IstioOperator Options

IstioOperatorSpec defines the desired installed state of Istio components. The spec is a used to define a customization of the default profile values that are supplied with each Istio release. Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio component values.

InstallStatus

Observed state of IstioOperator

Field Type Description Required

Field	Type	Description	Required
`status`		Overall status of all components controlled by the operator. If all components have status `NONE`, overall status is `NONE`. If all components are `HEALTHY`, overall status is `HEALTHY`. If one or more components are `RECONCILING` and others are `HEALTHY`, overall status is `RECONCILING`. If one or more components are `UPDATING` and others are `HEALTHY`, overall status is `UPDATING`. If components are a mix of `RECONCILING`, `UPDATING` and `HEALTHY`, overall status is `UPDATING`. If any component is in `ERROR` state, overall status is `ERROR`.	No
`message`	`string`	Optional message providing additional information about the existing overall status.	No
`componentStatus`	`map<string, VersionStatus>`	Individual status of each component controlled by the operator. The map key is the name of the component.	No

status

Overall status of all components controlled by the operator.

If all components have status NONE, overall status is NONE.
If all components are HEALTHY, overall status is HEALTHY.
If one or more components are RECONCILING and others are HEALTHY, overall status is RECONCILING.
If one or more components are UPDATING and others are HEALTHY, overall status is UPDATING.
If components are a mix of RECONCILING, UPDATING and HEALTHY, overall status is UPDATING.
If any component is in ERROR state, overall status is ERROR.

message

string

Optional message providing additional information about the existing overall status.

componentStatus

map<string, VersionStatus>

Individual status of each component controlled by the operator. The map key is the name of the component.

IstioComponentSetSpec

IstioComponentSpec defines the desired installed state of Istio components.

Field	Type	Description	Required
`base`	`BaseComponentSpec`		No
`pilot`			No
`cni`	`ComponentSpec`		No
`istiodRemote`		Remote cluster using an external control plane.	No
`ingressGateways`	`GatewaySpec[]`		No
`egressGateways`			No

BaseComponentSpec

Configuration for base component.

Field	Type	Description	Required
`enabled`		Selects whether this component is installed.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

ComponentSpec

Configuration for internal components.

Field	Type	Description	Required
`enabled`	`BoolValue`	Selects whether this component is installed.	No
`namespace`	`string`	Namespace for the component.	No
`hub`	`string`	Hub for the component (overrides top level hub setting).	No
`tag`		Tag for the component (overrides top level tag setting).	No
`spec`	`Struct`	Arbitrary install time configuration for the component.	No
`k8s`		Kubernetes resource spec.	No

ExternalComponentSpec

Configuration for external components.

Field	Type	Description	Required
`enabled`		Selects whether this component is installed.	No
`namespace`	`string`	Namespace for the component.	No
`spec`	`Struct`	Arbitrary install time configuration for the component.	No
`chartPath`	`string`	Chart path for addon components.	No
`schema`		Optional schema to validate spec against.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

GatewaySpec

Configuration for gateways.

Field	Type	Description	Required
`enabled`	`BoolValue`	Selects whether this gateway is installed.	No
`namespace`	`string`	Namespace for the gateway.	No
`name`	`string`	Name for the gateway.	No
`label`	`map<string, string>`	Labels for the gateway.	No
`hub`	`string`	Hub for the component (overrides top level hub setting).	No
`tag`		Tag for the component (overrides top level tag setting).	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

KubernetesResourcesSpec

KubernetesResourcesConfig is a common set of k8s resource configs for components.

