IngressIstioController

Scope: Cluster
Version: v1alpha1

  • specobject

    Required value

    • spec.hostPortobject

      HostPort inlet settings.

      • spec.hostPort.httpPortinteger

        Port for insecure HTTP connections.

        If the parameter is not set, the connection over HTTP cannot be established.

        This parameter is mandatory if httpsPort is not set.

        Example:

        httpPort: '80'
        
      • spec.hostPort.httpsPortinteger

        Port for secure HTTPS connections.

        If the parameter is not set, the connection over HTTPS cannot be established.

        This parameter is mandatory if httpPort is not set.

        Example:

        httpsPort: '443'
        
    • spec.ingressGatewayClassstring

      Required value

      Ingress gateway class is used by application Gateway resources for identifying the right Ingress gateway setup.

      The identification is organized by setting the spec.selector: istio.deckhouse.io/ingress-gateway-class: <ingressGatewayClass value>.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

      Example:

      ingressGatewayClass: istio
      
    • spec.inletstring

      Required value

      The way traffic goes to cluster from the outer network.

      • LoadBalancer — Ingress controller is deployed and the service of LoadBalancer type is provisioned.
      • NodePort — Ingress controller is deployed and available through nodes’ ports via nodePort.
      • HostPort — Ingress controller is deployed and available through nodes’ ports via hostPort.

        Caution! There can be only one controller with this inlet type on a host.

      Allowed values: LoadBalancer, HostPort, NodePort

    • spec.loadBalancerobject

      Not required value.

      A section of parameters of the LoadBalancer inlet.

      • spec.loadBalancer.annotationsobject

        Annotations to assign to the service for flexible configuration of the load balancer.

    • spec.nodePortobject

      HostPort inlet settings.

      • spec.nodePort.httpPortinteger

        Port for insecure HTTP connections.

        If the parameter is not set, the connection over HTTP cannot be established.

        This parameter is mandatory if httpsPort is not set.

        Example:

        httpPort: '30080'
        
      • spec.nodePort.httpsPortinteger

        Port for secure HTTPS connections.

        If the parameter is not set, the connection over HTTPS cannot be established.

        This parameter is mandatory if httpPort is not set.

        Example:

        httpsPort: '30443'
        
    • spec.nodeSelectorobject

      The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

      If the parameter is omitted or false, it will be determined automatically.

      Format: the standard nodeSelector list. Instance pods inherit this field as is.

    • spec.resourcesRequestsobject

      Max amounts of CPU and memory resources that the pod can request when selecting a node (if the VPA is disabled, then these values become the default ones).

      • spec.resourcesRequests.modestring

        Required value

        The mode for managing resource requests.

        Default: "VPA"

        Allowed values: VPA, Static

      • spec.resourcesRequests.staticobject

        Static mode settings.

        • spec.resourcesRequests.static.cpustring

          CPU requests.

          Default: "350m"

        • spec.resourcesRequests.static.memorystring

          Memory requests.

          Default: "500Mi"

      • spec.resourcesRequests.vpaobject

        Parameters of the vpa mode.

        • spec.resourcesRequests.vpa.cpuobject

          CPU-related parameters.

          • spec.resourcesRequests.vpa.cpu.maxstring

            Maximum allowed CPU requests.

            Default: "100m"

          • spec.resourcesRequests.vpa.cpu.minstring

            Minimum allowed CPU requests.

            Default: "50m"

        • spec.resourcesRequests.vpa.memoryobject

          The amount of memory requested.

          • spec.resourcesRequests.vpa.memory.maxstring

            Maximum allowed memory requests.

            Default: "200Mi"

          • spec.resourcesRequests.vpa.memory.minstring

            Minimum allowed memory requests.

            Default: "100Mi"

        • spec.resourcesRequests.vpa.modestring

          The VPA usage mode.

          Default: "Initial"

          Allowed values: Initial, Auto

    • spec.tolerationsarray of objects

      The same as in the pods’ spec.tolerations parameter in Kubernetes;

      If the parameter is omitted or false, it will be determined automatically.

      Format: the standard toleration list. Instance pods inherit this field as is.

      • spec.tolerations.effectstring

        Allowed values: NoSchedule, PreferNoSchedule, NoExecute

      • spec.tolerations.keystring
      • spec.tolerations.operatorstring

        Default: "Equal"

        Allowed values: Exists, Equal

      • spec.tolerations.tolerationSecondsinteger
      • spec.tolerations.valuestring

IstioFederation

Scope: Cluster
Version: v1alpha1

Custom resource for setting remote cluster as trusted one.

  • specobject

    Required value

    This feature is available in enterprise edition only.

    • spec.metadataEndpointstring

      Required value

      HTTPS endpoint with remote cluster metadata.

      This feature is available in enterprise edition only.

      Pattern: ^(https|file)://[0-9a-zA-Z._/-]+$

      Example:

      metadataEndpoint: https://istio.k8s.example.com/metadata/
      
    • spec.trustDomainstring

      Required value

      The TrustDomain of the remote cluster.

      A mandatory parameter, however, it isn’t used currently since Istio cannot match TrustDomain with the root CA.

      This feature is available in enterprise edition only.

      Pattern: ^[0-9a-zA-Z._-]+$

      Example:

      trustDomain: cluster.local
      

IstioMulticluster

Scope: Cluster
Version: v1alpha1

Custom resource for setting remote cluster as trusted one.

  • specobject

    Required value

    This feature is available in enterprise edition only.

    • spec.enableIngressGatewayboolean

      Should Istio use ingressgateways to access remote Pods?

      If remote Pods are accessible directly from our cluster (“flat” network), it is efficient not to use extra hop.

      Default: true

      This feature is available in enterprise edition only.

    • spec.metadataEndpointstring

      Required value

      HTTPS endpoint with remote cluster metadata.

      This feature is available in enterprise edition only.

      Pattern: ^(https|file)://[0-9a-zA-Z._/-]+$

      Example:

      metadataEndpoint: https://istio.k8s.example.com/metadata/