---
WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/api' REPO
source_repo: https://github.com/istio/api
title: IstioOperator Options
description: Configuration affecting Istio control plane installation version and shape.
location: https://istio.io/docs/reference/config/istio.operator.v1alpha1.html
layout: protoc-gen-docs
generator: protoc-gen-docs
weight: 20
number_of_entries: 63
---
Configuration affecting Istio control plane installation version and shape.
IstioOperatorSpec
IstioOperatorSpec defines the desired installed state of Istio components.
The spec is a used to define a customization of the default profile values that are supplied with each Istio release.
Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio
component values.
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
profile: default
hub: gcr.io/istio-testing
tag: latest
revision: 1-8-0
meshConfig:
accessLogFile: /dev/stdout
enableTracing: true
components:
egressGateways:
- name: istio-egressgateway
enabled: true
| Field |
Type |
Description |
Required |
profile |
string |
Path or name for the profile e.g.
- minimal (looks in profiles dir for a file called minimal.yaml)
- /tmp/istio/install/values/custom/custom-install.yaml (local file path)
default profile is used if this field is unset.
|
No
|
installPackagePath |
string |
Path for the install package. e.g.
- /tmp/istio-installer/nightly (local file path)
|
No
|
hub |
string |
Root for docker image paths e.g. docker.io/istio
|
No
|
tag |
TypeInterface |
Version tag for docker images e.g. 1.7.2
|
No
|
namespace |
string |
Namespace to install control plane resources into. If unset, Istio will be installed into the same namespace
as the IstioOperator CR. You must also set values.global.istioNamespace if you wish to install Istio in
a custom namespace.
If you have enabled CNI, you must exclude this namespace by adding it to the list values.cni.excludeNamespaces.
|
No
|
revision |
string |
Identify the revision this installation is associated with.
This option is currently experimental.
|
No
|
defaultRevision |
bool |
Identify whether this revision is the default revision for the cluster
This option is currently experimental.
|
No
|
meshConfig |
TypeMapStringInterface |
Config used by control plane components internally.
|
No
|
components |
IstioComponentSetSpec |
Kubernetes resource settings, enablement and component-specific settings that are not internal to the
component.
|
No
|
values |
TypeMapStringInterface |
Overrides for default values.yaml. This is a validated pass-through to Helm templates.
See the Helm installation options for schema details.
Anything that is available in IstioOperatorSpec should be set above rather than using the passthrough. This
includes Kubernetes resource settings for components in KubernetesResourcesSpec.
|
No
|
unvalidatedValues |
TypeMapStringInterface |
Unvalidated overrides for default values.yaml. Used for custom templates where new parameters are added.
|
No
|
addonComponents |
map<string, ExternalComponentSpec> |
Deprecated.
Users should manage the installation of addon components on their own.
Refer to samples/addons for demo installation of addon components.
|
No
|
InstallStatus
Observed state of IstioOperator
| Field |
Type |
Description |
Required |
status |
Status |
Overall status of all components controlled by the operator.
- If all components have status
NONE, overall status is NONE.
- If all components are
HEALTHY, overall status is HEALTHY.
- If one or more components are
RECONCILING and others are HEALTHY, overall status is RECONCILING.
- If one or more components are
UPDATING and others are HEALTHY, overall status is UPDATING.
- If components are a mix of
RECONCILING, UPDATING and HEALTHY, overall status is UPDATING.
- If any component is in
ERROR state, overall status is ERROR.
- If further action is needed for reconciliation to proceed, overall status is
ACTION_REQUIRED.
|
No
|
message |
string |
Optional message providing additional information about the existing overall status.
|
No
|
componentStatus |
map<string, VersionStatus> |
Individual status of each component controlled by the operator. The map key is the name of the component.
|
No
|
IstioComponentSetSpec
IstioComponentSpec defines the desired installed state of Istio components.
BaseComponentSpec
Configuration for base component.