Field	Type	Description	Required
`affinity`	`Affinity`	k8s affinity.	No
`env`	`EnvVar[]`	Deployment environment variables.	No
`hpaSpec`	`HorizontalPodAutoscalerSpec`	k8s HorizontalPodAutoscaler settings.	No
`imagePullPolicy`	`string`	k8s imagePullPolicy. https://kubernetes.io/docs/concepts/containers/images/	No
`nodeSelector`	`map<string, string>`	k8s nodeSelector.	No
`podDisruptionBudget`	`PodDisruptionBudgetSpec`	k8s PodDisruptionBudget settings.	No
`podAnnotations`	`map<string, string>`	k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/	No
`priorityClassName`	`string`		No
`readinessProbe`		k8s readinessProbe settings. https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ k8s.io.api.core.v1.Probe readiness_probe = 9;	No
`replicaCount`	`uint32`	k8s Deployment replicas setting.	No
`resources`	`Resources`	k8s resources settings.	No
`service`	`ServiceSpec`	k8s Service settings.	No
`strategy`	`DeploymentStrategy`	k8s deployment strategy.	No
`tolerations`	`Toleration[]`	k8s toleration	No
`serviceAnnotations`	`map<string, string>`	k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/	No
`securityContext`		k8s pod security context https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod	No
`volumes`		k8s volume https://kubernetes.io/docs/concepts/storage/volumes/ Volumes defines the collection of Volume to inject into the pod.	No
`volumeMounts`		k8s volumeMounts VolumeMounts defines the collection of VolumeMount to inject into containers.	No
`overlays`	`K8sObjectOverlay[]`	Overlays for k8s resources in rendered manifests.	No

K8sObjectOverlay

Patch for an existing k8s resource.

Field	Type	Description	Required
`apiVersion`	`string`	Resource API version.	No
`kind`	`string`	Resource kind.	No
`name`	`string`	Name of resource. Namespace is always the component namespace.	No
`patches`	`PathValue[]`	List of patches to apply to resource.	No

Affinity

See k8s.io.api.core.v1.Affinity.

Field	Type	Required
`nodeAffinity`	`NodeAffinity`	No
`podAffinity`		No
`podAntiAffinity`	`PodAntiAffinity`	No

ConfigMapKeySelector

See k8s.io.api.core.v1.ConfigMapKeySelector.

Field	Type	Required
`localObjectReference`	`LocalObjectReference`	No
`key`	`string`	No
`optional`	`bool`	No

ContainerResourceMetricSource

See k8s.io.api.autoscaling.v2beta2.ContainerResourceMetricSource.

Field	Type	Required
`name`	`string`	No
`target`	`MetricTarget`	No
`container`	`string`	No

ContainerResourceMetricStatus

See k8s.io.api.autoscaling.v2beta2.ContainerResourceMetricStatus.

Field	Type	Required
`name`	`string`	No
`current`	`MetricValueStatus`	No
`container`	`string`	No

ClientIPConfig

See k8s.io.api.core.v1.ClientIPConfig.

Field	Type	Description	Required
`timeoutSeconds`	`int32`		No

CrossVersionObjectReference

See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.

Field	Type	Required
`kind`	`string`	No
`name`	`string`	No
`apiVersion`	`string`	No

DeploymentStrategy

See k8s.io.api.apps.v1.DeploymentStrategy.

Field	Type	Description	Required
`type`	`string`		No
`rollingUpdate`	`RollingUpdateDeployment`		No

EnvVar

See k8s.io.api.core.v1.EnvVar.

Field	Type	Required
`name`	`string`	No
`value`	`string`	No
	`EnvVarSource`	No

EnvVarSource

See k8s.io.api.core.v1.EnvVarSource.

Field	Type	Required
`fieldRef`	`ObjectFieldSelector`	No
`resourceFieldRef`		No
`configMapKeyRef`	`ConfigMapKeySelector`	No
`secretKeyRef`		No

ExecAction

See k8s.io.api.core.v1.ExecAction.

Field	Type	Description	Required
`command`	`string[]`		No

ExternalMetricSource

See k8s.io.api.autoscaling.v2beta2.ExternalMetricSource.

Field	Type	Required
`metric`	`MetricIdentifier`	No
`target`		No
`metricName`	`string`	No
`metricSelector`	`LabelSelector`	No
`targetValue`		No
`targetAverageValue`	`IntOrString`	No

ExternalMetricStatus

See k8s.io.autoscaling.v2beta2.ExternalMetricStatus.

Field	Type	Description	Required
`metric`	`MetricIdentifier`		No
`current`			No

HTTPGetAction

See k8s.io.api.core.v1.HTTPGetAction.

Field	Type	Required
`path`	`string`	No
`port`		No
`host`	`string`	No
`scheme`	`string`	No
`httpHeaders`	`HTTPHeader[]`	No

HTTPHeader

See k8s.io.api.core.v1.HTTPHeader.

