Istio
Docs
Reference
Configuration
IstioOperator Options

IstioOperator Options

11 minute read

Configuration affecting Istio control plane installation version and shape.

IstioOperatorSpec

IstioOperatorSpec defines the desired installed state of Istio components. The spec is a used to define a customization of the default profile values that are supplied with each Istio release. Because the spec is a customization API, specifying an empty IstioOperatorSpec results in a default Istio component values.

Field	Type	Description	Required
`profile`	`string`	Path or name for the profile e.g. - minimal (looks in profiles dir for a file called minimal.yaml) - /tmp/istio/install/values/custom/custom-install.yaml (local file path) default profile is used if this field is unset.	No
`installPackagePath`	`string`	Path for the install package. e.g. - /tmp/istio-installer/nightly (local file path)	No
`hub`	`string`	Root for docker image paths e.g. docker.io/istio	No
`tag`	`TypeInterface`	Version tag for docker images e.g. 1.0.6	No
`namespace`	`string`	Namespace to install control plane resources into. If unset, Istio will be installed into the same namespace as the IstioOperator CR.	No
`revision`	`string`	Identify the revision this installation is associated with. This option is currently experimental.	No
`meshConfig`	`TypeMapStringInterface`	Config used by control plane components internally.	No
`components`	`IstioComponentSetSpec`	Kubernetes resource settings, enablement and component-specific settings that are not internal to the component.	No
`addonComponents`	`map<string, ExternalComponentSpec>`	Extra addon components which are not explicitly specified above.	No
`values`	`TypeMapStringInterface`	Overrides for default values.yaml. This is a validated pass-through to Helm templates. See the Helm installation options for schema details: https://istio.io/docs/reference/config/installation-options/. Anything that is available in IstioOperatorSpec should be set above rather than using the passthrough. This includes Kubernetes resource settings for components in KubernetesResourcesSpec.	No
`unvalidatedValues`	`TypeMapStringInterface`	Unvalidated overrides for default values.yaml. Used for custom templates where new parameters are added.	No

InstallStatus

Observed state of IstioOperator

Field	Type	Description	Required
`status`	`Status`	Overall status of all components controlled by the operator. - If all components have status NONE, overall status is NONE. - If all components are HEALTHY, overall status is HEALTHY. - If one or more components are RECONCILING and others are HEALTHY, overall status is RECONCILING. - If one or more components are UPDATING and others are HEALTHY, overall status is UPDATING. - If components are a mix of RECONCILING, UPDATING and HEALTHY, overall status is UPDATING. - If any component is in ERROR state, overall status is ERROR. - If further action is needed for reconciliation to proceed, overall status is ACTION_REQUIRED.	No
`message`	`string`	Optional message providing additional information about the existing overall status.	No
`componentStatus`	`map<string, VersionStatus>`	Individual status of each component controlled by the operator. The map key is the name of the component.	No

IstioComponentSetSpec

IstioComponentSpec defines the desired installed state of Istio components.

Field	Type	Required
`base`	`BaseComponentSpec`	No
`pilot`	`ComponentSpec`	No
`policy`	`ComponentSpec`	No
`telemetry`	`ComponentSpec`	No
`cni`	`ComponentSpec`	No
`istiodRemote`	`ComponentSpec`	No
`ingressGateways`	`GatewaySpec[]`	No
`egressGateways`	`GatewaySpec[]`	No

BaseComponentSpec

Configuration for base component.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether this component is installed.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

ComponentSpec

Configuration for internal components.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether this component is installed.	No
`namespace`	`string`	Namespace for the component.	No
`hub`	`string`	Hub for the component (overrides top level hub setting).	No
`tag`	`TypeInterface`	Tag for the component (overrides top level tag setting).	No
`spec`	`TypeInterface`	Arbitrary install time configuration for the component.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

ExternalComponentSpec

Configuration for external components.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether this component is installed.	No
`namespace`	`string`	Namespace for the component.	No
`spec`	`TypeInterface`	Arbitrary install time configuration for the component.	No
`chartPath`	`string`	Chart path for addon components.	No
`schema`	`Any`	Optional schema to validate spec against.	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

GatewaySpec

Configuration for gateways.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether this gateway is installed.	No
`namespace`	`string`	Namespace for the gateway.	No
`name`	`string`	Name for the gateway.	No
`label`	`map<string, string>`	Labels for the gateway.	No
`hub`	`string`	Hub for the component (overrides top level hub setting).	No
`tag`	`TypeInterface`	Tag for the component (overrides top level tag setting).	No
`k8s`	`KubernetesResourcesSpec`	Kubernetes resource spec.	No

KubernetesResourcesSpec

KubernetesResourcesConfig is a common set of k8s resource configs for components.