ComponentSpec
Configuration for internal components.
| Field |
Type |
Description |
Required |
enabled |
TypeBoolValueForPB |
Selects whether this component is installed.
|
No
|
namespace |
string |
Namespace for the component.
|
No
|
hub |
string |
Hub for the component (overrides top level hub setting).
|
No
|
tag |
TypeInterface |
Tag for the component (overrides top level tag setting).
|
No
|
spec |
TypeInterface |
Arbitrary install time configuration for the component.
|
No
|
k8s |
KubernetesResourcesSpec |
Kubernetes resource spec.
|
No
|
ExternalComponentSpec
Configuration for external components.
| Field |
Type |
Description |
Required |
enabled |
TypeBoolValueForPB |
Selects whether this component is installed.
|
No
|
namespace |
string |
Namespace for the component.
|
No
|
spec |
TypeInterface |
Arbitrary install time configuration for the component.
|
No
|
chartPath |
string |
Chart path for addon components.
|
No
|
schema |
Any |
Optional schema to validate spec against.
|
No
|
k8s |
KubernetesResourcesSpec |
Kubernetes resource spec.
|
No
|
GatewaySpec
Configuration for gateways.
| Field |
Type |
Description |
Required |
enabled |
TypeBoolValueForPB |
Selects whether this gateway is installed.
|
No
|
namespace |
string |
Namespace for the gateway.
|
No
|
name |
string |
Name for the gateway.
|
No
|
label |
map<string, string> |
Labels for the gateway.
|
No
|
hub |
string |
Hub for the component (overrides top level hub setting).
|
No
|
tag |
TypeInterface |
Tag for the component (overrides top level tag setting).
|
No
|
k8s |
KubernetesResourcesSpec |
Kubernetes resource spec.
|
No
|
KubernetesResourcesSpec
KubernetesResourcesConfig is a common set of k8s resource configs for components.
K8sObjectOverlay
Patch for an existing k8s resource.
| Field |
Type |
Description |
Required |
apiVersion |
string |
Resource API version.
|
No
|
kind |
string |
Resource kind.
|
No
|
name |
string |
Name of resource.
Namespace is always the component namespace.
|
No
|
patches |
PathValue[] |
List of patches to apply to resource.
|
No
|
Affinity
See k8s.io.api.core.v1.Affinity.
ConfigMapKeySelector
See k8s.io.api.core.v1.ConfigMapKeySelector.
| Field |
Type |
Description |
Required |
localObjectReference |
LocalObjectReference |
|
No
|
key |
string |
|
No
|
optional |
bool |
|
No
|
ClientIPConfig
See k8s.io.api.core.v1.ClientIPConfig.
| Field |
Type |
Description |
Required |
timeoutSeconds |
int32 |
|
No
|
CrossVersionObjectReference
See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.
| Field |
Type |
Description |
Required |
kind |
string |
|
No
|
name |
string |
|
No
|
apiVersion |
string |
|
No
|
DeploymentStrategy
See k8s.io.api.apps.v1.DeploymentStrategy.
EnvVar
See k8s.io.api.core.v1.EnvVar.
| Field |
Type |
Description |
Required |
name |
string |
|
No
|
value |
string |
|
No
|
valueFrom |
EnvVarSource |
|
No
|
EnvVarSource
See k8s.io.api.core.v1.EnvVarSource.
ExecAction
See k8s.io.api.core.v1.ExecAction.
| Field |
Type |
Description |
Required |
command |
string[] |
|
No
|
ExternalMetricSource
See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.
HTTPGetAction
See k8s.io.api.core.v1.HTTPGetAction.
| Field |
Type |
Description |
Required |
path |
string |
|
No
|
port |
TypeIntOrStringForPB |
|
No
|
host |
string |
|
No
|
scheme |
string |
|
No
|
See k8s.io.api.core.v1.HTTPHeader.
| Field |
Type |
Description |
Required |
HorizontalPodAutoscalerSpec
See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.
LocalObjectReference
See k8s.io.api.core.v1.LocalObjectReference.
| Field |
Type |
Description |
Required |
name |
string |
|
No
|
MetricSpec
See k8s.io.autoscaling.v2beta1.MetricSpec.
NodeAffinity
See k8s.io.api.core.v1.NodeAffinity.
NodeSelector
See k8s.io.api.core.v1.NodeSelector.
NodeSelectorTerm
See k8s.io.api.core.v1.NodeSelectorTerm.
NodeSelectorRequirement
See k8s.io.api.core.v1.NodeSelectorRequirement.
| Field |
Type |
Description |
Required |
key |
string |
|
No
|
operator |
string |
|
No
|
values |
string[] |
|
No
|
ObjectFieldSelector
See k8s.io.api.core.v1.ObjectFieldSelector.
| Field |
Type |
Description |
Required |
apiVersion |
string |
|
No
|
fieldPath |
string |
|
No
|
From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.
| Field |
Type |
Description |
Required |
name |
string |
|
No
|
namespace |
string |
|
No
|
ObjectMetricSource
See k8s.io.autoscaling.v2beta1.ObjectMetricSource.