Field	Type	Description	Required
`name`	`string`		No
`value`	`string`		No

HorizontalPodAutoscalerSpec

See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.

Field	Type	Required
`scaleTargetRef`		No
`minReplicas`	`int32`	No
`maxReplicas`	`int32`	No
`metrics`	`MetricSpec[]`	No
`behavior`		No

See k8s.io.autoscaling.v2beta2.HorizontalPodAutoScalerBehavior.

HPAScalingRules

See k8s.io.autoscaling.v2beta2.HPAScalingRules.

Field	Type	Required
`stabilizationWindowSeconds`	`int32`	No
`selectPolicy`	`string`	No
`policies`		No

HPAScalingPolicy

See k8s.io.autoscaling.v2beta2.HPAScalingPolicy.

Field	Type	Required
`type`	`string`	No
`value`	`int32`	No
`periodSeconds`	`int32`	No

LocalObjectReference

See k8s.io.api.core.v1.LocalObjectReference.

Field	Type	Description	Required
`name`	`string`		No

MetricIdentifier

See k8s.io.autoscaling.v2beta2.MetricIdentifier.

Field	Type	Description	Required
`name`	`string (oneof)`		No
`selector`			No

MetricSpec

See k8s.io.autoscaling.v2beta2.MetricSpec.

Field	Type	Required
`type`	`string`	No
`object`		No
`pods`	`PodsMetricSource`	No
`resource`		No
`containerResource`	`ContainerResourceMetricSource`	No
`external`		No

MetricStatus

See k8s.io.autoscaling.v2beta2.MetricStatus.

Field	Type	Required
`type`	`string`	No
`object`		No
`pods`	`PodsMetricStatus`	No
`resource`		No
`containerResource`	`ContainerResourceMetricStatus`	No
`external`		No

MetricTarget

See k8s.io.autoscaling.v2beta2.MetricTarget.

Field	Type	Required
`type`	`string`	No
`value`		No
`averageValue`	`IntOrString`	No
`averageUtilization`	`int32`	No

MetricValueStatus

See k8s.io.autoscaling.v2beta2.MetricValueStatus.

Field	Type	Required
`value`	`IntOrString`	No
`averageValue`		No
`averageUtilization`	`int32`	No

NodeAffinity

See k8s.io.api.core.v1.NodeAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`			No
`preferredDuringSchedulingIgnoredDuringExecution`	`PreferredSchedulingTerm[]`		No

NodeSelector

See k8s.io.api.core.v1.NodeSelector.

Field	Type	Description	Required
`nodeSelectorTerms`	`NodeSelectorTerm[]`		No

NodeSelectorTerm

See k8s.io.api.core.v1.NodeSelectorTerm.

Field	Type	Description	Required
`matchExpressions`	`NodeSelectorRequirement[]`		No
`matchFields`			No

NodeSelectorRequirement

See k8s.io.api.core.v1.NodeSelectorRequirement.

Field	Type	Required
`key`	`string`	No
`operator`	`string`	No
`values`	`string[]`	No

ObjectFieldSelector

See k8s.io.api.core.v1.ObjectFieldSelector.

Field	Type	Description	Required
`apiVersion`	`string`		No
`fieldPath`	`string`		No

ObjectMeta

From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.

Field	Type	Description	Required
`name`	`string`		No
`namespace`	`string`		No

ObjectMetricSource

See k8s.io.autoscaling.v2beta2.ObjectMetricSource.

Field	Type	Description	Required
`target`	`Value`	Type changes from CrossVersionObjectReference to ResourceMetricTarget in autoscaling v2beta2/v2 compared with v2beta1 Change it to dynamic type to keep backward compatible	No
`describedObject`			No
`metric`	`MetricIdentifier`		No
`metricName`	`string`		No
`targetValue`			No
`selector`	`LabelSelector`		No
`averageValue`			No

ObjectMetricStatus

See k8s.io.autoscaling.v2beta2.ObjectMetricStatus.