Field	Type	Description	Required
`affinity`	`Affinity`	k8s affinity. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity	No
`env`	`EnvVar[]`	Deployment environment variables. https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/	No
`hpaSpec`	`HorizontalPodAutoscalerSpec`	k8s HorizontalPodAutoscaler settings. https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/	No
`imagePullPolicy`	`string`	k8s imagePullPolicy. https://kubernetes.io/docs/concepts/containers/images/	No
`nodeSelector`	`map<string, string>`	k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector	No
`podDisruptionBudget`	`PodDisruptionBudgetSpec`	k8s PodDisruptionBudget settings. https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#how-disruption-budgets-work	No
`podAnnotations`	`map<string, string>`	k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/	No
`priorityClassName`	`string`	k8s priorityclassname. Default for all resources unless overridden. https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass	No
`readinessProbe`	`ReadinessProbe`	k8s readinessProbe settings. https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ k8s.io.api.core.v1.Probe readiness_probe = 9;	No
`replicaCount`	`uint32`	k8s Deployment replicas setting. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/	No
`resources`	`Resources`	k8s resources settings. https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container	No
`service`	`ServiceSpec`	k8s Service settings. https://kubernetes.io/docs/concepts/services-networking/service/	No
`strategy`	`DeploymentStrategy`	k8s deployment strategy. https://kubernetes.io/docs/concepts/workloads/controllers/deployment/	No
`tolerations`	`Toleration[]`	k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/	No
`serviceAnnotations`	`map<string, string>`	k8s service annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/	No
`overlays`	`K8sObjectOverlay[]`	Overlays for k8s resources in rendered manifests.	No

K8sObjectOverlay

Patch for an existing k8s resource.

Field	Type	Description	Required
`apiVersion`	`string`	Resource API version.	No
`kind`	`string`	Resource kind.	No
`name`	`string`	Name of resource. Namespace is always the component namespace.	No
`patches`	`PathValue[]`	List of patches to apply to resource.	No

Affinity

See k8s.io.api.core.v1.Affinity.

Field	Type	Required
`nodeAffinity`	`NodeAffinity`	No
`podAffinity`	`PodAffinity`	No
`podAntiAffinity`	`PodAntiAffinity`	No

ConfigMapKeySelector

See k8s.io.api.core.v1.ConfigMapKeySelector.

Field	Type	Required
`localObjectReference`	`LocalObjectReference`	No
`key`	`string`	No
`optional`	`bool`	No

ClientIPConfig

See k8s.io.api.core.v1.ClientIPConfig.

Field	Type	Description	Required
`timeoutSeconds`	`int32`		No

CrossVersionObjectReference

See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.

Field	Type	Required
`kind`	`string`	No
`name`	`string`	No
`apiVersion`	`string`	No

DeploymentStrategy

See k8s.io.api.apps.v1.DeploymentStrategy.

Field	Type	Description	Required
`type`	`string`		No
`rollingUpdate`	`RollingUpdateDeployment`		No

EnvVar

See k8s.io.api.core.v1.EnvVar.

Field	Type	Required
`name`	`string`	No
`value`	`string`	No
`valueFrom`	`EnvVarSource`	No

EnvVarSource

See k8s.io.api.core.v1.EnvVarSource.

Field	Type	Required
`fieldRef`	`ObjectFieldSelector`	No
`resourceFieldRef`	`ResourceFieldSelector`	No
`configMapKeyRef`	`ConfigMapKeySelector`	No
`secretKeyRef`	`SecretKeySelector`	No

ExecAction

See k8s.io.api.core.v1.ExecAction.

Field	Type	Description	Required
`command`	`string[]`		No

ExternalMetricSource

See k8s.io.api.autoscaling.v2beta2.CrossVersionObjectReference.

Field	Type	Required
`metricName`	`string`	No
`metricSelector`	`LabelSelector`	No
`targetValue`	`Quantity`	No
`targetAverageValue`	`Quantity`	No

HTTPGetAction

See k8s.io.api.core.v1.HTTPGetAction.

Field	Type	Required
`path`	`string`	No
`port`	`TypeInterface`	No
`host`	`string`	No
`scheme`	`string`	No
`httpHeaders`	`HTTPHeader[]`	No

HTTPHeader

See k8s.io.api.core.v1.HTTPHeader.

Field	Type	Description	Required
`name`	`string`		No
`value`	`string`		No

HorizontalPodAutoscalerSpec

See k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec.

Field	Type	Required
`scaleTargetRef`	`CrossVersionObjectReference`	No
`minReplicas`	`int32`	No
`maxReplicas`	`int32`	No
`metrics`	`MetricSpec[]`	No

LocalObjectReference

See k8s.io.api.core.v1.LocalObjectReference.

