Field	Type	Required
`key`	`string`	No
`operator`	`string`	No
`values`	`string[]`	No

ObjectFieldSelector

See k8s.io.api.core.v1.ObjectFieldSelector.

Field	Type	Description	Required
`apiVersion`	`string`		No
`fieldPath`	`string`		No

ObjectMeta

From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.

Field	Type	Description	Required
`name`	`string`		No
`namespace`	`string`		No

ObjectMetricSource

See k8s.io.autoscaling.v2beta1.ObjectMetricSource.

Field	Type	Required
`target`	`CrossVersionObjectReference`	No
`metricName`	`string`	No
`targetValue`		No
`selector`	`LabelSelector`	No
`averageValue`		No

PodAffinity

See k8s.io.api.core.v1.PodAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`			No
`preferredDuringSchedulingIgnoredDuringExecution`	`WeightedPodAffinityTerm[]`		No

PodAntiAffinity

See k8s.io.api.core.v1.PodAntiAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`	`PodAffinityTerm[]`		No
`preferredDuringSchedulingIgnoredDuringExecution`			No

PodAffinityTerm

See k8s.io.api.core.v1.PodAntiAffinity.

Field	Type	Required
`labelSelector`		No
`namespaces`	`string[]`	No
`topologyKey`	`string`	No

PodDisruptionBudgetSpec

See k8s.io.api.policy.v1beta1.PodDisruptionBudget.

Field	Type	Required
`minAvailable`	`uint32`	No
`selector`		No
`maxUnavailable`	`uint32`	No

PodsMetricSource

See k8s.io.api.core.v1.PodsMetricSource.

Field	Type	Required
`metricName`	`string`	No
`targetAverageValue`		No
`selector`	`LabelSelector`	No

PreferredSchedulingTerm

See k8s.io.api.core.v1.PreferredSchedulingTerm.

Field	Type	Description	Required
`weight`	`int32`		No
`preference`	`NodeSelectorTerm`		No

ReadinessProbe

See k8s.io.api.core.v1.ReadinessProbe.

Field	Type	Required
`exec`	`ExecAction`	No
`httpGet`		No
`tcpSocket`	`TCPSocketAction`	No
`initialDelaySeconds`	`int32`	No
	`int32`	No
`periodSeconds`	`int32`	No
`successThreshold`	`int32`	No
`failureThreshold`	`int32`	No

ResourceFieldSelector

See k8s.io.api.core.v1..

Field	Type	Required
`containerName`	`string`	No
`resource`	`string`	No
`divisor`	`TypeIntOrStringForPB`	No

ResourceMetricSource

See k8s.io.api.core.v1.ResourceMetricSource.

Resources

See k8s.io.api.core.v1.ResourceRequirements.

Field	Type	Description	Required
`limits`	`map<string, string>`		No
`requests`	`map<string, string>`		No

See k8s.io.api.apps.v1.RollingUpdateDeployment.

Field	Type	Description	Required
`maxUnavailable`			No
`maxSurge`	`TypeIntOrStringForPB`		No

SecretKeySelector

See k8s.io.api.core.v1.SecretKeySelector.

Field	Type	Required
`localObjectReference`	`LocalObjectReference`	No
`key`	`string`	No
`optional`	`bool`	No

ServiceSpec

See k8s.io.api.core.v1.ServiceSpec.

Field	Type	Required
`ports`	`ServicePort[]`	No
`selector`	`map<string, string>`	No
`clusterIP`	`string`	No
`type`	`string`	No
`externalIPs`	`string[]`	No
`sessionAffinity`	`string`	No
`loadBalancerIP`	`string`	No
`loadBalancerSourceRanges`	`string[]`	No
`externalName`	`string`	No
`externalTrafficPolicy`	`string`	No
`healthCheckNodePort`	`int32`	No
`publishNotReadyAddresses`	`bool`	No
`sessionAffinityConfig`		No

ServicePort

See k8s.io.api.core.v1..