PodAffinity
See k8s.io.api.core.v1.PodAffinity.
PodAntiAffinity
See k8s.io.api.core.v1.PodAntiAffinity.
PodAffinityTerm
See k8s.io.api.core.v1.PodAntiAffinity.
| Field |
Type |
Description |
Required |
labelSelector |
LabelSelector |
|
No
|
namespaces |
string[] |
|
No
|
topologyKey |
string |
|
No
|
PodDisruptionBudgetSpec
See k8s.io.api.policy.v1beta1.PodDisruptionBudget.
PodsMetricSource
See k8s.io.api.core.v1.PodsMetricSource.
PreferredSchedulingTerm
See k8s.io.api.core.v1.PreferredSchedulingTerm.
ReadinessProbe
See k8s.io.api.core.v1.ReadinessProbe.
| Field |
Type |
Description |
Required |
exec |
ExecAction |
|
No
|
httpGet |
HTTPGetAction |
|
No
|
tcpSocket |
TCPSocketAction |
|
No
|
initialDelaySeconds |
int32 |
|
No
|
timeoutSeconds |
int32 |
|
No
|
periodSeconds |
int32 |
|
No
|
successThreshold |
int32 |
|
No
|
failureThreshold |
int32 |
|
No
|
ResourceFieldSelector
See k8s.io.api.core.v1..
| Field |
Type |
Description |
Required |
containerName |
string |
|
No
|
resource |
string |
|
No
|
divisor |
TypeIntOrStringForPB |
|
No
|
ResourceMetricSource
See k8s.io.api.core.v1.ResourceMetricSource.
| Field |
Type |
Description |
Required |
name |
string |
|
No
|
targetAverageUtilization |
int32 |
|
No
|
targetAverageValue |
TypeIntOrStringForPB |
|
No
|
Resources
See k8s.io.api.core.v1.ResourceRequirements.
| Field |
Type |
Description |
Required |
limits |
map<string, string> |
|
No
|
requests |
map<string, string> |
|
No
|
RollingUpdateDeployment
See k8s.io.api.apps.v1.RollingUpdateDeployment.
SecretKeySelector
See k8s.io.api.core.v1.SecretKeySelector.
| Field |
Type |
Description |
Required |
localObjectReference |
LocalObjectReference |
|
No
|
key |
string |
|
No
|
optional |
bool |
|
No
|
ServiceSpec
See k8s.io.api.core.v1.ServiceSpec.
| Field |
Type |
Description |
Required |
ports |
ServicePort[] |
|
No
|
selector |
map<string, string> |
|
No
|
clusterIP |
string |
|
No
|
type |
string |
|
No
|
externalIPs |
string[] |
|
No
|
sessionAffinity |
string |
|
No
|
loadBalancerIP |
string |
|
No
|
loadBalancerSourceRanges |
string[] |
|
No
|
externalName |
string |
|
No
|
externalTrafficPolicy |
string |
|
No
|
healthCheckNodePort |
int32 |
|
No
|
publishNotReadyAddresses |
bool |
|
No
|
sessionAffinityConfig |
SessionAffinityConfig |
|
No
|
ServicePort
See k8s.io.api.core.v1..
| Field |
Type |
Description |
Required |
name |
string |
|
No
|
protocol |
string |
|
No
|
port |
int32 |
|
No
|
targetPort |
TypeIntOrStringForPB |
|
No
|
nodePort |
int32 |
|
No
|
SessionAffinityConfig
See k8s.io.api.core.v1.SessionAffinityConfig.
TCPSocketAction
See k8s.io.api.core.v1.TCPSocketAction.
Toleration
See k8s.io.api.core.v1.Toleration.
| Field |
Type |
Description |
Required |
key |
string |
|
No
|
operator |
string |
|
No
|
value |
string |
|
No
|
effect |
string |
|
No
|
tolerationSeconds |
int64 |
|
No
|
WeightedPodAffinityTerm
See k8s.io.api.core.v1.WeightedPodAffinityTerm.
| Field |
Type |
Description |
Required |
weight |
int32 |
|
No
|
podAffinityTerm |
PodAffinityTerm |
|
No
|
PodSecurityContext
See k8s.io.api.core.v1.PodSecurityContext.