Field	Type	Description	Required
`name`	`string`		No

MetricSpec

See k8s.io.autoscaling.v2beta1.MetricSpec.

Field	Type	Required
`type`	`string`	No
`object`	`ObjectMetricSource`	No
`pods`	`PodsMetricSource`	No
`resource`	`ResourceMetricSource`	No
`external`	`ExternalMetricSource`	No

NodeAffinity

See k8s.io.api.core.v1.NodeAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`	`NodeSelector`		No
`preferredDuringSchedulingIgnoredDuringExecution`	`PreferredSchedulingTerm[]`		No

NodeSelector

See k8s.io.api.core.v1.NodeSelector.

Field	Type	Description	Required
`nodeSelectorTerms`	`NodeSelectorTerm[]`		No

NodeSelectorTerm

See k8s.io.api.core.v1.NodeSelectorTerm.

Field	Type	Description	Required
`matchExpressions`	`NodeSelectorRequirement[]`		No
`matchFields`	`NodeSelectorRequirement[]`		No

NodeSelectorRequirement

See k8s.io.api.core.v1.NodeSelectorRequirement.

Field	Type	Required
`key`	`string`	No
`operator`	`string`	No
`values`	`string[]`	No

ObjectFieldSelector

See k8s.io.api.core.v1.ObjectFieldSelector.

Field	Type	Description	Required
`apiVersion`	`string`		No
`fieldPath`	`string`		No

ObjectMeta

From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta.

Field	Type	Description	Required
`name`	`string`		No
`namespace`	`string`		No

ObjectMetricSource

See k8s.io.autoscaling.v2beta1.ObjectMetricSource.

Field	Type	Required
`target`	`CrossVersionObjectReference`	No
`metricName`	`string`	No
`targetValue`	`Quantity`	No
`selector`	`LabelSelector`	No
`averageValue`	`Quantity`	No

PodAffinity

See k8s.io.api.core.v1.PodAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`	`PodAffinityTerm[]`		No
`preferredDuringSchedulingIgnoredDuringExecution`	`WeightedPodAffinityTerm[]`		No

PodAntiAffinity

See k8s.io.api.core.v1.PodAntiAffinity.

Field	Type	Description	Required
`requiredDuringSchedulingIgnoredDuringExecution`	`PodAffinityTerm[]`		No
`preferredDuringSchedulingIgnoredDuringExecution`	`WeightedPodAffinityTerm[]`		No

PodAffinityTerm

See k8s.io.api.core.v1.PodAntiAffinity.

Field	Type	Required
`labelSelector`	`LabelSelector`	No
`namespaces`	`string[]`	No
`topologyKey`	`string`	No

PodDisruptionBudgetSpec

See k8s.io.api.policy.v1beta1.PodDisruptionBudget.

Field	Type	Required
`minAvailable`	`uint32`	No
`selector`	`LabelSelector`	No
`maxUnavailable`	`uint32`	No

PodsMetricSource

See k8s.io.api.core.v1.PodsMetricSource.

Field	Type	Required
`metricName`	`string`	No
`targetAverageValue`	`Quantity`	No
`selector`	`LabelSelector`	No

PreferredSchedulingTerm

See k8s.io.api.core.v1.PreferredSchedulingTerm.

Field	Type	Description	Required
`weight`	`int32`		No
`preference`	`NodeSelectorTerm`		No

ReadinessProbe

See k8s.io.api.core.v1.ReadinessProbe.

Field	Type	Required
`exec`	`ExecAction`	No
`httpGet`	`HTTPGetAction`	No
`tcpSocket`	`TCPSocketAction`	No
`initialDelaySeconds`	`int32`	No
`timeoutSeconds`	`int32`	No
`periodSeconds`	`int32`	No
`successThreshold`	`int32`	No
`failureThreshold`	`int32`	No

ResourceFieldSelector

See k8s.io.api.core.v1..

Field	Type	Required
`containerName`	`string`	No
`resource`	`string`	No
`divisor`	`Quantity`	No

ResourceMetricSource

See k8s.io.api.core.v1.ResourceMetricSource.

Field	Type	Required
`name`	`string`	No
`targetAverageUtilization`	`TypeInterface`	No
`targetAverageValue`	`Quantity`	No

Resources

See k8s.io.api.core.v1.ResourceRequirements.

Field	Type	Description	Required
`limits`	`map<string, string>`		No
`requests`	`map<string, string>`		No

RollingUpdateDeployment

See k8s.io.api.apps.v1.RollingUpdateDeployment.

Field	Type	Description	Required
`maxUnavailable`	`TypeInterface`		No
`maxSurge`	`TypeInterface`		No

SecretKeySelector

See k8s.io.api.core.v1.SecretKeySelector.

Field	Type	Required
`localObjectReference`	`LocalObjectReference`	No
`key`	`string`	No
`optional`	`bool`	No

ServiceSpec

See k8s.io.api.core.v1.ServiceSpec.

