IngressIstioController

Scope: Cluster
Version: v1alpha1

  • spec
    object

    Required value

    • spec.hostPort
      object

      HostPort inlet settings.

      • spec.hostPort.httpPort
        integer

        Port for insecure HTTP connections.

        If the parameter is not set, the connection over HTTP cannot be established.

        This parameter is mandatory if httpsPort is not set.

        Example:

        httpPort: '80'
      • spec.hostPort.httpsPort
        integer

        Port for secure HTTPS connections.

        If the parameter is not set, the connection over HTTPS cannot be established.

        This parameter is mandatory if httpPort is not set.

        Example:

        httpsPort: '443'
    • spec.ingressGatewayClass
      string

      Required value

      Ingress gateway class is used by application Gateway resources for identifying the right Ingress gateway setup.

      The identification is organized by setting the spec.selector: istio.deckhouse.io/ingress-gateway-class: <ingressGatewayClass value>.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

      Example:

      ingressGatewayClass: istio
    • spec.inlet
      string

      Required value

      The way traffic goes to cluster from the outer network.

      • LoadBalancer — Ingress controller is deployed and the service of LoadBalancer type is provisioned.
      • NodePort — Ingress controller is deployed and available through nodes’ ports via nodePort.

      • HostPort — Ingress controller is deployed and available through nodes’ ports via hostPort.

        Caution! There can be only one controller with this inlet type on a host.

      Allowed values: LoadBalancer, HostPort, NodePort

    • spec.loadBalancer
      object

      Not required value.

      A section of parameters of the LoadBalancer inlet.

      • spec.loadBalancer.annotations
        object

        Annotations to assign to the service for flexible configuration of the load balancer.

    • spec.nodePort
      object

      HostPort inlet settings.

      • spec.nodePort.httpPort
        integer

        Port for insecure HTTP connections.

        If the parameter is not set, the connection over HTTP cannot be established.

        This parameter is mandatory if httpsPort is not set.

        Example:

        httpPort: '30080'
      • spec.nodePort.httpsPort
        integer

        Port for secure HTTPS connections.

        If the parameter is not set, the connection over HTTPS cannot be established.

        This parameter is mandatory if httpPort is not set.

        Example:

        httpsPort: '30443'
    • spec.nodeSelector
      object

      The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

      If the parameter is omitted or false, it will be determined automatically.

      Format: the standard nodeSelector list. Instance pods inherit this field as is.

    • spec.resourcesRequests
      object

      Max amounts of CPU and memory resources that the pod can request when selecting a node (if the VPA is disabled, then these values become the default ones).

      • spec.resourcesRequests.mode
        string

        Required value

        The mode for managing resource requests.

        Default: "VPA"

        Allowed values: VPA, Static

      • spec.resourcesRequests.static
        object

        Static mode settings.

        • spec.resourcesRequests.static.cpu
          string

          CPU requests.

          Default: "350m"

        • spec.resourcesRequests.static.memory
          string

          Memory requests.

          Default: "500Mi"

      • spec.resourcesRequests.vpa
        object

        Parameters of the vpa mode.

        • spec.resourcesRequests.vpa.cpu
          object

          CPU-related parameters.

          • spec.resourcesRequests.vpa.cpu.max
            string

            Maximum allowed CPU requests.

            Default: "100m"

          • spec.resourcesRequests.vpa.cpu.min
            string

            Minimum allowed CPU requests.

            Default: "50m"

        • spec.resourcesRequests.vpa.memory
          object

          The amount of memory requested.

          • spec.resourcesRequests.vpa.memory.max
            string

            Maximum allowed memory requests.

            Default: "200Mi"

          • spec.resourcesRequests.vpa.memory.min
            string

            Minimum allowed memory requests.

            Default: "100Mi"

        • spec.resourcesRequests.vpa.mode
          string

          The VPA usage mode.

          Default: "Initial"

          Allowed values: Initial, Auto

    • spec.tolerations
      array of objects

      The same as in the pods’ spec.tolerations parameter in Kubernetes;

      If the parameter is omitted or false, it will be determined automatically.

      Format: the standard toleration list. Instance pods inherit this field as is.

      • spec.tolerations.effect
        string

        Allowed values: NoSchedule, PreferNoSchedule, NoExecute

      • spec.tolerations.key
        string
      • spec.tolerations.operator
        string

        Default: "Equal"

        Allowed values: Exists, Equal

      • spec.tolerations.tolerationSeconds
        integer
      • spec.tolerations.value
        string

IstioFederation

Scope: Cluster
Version: v1alpha1

Custom resource for setting remote cluster as trusted one.

  • spec
    object

    Required value

    This feature is available in enterprise edition only.

    • spec.metadata
      object
      • spec.metadata.ca
        string

        Certificate for validation HTTPS endpoint with remote cluster metadata.

        This feature is available in enterprise edition only.

        Example:

        ca: "-----BEGIN CERTIFICATE----- ..... -----END CERTIFICATE-----"
      • spec.metadata.insecureSkipVerify
        boolean

        Skip validation certificate on HTTPS endpoint with remote cluster metadata.

        Default: false

        This feature is available in enterprise edition only.

        Example:

        insecureSkipVerify: 'true'
    • spec.metadataEndpoint
      string

      Required value

      HTTPS endpoint with remote cluster metadata.

      This feature is available in enterprise edition only.

      Pattern: ^(https|file)://[0-9a-zA-Z._/-]+$

      Example:

      metadataEndpoint: https://istio.k8s.example.com/metadata/
    • spec.trustDomain
      string

      Required value

      The TrustDomain of the remote cluster.

      A mandatory parameter, but it is not currently utilized, as Istio does not yet support mapping TrustDomain to a root Certificate Authority (CA).

      This feature is available in enterprise edition only.

      Pattern: ^[0-9a-zA-Z._-]+$

      Example:

      trustDomain: cluster.local

IstioMulticluster

Scope: Cluster
Version: v1alpha1

Custom resource for setting remote cluster as trusted one.

  • spec
    object

    Required value

    This feature is available in enterprise edition only.

    • spec.enableIngressGateway
      boolean

      Using IngressGateway for accessing remote Pods.

      If remote Pods are accessible directly from our cluster (flat network), it is efficient not to use extra hop.

      Default: true

      This feature is available in enterprise edition only.

    • spec.metadata
      object
      • spec.metadata.ca
        string

        HTTPS certificate authority for remote cluster metadata.

        This feature is available in enterprise edition only.

      • spec.metadata.insecureSkipVerify
        boolean

        HTTPS check or not for remote cluster metadata.

        Default: false

        This feature is available in enterprise edition only.

        Example:

        insecureSkipVerify: 'true'
    • spec.metadataEndpoint
      string

      Required value

      HTTPS endpoint with remote cluster metadata.

      This feature is available in enterprise edition only.

      Pattern: ^(https|file)://[0-9a-zA-Z._/-]+$

      Example:

      metadataEndpoint: https://istio.k8s.example.com/metadata/