Field	Type	Required
`metric`		No
`current`	`MetricValueStatus`	No
`describedObject`		No

PodAffinity

See k8s.io.api.core.v1.PodAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`			No
`preferredDuringSchedulingIgnoredDuringExecution`	`WeightedPodAffinityTerm[]`		No

PodAntiAffinity

See k8s.io.api.core.v1.PodAntiAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`	`PodAffinityTerm[]`		No
`preferredDuringSchedulingIgnoredDuringExecution`			No

PodAffinityTerm

See k8s.io.api.core.v1.PodAntiAffinity.

Field	Type	Required
`labelSelector`		No
`namespaces`	`string[]`	No
`topologyKey`	`string`	No

PodDisruptionBudgetSpec

See k8s.io.api.policy.v1beta1.PodDisruptionBudget.

Field	Type	Required
`minAvailable`		No
`selector`	`LabelSelector`	No
`maxUnavailable`		No

PodsMetricSource

Field	Type	Description	Required
`metric`		v2beta2/v2 fields	No
`target`	`MetricTarget`		No
`metricName`	`string`		No
`targetAverageValue`			No
`selector`	`LabelSelector`		No

PodsMetricStatus

See k8s.io.autoscaling.v2beta2.PodsMetricStatus.

Field	Type	Description	Required
`metric`	`MetricIdentifier`		No
`current`			No

PreferredSchedulingTerm

See k8s.io.api.core.v1.PreferredSchedulingTerm.

Field	Type	Description	Required
`weight`	`int32`		No
`preference`			No

See k8s.io.api.core.v1.ReadinessProbe.

ResourceFieldSelector

See k8s.io.api.core.v1..

Field	Type	Required
`containerName`	`string`	No
`resource`	`string`	No
`divisor`		No

ResourceMetricSource

See k8s.io.autoscaling.v2beta2.ResourceMetricSource.

Field	Type	Required
`name`	`string`	No
`target`		No
`targetAverageUtilization`	`int32`	No
`targetAverageValue`	`IntOrString`	No

ResourceMetricStatus

See k8s.io.autoscaling.v2beta2.ResourceMetricStatus.

Field	Type	Description	Required
`name`	`string`		No
`current`	`MetricValueStatus`		No

Resources

See k8s.io.api.core.v1.ResourceRequirements.

Field	Type	Description	Required
`limits`	`map<string, string>`		No
`requests`	`map<string, string>`		No

RollingUpdateDeployment

See k8s.io.api.apps.v1.RollingUpdateDeployment.

Field	Type	Description	Required
`maxUnavailable`			No
`maxSurge`	`IntOrString`		No

SecretKeySelector

See k8s.io.api.core.v1.SecretKeySelector.

Field	Type	Required
`localObjectReference`	`LocalObjectReference`	No
`key`	`string`	No
`optional`	`bool`	No

ServiceSpec

See k8s.io.api.core.v1.ServiceSpec.

Field	Type	Required
`ports`	`ServicePort[]`	No
`selector`	`map<string, string>`	No
`clusterIP`	`string`	No
`type`	`string`	No
`externalIPs`	`string[]`	No
`sessionAffinity`	`string`	No
`loadBalancerIP`	`string`	No
`loadBalancerSourceRanges`	`string[]`	No
`externalName`	`string`	No
`externalTrafficPolicy`	`string`	No
`healthCheckNodePort`	`int32`	No
`publishNotReadyAddresses`	`bool`	No
`sessionAffinityConfig`		No

ServicePort

See k8s.io.api.core.v1..

Field	Type	Required
`name`	`string`	No
`protocol`	`string`	No
`port`	`int32`	No
`targetPort`		No
`nodePort`	`int32`	No

SessionAffinityConfig

See k8s.io.api.core.v1.SessionAffinityConfig.

Field	Type	Description	Required
`clientIP`			No

TCPSocketAction

See k8s.io.api.core.v1.TCPSocketAction.

Field	Type	Description	Required
`port`			No
`host`	`string`		No

Toleration

See k8s.io.api.core.v1.Toleration.

Field	Type	Required
`key`	`string`	No
`operator`	`string`	No
`value`	`string`	No
`effect`	`string`	No
`tolerationSeconds`	`int64`	No

WeightedPodAffinityTerm

See k8s.io.api.core.v1.WeightedPodAffinityTerm.

Field	Type	Description	Required
`weight`	`int32`		No
`podAffinityTerm`	`PodAffinityTerm`		No

PodSecurityContext

See k8s.io.api.core.v1.PodSecurityContext.