Field	Type	Required
`ports`	`ServicePort[]`	No
`selector`	`map<string, string>`	No
`clusterIP`	`string`	No
`type`	`string`	No
`externalIPs`	`string[]`	No
`sessionAffinity`	`string`	No
`loadBalancerIP`	`string`	No
`loadBalancerSourceRanges`	`string[]`	No
`externalName`	`string`	No
`externalTrafficPolicy`	`string`	No
`healthCheckNodePort`	`int32`	No
`publishNotReadyAddresses`	`bool`	No
`sessionAffinityConfig`	`SessionAffinityConfig`	No

ServicePort

See k8s.io.api.core.v1..

Field	Type	Required
`name`	`string`	No
`protocol`	`string`	No
`port`	`int32`	No
`targetPort`	`TypeInterface`	No
`nodePort`	`int32`	No

SessionAffinityConfig

See k8s.io.api.core.v1.SessionAffinityConfig.

Field	Type	Description	Required
`clientIP`	`ClientIPConfig`		No

TCPSocketAction

See k8s.io.api.core.v1.TCPSocketAction.

Field	Type	Description	Required
`port`	`TypeInterface`		No
`host`	`string`		No

Toleration

See k8s.io.api.core.v1.Toleration.

Field	Type	Required
`key`	`string`	No
`operator`	`string`	No
`value`	`string`	No
`effect`	`string`	No
`tolerationSeconds`	`int64`	No

WeightedPodAffinityTerm

See k8s.io.api.core.v1.WeightedPodAffinityTerm.

Field	Type	Description	Required
`weight`	`int32`		No
`podAffinityTerm`	`PodAffinityTerm`		No

TypeInterface

Synthetic type for generating Go structs. GOTYPE: interface{}

TypeMapStringInterface

Synthetic type for generating Go structs. GOTYPE: map[string]interface{}

TypeIntOrStringForPB

Synthetic type for generating Go structs. GOTYPE: *IntOrStringForPB

TypeBoolValueForPB

Synthetic type for generating Go structs. GOTYPE: *BoolValueForPB

InstallStatus.VersionStatus

VersionStatus is the status and version of a component.

Field	Type	Required
`version`	`string`	No
`status`	`Status`	No
`error`	`string`	No

K8sObjectOverlay.PathValue

Field	Type	Description	Required
`path`	`string`	Path of the form a.[key1:value1].b.[:value2] Where [key1:value1] is a selector for a key-value pair to identify a list element and [:value] is a value selector to identify a list element in a leaf list. All path intermediate nodes must exist.	No
`value`	`TypeInterface`	Value to add, delete or replace. For add, the path should be a new leaf. For delete, value should be unset. For replace, path should reference an existing node. All values are strings but are converted into appropriate type based on schema.	No

k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.

Field	Type	Description	Required
`matchLabels`	`map<string, string>`	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. +optional	No
`matchExpressions`	`LabelSelectorRequirement[]`	matchExpressions is a list of label selector requirements. The requirements are ANDed. +optional	No

k8s.io.apimachinery.pkg.api.resource.Quantity

Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors.

The serialization format is:

::= (Note that may be empty, from the “” case in .) ::= 0 | 1 | … | 9 ::= | ::= | . | . | . ::= “+” | “-” ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) ::= m | “” | k | M | G | T | P | E (Note that 1024 = 1Ki but 1000 = 1k; I didn’t choose the capitalization.) ::= “e” | “E”

No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.

When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.

Before serializing, Quantity will be put in “canonical form”. This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: a. No precision is lost b. No fractional digits will be emitted c. The exponent (or suffix) is as large as possible. The sign will be omitted unless the number is negative.

Examples: 1.5 will be serialized as “1500m” 1.5Gi will be serialized as “1536Mi”

Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.

Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don’t diff.)

This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.

+protobuf=true +protobuf.embed=string +protobuf.options.marshal=false +protobuf.options.(gogoproto.goproto_stringer)=false +k8s:deepcopy-gen=true +k8s:openapi-gen=true

Field	Type	Description	Required
`string`	`string`		No

InstallStatus.Status

Status describes the current state of a component.

Name	Description
`NONE`	Component is not present.
`UPDATING`	Component is being updated to a different version.
`RECONCILING`	Controller has started but not yet completed reconciliation loop for the component.
`HEALTHY`	Component is healthy.
`ERROR`	Component is in an error state.
`ACTION_REQUIRED`	Overall status only and would not be set as a component status. Action is needed from the user for reconciliation to proceed e.g. There are proxies still pointing to the control plane revision when try to remove an IstioOperator CR.

Was this information useful?

Do you have any suggestions for improvement?

Thanks for your feedback!