IngressIstioController
Scope: Cluster
Version: v1alpha1
- specobject
Required value
- spec.hostPortobject
HostPort
inlet settings.- spec.hostPort.httpPortinteger
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPort
is not set.Example:
httpPort: 80
- spec.hostPort.httpsPortinteger
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPort
is not set.Example:
httpsPort: 443
- spec.hostPort.httpPortinteger
- spec.ingressGatewayClassstring
Required value
Ingress gateway class is used by application Gateway resources for identifying the right Ingress gateway setup.
The identification is organized by setting the spec.selector:
istio.deckhouse.io/ingress-gateway-class: <ingressGatewayClass value>
.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Example:
ingressGatewayClass: istio
- spec.inletstring
Required value
The way traffic goes to cluster from the outer network.
LoadBalancer
— Ingress controller is deployed and the service ofLoadBalancer
type is provisioned.NodePort
— Ingress controller is deployed and available through nodes’ ports vianodePort
.-
HostPort
— Ingress controller is deployed and available through nodes’ ports viahostPort
.Caution! There can be only one controller with this inlet type on a host.
Allowed values:
LoadBalancer
,HostPort
,NodePort
- spec.loadBalancerobject
Not required value.
A section of parameters of the
LoadBalancer
inlet.- spec.loadBalancer.annotationsobject
Annotations to assign to the service for flexible configuration of the load balancer.
- spec.loadBalancer.annotationsobject
- spec.nodePortobject
HostPort
inlet settings.- spec.nodePort.httpPortinteger
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPort
is not set.Example:
httpPort: 30080
- spec.nodePort.httpsPortinteger
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPort
is not set.Example:
httpsPort: 30443
- spec.nodePort.httpPortinteger
- spec.nodeSelectorobject
The same as in the pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
, it will be determined automatically.Format: the standard
nodeSelector
list. Instance pods inherit this field as is. - spec.resourcesRequestsobject
Max amounts of CPU and memory resources that the pod can request when selecting a node (if the VPA is disabled, then these values become the default ones).
- spec.resourcesRequests.modestring
Required value
The mode for managing resource requests.
Default:
"VPA"
Allowed values:
VPA
,Static
- spec.resourcesRequests.staticobject
Static mode settings.
- spec.resourcesRequests.static.cpustring
CPU requests.
Default:
"350m"
- spec.resourcesRequests.static.memorystring
Memory requests.
Default:
"500Mi"
- spec.resourcesRequests.static.cpustring
- spec.resourcesRequests.vpaobject
Parameters of the vpa mode.
- spec.resourcesRequests.vpa.cpuobject
CPU-related parameters.
- spec.resourcesRequests.vpa.cpu.maxstring
Maximum allowed CPU requests.
Default:
"100m"
- spec.resourcesRequests.vpa.cpu.minstring
Minimum allowed CPU requests.
Default:
"50m"
- spec.resourcesRequests.vpa.cpu.maxstring
- spec.resourcesRequests.vpa.memoryobject
The amount of memory requested.
- spec.resourcesRequests.vpa.memory.maxstring
Maximum allowed memory requests.
Default:
"200Mi"
- spec.resourcesRequests.vpa.memory.minstring
Minimum allowed memory requests.
Default:
"100Mi"
- spec.resourcesRequests.vpa.memory.maxstring
- spec.resourcesRequests.vpa.modestring
The VPA usage mode.
Default:
"Initial"
Allowed values:
Initial
,Auto
- spec.resourcesRequests.vpa.cpuobject
- spec.resourcesRequests.modestring
- spec.tolerationsarray of objects
The same as in the pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
, it will be determined automatically.Format: the standard toleration list. Instance pods inherit this field as is.
- spec.tolerations.effectstring
Allowed values:
NoSchedule
,PreferNoSchedule
,NoExecute
- spec.tolerations.keystring
- spec.tolerations.operatorstring
Default:
"Equal"
Allowed values:
Exists
,Equal
- spec.tolerations.tolerationSecondsinteger
- spec.tolerations.valuestring
- spec.tolerations.effectstring
- spec.hostPortobject
IstioFederation
Scope: Cluster
Version: v1alpha1
CR for setting remote cluster as trusted one.
- specobject
Required value
This feature is available in enterprise edition only.
- spec.metadataEndpointstring
Required value
HTTPS endpoint with remote cluster metadata.
This feature is available in enterprise edition only.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$
Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/
- spec.trustDomainstring
Required value
The
TrustDomain
of the remote cluster.A mandatory parameter, however, it isn’t used currently since Istio cannot match TrustDomain with the root CA.
This feature is available in enterprise edition only.
Pattern:
^[0-9a-zA-Z._-]+$
Example:
trustDomain: cluster.local
- spec.metadataEndpointstring
IstioMulticluster
Scope: Cluster
Version: v1alpha1
CR for setting remote cluster as trusted one.
- specobject
Required value
This feature is available in enterprise edition only.
- spec.enableIngressGatewayboolean
Should Istio use ingressgateways to access remote Pods?
If remote Pods are accessible directly from our cluster (“flat” network), it is efficient not to use extra hop.
Default:
true
This feature is available in enterprise edition only.
- spec.metadataEndpointstring
Required value
HTTPS endpoint with remote cluster metadata.
This feature is available in enterprise edition only.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$
Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/
- spec.enableIngressGatewayboolean