Field	Type	Required
`seLinuxOptions`	`SELinuxOptions`	No
`runAsUser`	`int64`	No
`runAsNonRoot`	`bool`	No
`supplementalGroups`	`int64[]`	No
`fsGroup`	`int64`	No
`runAsGroup`	`int64`	No
`sysctls`		No
`windowsOptions`	`WindowsSecurityContextOptions`	No
`fsGroupChangePolicy`	`string`	No
`seccompProfile`		No

SELinuxOptions

See k8s.io.api.core.v1.SELinuxOptions.

Field	Type	Required
`user`	`string`	No
`role`	`string`	No
`type`	`string`	No
`level`	`string`	No

Sysctl

See k8s.io.api.core.v1.Sysctl.

Field	Type	Description	Required
`name`	`string`		No
`value`	`string`		No

WindowsSecurityContextOptions

See k8s.io.api.core.v1.WindowsSecurityContextOptions.

Field	Type	Required
`gmsaCredentialSpecName`	`string`	No
`gmsaCredentialSpec`	`string`	No
`runAsUserName`	`string`	No

SeccompProfile

See k8s.io.api.core.v1.SeccompProfile.

Field	Type	Description	Required
`type`	`string`		No
`localhostProfile`	`string`		No

IntOrString

IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.

Field	Type	Required
`type`	`int64`	No
`intVal`		No
`strVal`	`StringValue`	No

InstallStatus.VersionStatus

VersionStatus is the status and version of a component.

Field	Type	Required
`version`	`string`	No
`status`	`Status`	No
`error`	`string`	No

K8sObjectOverlay.PathValue

Field	Type	Description	Required
`path`	`string`	Path of the form a.[key1:value1].b.[:value2] Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value selector to identify a list element in a leaf list. All path intermediate nodes must exist.	No
`value`	`Value`	Value to add, delete or replace. For add, the path should be a new leaf. For delete, value should be unset. For replace, path should reference an existing node. All values are strings but are converted into appropriate type based on schema.	No

google.protobuf.Value

Value represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values. A producer of value is expected to set one of that variants, absence of any variant indicates an error.

The JSON representation for Value is JSON value.

Field	Type	Description	Required
`nullValue`	`NullValue (oneof)`	Represents a null value.	No
`numberValue`	`double (oneof)`	Represents a double value.	No
`stringValue`	`string (oneof)`	Represents a string value.	No
`boolValue`	`bool (oneof)`	Represents a boolean value.	No
`structValue`		Represents a structured value.	No
`listValue`	`ListValue (oneof)`	Represents a repeated `Value`.	No

k8s.io.api.core.v1.Volume

Volume represents a named volume in a pod that may be accessed by any container in the pod.

Field	Type	Description	Required
`name`	`string`	name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	No
`volumeSource`		volumeSource represents the location and type of the mounted volume. If not specified, the Volume is implied to be an EmptyDir. This implied behavior is deprecated and will be removed in a future version.	No

k8s.io.api.core.v1.VolumeMount

VolumeMount describes a mounting of a Volume within a container.

Field	Type	Description	Required
`name`	`string`	This must match the Name of a Volume.	No
`readOnly`	`bool`	Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +optional	No
`mountPath`	`string`	Path within the container at which the volume should be mounted. Must not contain ‘:’.	No
`subPath`	`string`	Path within the volume from which the container’s volume should be mounted. Defaults to “” (volume’s root). +optional	No
`mountPropagation`	`string`	mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +optional	No
`subPathExpr`	`string`	Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to “” (volume’s root). SubPathExpr and SubPath are mutually exclusive. +optional	No

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. +structType=atomic

InstallStatus.Status

Status describes the current state of a component.

Name	Description
`NONE`	Component is not present.
`UPDATING`	Component is being updated to a different version.
`RECONCILING`	Controller has started but not yet completed reconciliation loop for the component.
`HEALTHY`	Component is healthy.
`ERROR`	Component is in an error state.
	Overall status only and would not be set as a component status. Action is needed from the user for reconciliation to proceed e.g. There are proxies still pointing to the control plane revision when try to remove an `IstioOperator` CR.