IngressIstioController
Scope: Cluster
Version: v1alpha1
- specobject
Required value
- spec.hostPortobject
HostPort
inlet settings.- spec.hostPort.httpPortinteger
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPort
is not set.Example:
httpPort: 80
- spec.hostPort.httpsPortinteger
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPort
is not set.Example:
httpsPort: 443
- spec.hostPort.httpPortinteger
- spec.ingressGatewayClassstring
Required value
Ingress gateway class is used by application Gateway resources for identifying the right Ingress gateway setup.
The identification is organized by setting the spec.selector:
istio.deckhouse.io/ingress-gateway-class: <ingressGatewayClass value>
.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Example:
ingressGatewayClass: istio
- spec.inletstring
Required value
The way traffic goes to cluster from the outer network.
LoadBalancer
— Ingress controller is deployed and the service ofLoadBalancer
type is provisioned.NodePort
— Ingress controller is deployed and available through nodes’ ports vianodePort
.-
HostPort
— Ingress controller is deployed and available through nodes’ ports viahostPort
.Caution! There can be only one controller with this inlet type on a host.
Allowed values:
LoadBalancer
,HostPort
,NodePort
- spec.loadBalancerobject
Not required value.
A section of parameters of the
LoadBalancer
inlet.- spec.loadBalancer.annotationsobject
Annotations to assign to the service for flexible configuration of the load balancer.
- spec.loadBalancer.annotationsobject
- spec.nodePortobject
HostPort
inlet settings.- spec.nodePort.httpPortinteger
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPort
is not set.Example:
httpPort: 30080
- spec.nodePort.httpsPortinteger
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPort
is not set.Example:
httpsPort: 30443
- spec.nodePort.httpPortinteger
- spec.nodeSelectorobject
The same as in the pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
, it will be determined automatically.Format: the standard
nodeSelector
list. Instance pods inherit this field as is. - spec.resourcesRequestsobject
Max amounts of CPU and memory resources that the pod can request when selecting a node (if the VPA is disabled, then these values become the default ones).
- spec.resourcesRequests.modestring
Required value
The mode for managing resource requests.
Default:
"VPA"
Allowed values:
VPA
,Static
- spec.resourcesRequests.staticobject
Static mode settings.
- spec.resourcesRequests.static.cpustring
CPU requests.
Default:
"350m"
- spec.resourcesRequests.static.memorystring
Memory requests.
Default:
"500Mi"
- spec.resourcesRequests.static.cpustring
- spec.resourcesRequests.vpaobject
Parameters of the vpa mode.
- spec.resourcesRequests.vpa.cpuobject
CPU-related parameters.
- spec.resourcesRequests.vpa.cpu.maxstring
Maximum allowed CPU requests.
Default:
"100m"
- spec.resourcesRequests.vpa.cpu.minstring
Minimum allowed CPU requests.
Default:
"50m"
- spec.resourcesRequests.vpa.cpu.maxstring
- spec.resourcesRequests.vpa.memoryobject
The amount of memory requested.
- spec.resourcesRequests.vpa.memory.maxstring
Maximum allowed memory requests.
Default:
"200Mi"
- spec.resourcesRequests.vpa.memory.minstring
Minimum allowed memory requests.
Default:
"100Mi"
- spec.resourcesRequests.vpa.memory.maxstring
- spec.resourcesRequests.vpa.modestring
The VPA usage mode.
Default:
"Initial"
Allowed values:
Initial
,Auto
- spec.resourcesRequests.vpa.cpuobject
- spec.resourcesRequests.modestring
- spec.tolerationsarray of objects
The same as in the pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
, it will be determined automatically.Format: the standard toleration list. Instance pods inherit this field as is.
- spec.tolerations.effectstring
Allowed values:
NoSchedule
,PreferNoSchedule
,NoExecute
- spec.tolerations.keystring
- spec.tolerations.operatorstring
Default:
"Equal"
Allowed values:
Exists
,Equal
- spec.tolerations.tolerationSecondsinteger
- spec.tolerations.valuestring
- spec.tolerations.effectstring
- spec.hostPortobject
IstioFederation
Scope: Cluster
Version: v1alpha1
CR for setting remote cluster as trusted one.
- specobject
Required value
- spec.metadataEndpointstring
Required value
HTTPS endpoint with remote cluster metadata.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$
Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/
- spec.trustDomainstring
Required value
The
TrustDomain
of the remote cluster.A mandatory parameter, however, it isn’t used currently since Istio cannot match TrustDomain with the root CA.
Pattern:
^[0-9a-zA-Z._-]+$
Example:
trustDomain: cluster.local
- spec.metadataEndpointstring
IstioMulticluster
Scope: Cluster
Version: v1alpha1
CR for setting remote cluster as trusted one.
- specobject
Required value
- spec.enableIngressGatewayboolean
Should Istio use ingressgateways to access remote Pods?
If remote Pods are accessible directly from our cluster (“flat” network), it is efficient not to use extra hop.
Default:
true
- spec.metadataEndpointstring
Required value
HTTPS endpoint with remote cluster metadata.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$
Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/
- spec.enableIngressGatewayboolean