SELinuxOptions
See k8s.io.api.core.v1.SELinuxOptions.
| Field |
Type |
Description |
Required |
user |
string |
|
No
|
role |
string |
|
No
|
type |
string |
|
No
|
level |
string |
|
No
|
Sysctl
See k8s.io.api.core.v1.Sysctl.
| Field |
Type |
Description |
Required |
name |
string |
|
No
|
value |
string |
|
No
|
WindowsSecurityContextOptions
See k8s.io.api.core.v1.WindowsSecurityContextOptions.
| Field |
Type |
Description |
Required |
gmsaCredentialSpecName |
string |
|
No
|
gmsaCredentialSpec |
string |
|
No
|
runAsUserName |
string |
|
No
|
SeccompProfile
See k8s.io.api.core.v1.SeccompProfile.
| Field |
Type |
Description |
Required |
type |
string |
|
No
|
localhostProfile |
string |
|
No
|
TypeInterface
Synthetic type for generating Go structs.
GOTYPE: interface{}
TypeMapStringInterface
Synthetic type for generating Go structs.
GOTYPE: map[string]interface{}
TypeIntOrStringForPB
Synthetic type for generating Go structs.
GOTYPE: *IntOrStringForPB
TypeBoolValueForPB
Synthetic type for generating Go structs.
GOTYPE: *BoolValueForPB
InstallStatus.VersionStatus
VersionStatus is the status and version of a component.
| Field |
Type |
Description |
Required |
version |
string |
|
No
|
status |
Status |
|
No
|
error |
string |
|
No
|
K8sObjectOverlay.PathValue
| Field |
Type |
Description |
Required |
path |
string |
Path of the form a.[key1:value1].b.[:value2]
Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value
selector to identify a list element in a leaf list.
All path intermediate nodes must exist.
|
No
|
value |
TypeInterface |
Value to add, delete or replace.
For add, the path should be a new leaf.
For delete, value should be unset.
For replace, path should reference an existing node.
All values are strings but are converted into appropriate type based on schema.
|
No
|
k8s.io.api.core.v1.Volume
Volume represents a named volume in a pod that may be accessed by any container in the pod.
| Field |
Type |
Description |
Required |
name |
string |
Volume’s name.
Must be a DNS_LABEL and unique within the pod.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
No
|
volumeSource |
VolumeSource |
VolumeSource represents the location and type of the mounted volume.
If not specified, the Volume is implied to be an EmptyDir.
This implied behavior is deprecated and will be removed in a future version.
|
No
|
k8s.io.api.core.v1.VolumeMount
VolumeMount describes a mounting of a Volume within a container.
| Field |
Type |
Description |
Required |
name |
string |
This must match the Name of a Volume.
|
No
|
readOnly |
bool |
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
+optional
|
No
|
mountPath |
string |
Path within the container at which the volume should be mounted. Must
not contain ‘:’.
|
No
|
subPath |
string |
Path within the volume from which the container’s volume should be mounted.
Defaults to “” (volume’s root).
+optional
|
No
|
mountPropagation |
string |
mountPropagation determines how mounts are propagated from the host
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
+optional
|
No
|
subPathExpr |
string |
Expanded path within the volume from which the container’s volume should be mounted.
Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment.
Defaults to “” (volume’s root).
SubPathExpr and SubPath are mutually exclusive.
This field is beta in 1.15.
+optional
|
No
|
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
| Field |
Type |
Description |
Required |
matchLabels |
map<string, string> |
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is “key”, the
operator is “In”, and the values array contains only “value”. The requirements are ANDed.
+optional
|
No
|
matchExpressions |
LabelSelectorRequirement[] |
matchExpressions is a list of label selector requirements. The requirements are ANDed.
+optional
|
No
|
InstallStatus.Status
Status describes the current state of a component.
| Name |
Description |
NONE |
Component is not present.
|
UPDATING |
Component is being updated to a different version.
|
RECONCILING |
Controller has started but not yet completed reconciliation loop for the component.
|
HEALTHY |
Component is healthy.
|
ERROR |
Component is in an error state.
|
ACTION_REQUIRED |
Overall status only and would not be set as a component status.
Action is needed from the user for reconciliation to proceed
e.g. There are proxies still pointing to the control plane revision when try to remove an IstioOperator CR.
|