Field	Type	Required
`name`	`string`	No
`protocol`	`string`	No
`port`	`int32`	No
`targetPort`		No
`nodePort`	`int32`	No

SessionAffinityConfig

See k8s.io.api.core.v1.SessionAffinityConfig.

Field	Type	Description	Required
`clientIP`			No

TCPSocketAction

See k8s.io.api.core.v1.TCPSocketAction.

Field	Type	Description	Required
`port`			No
`host`	`string`		No

Toleration

See k8s.io.api.core.v1.Toleration.

Field	Type	Required
`key`	`string`	No
`operator`	`string`	No
`value`	`string`	No
`effect`	`string`	No
`tolerationSeconds`	`int64`	No

WeightedPodAffinityTerm

See k8s.io.api.core.v1.WeightedPodAffinityTerm.

Field	Type	Description	Required
`weight`	`int32`		No
`podAffinityTerm`	`PodAffinityTerm`		No

PodSecurityContext

See k8s.io.api.core.v1.PodSecurityContext.

Field	Type	Required
`seLinuxOptions`	`SELinuxOptions`	No
`runAsUser`	`int64`	No
`runAsNonRoot`	`bool`	No
`supplementalGroups`	`int64[]`	No
`fsGroup`	`int64`	No
`runAsGroup`	`int64`	No
`sysctls`		No
`windowsOptions`	`WindowsSecurityContextOptions`	No
`fsGroupChangePolicy`	`string`	No
`seccompProfile`		No

SELinuxOptions

See k8s.io.api.core.v1.SELinuxOptions.

Field	Type	Required
`user`	`string`	No
`role`	`string`	No
`type`	`string`	No
`level`	`string`	No

Sysctl

See k8s.io.api.core.v1.Sysctl.

Field	Type	Description	Required
`name`	`string`		No
`value`	`string`		No

WindowsSecurityContextOptions

See k8s.io.api.core.v1.WindowsSecurityContextOptions.

Field	Type	Required
`gmsaCredentialSpecName`	`string`	No
`gmsaCredentialSpec`	`string`	No
`runAsUserName`	`string`	No

SeccompProfile

See k8s.io.api.core.v1.SeccompProfile.

Field	Type	Description	Required
`type`	`string`		No
`localhostProfile`	`string`		No

TypeInterface

Synthetic type for generating Go structs. GOTYPE: interface{}

TypeMapStringInterface

Synthetic type for generating Go structs. GOTYPE: map[string]interface{}

TypeIntOrStringForPB

Synthetic type for generating Go structs. GOTYPE: *IntOrStringForPB

TypeBoolValueForPB

Synthetic type for generating Go structs. GOTYPE: *BoolValueForPB

InstallStatus.VersionStatus

VersionStatus is the status and version of a component.

Field	Type	Required
`version`	`string`	No
`status`		No
`error`	`string`	No

K8sObjectOverlay.PathValue

Field	Type	Description	Required
`path`	`string`	Path of the form a.[key1:value1].b.[:value2] Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value selector to identify a list element in a leaf list. All path intermediate nodes must exist.	No
`value`		Value to add, delete or replace. For add, the path should be a new leaf. For delete, value should be unset. For replace, path should reference an existing node. All values are strings but are converted into appropriate type based on schema.	No

k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.

Field	Type	Description	Required
`matchLabels`	`map<string, string>`	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. +optional	No
`matchExpressions`		matchExpressions is a list of label selector requirements. The requirements are ANDed. +optional	No

Status describes the current state of a component.

Name	Description
`NONE`	Component is not present.
`UPDATING`	Component is being updated to a different version.
`RECONCILING`	Controller has started but not yet completed reconciliation loop for the component.
`HEALTHY`	Component is healthy.
`ERROR`
	Overall status only and would not be set as a component status. Action is needed from the user for reconciliation to proceed e.g. There are proxies still pointing to the control plane revision when try to remove an `IstioOperator` CR.