IngressIstioController
Scope: Cluster
Version: v1alpha1
- spec
Required value
- spec.hostPort
HostPort
inlet settings.- spec.hostPort.httpPort
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPort
is not set.Example:
httpPort: '80'
- spec.hostPort.httpsPort
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPort
is not set.Example:
httpsPort: '443'
- spec.ingressGatewayClass
Required value
Ingress gateway class is used by application Gateway resources for identifying the right Ingress gateway setup.
The identification is organized by setting the spec.selector:
istio.deckhouse.io/ingress-gateway-class: <ingressGatewayClass value>
.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
Example:
ingressGatewayClass: istio
- spec.inlet
Required value
The way traffic goes to cluster from the outer network.
LoadBalancer
— Ingress controller is deployed and the service ofLoadBalancer
type is provisioned.NodePort
— Ingress controller is deployed and available through nodes’ ports vianodePort
.-
HostPort
— Ingress controller is deployed and available through nodes’ ports viahostPort
.Caution! There can be only one controller with this inlet type on a host.
Allowed values:
LoadBalancer
,HostPort
,NodePort
- spec.loadBalancer
Not required value.
A section of parameters of the
LoadBalancer
inlet.- spec.loadBalancer.annotations
Annotations to assign to the service for flexible configuration of the load balancer.
- spec.nodePort
HostPort
inlet settings.- spec.nodePort.httpPort
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPort
is not set.Example:
httpPort: '30080'
- spec.nodePort.httpsPort
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPort
is not set.Example:
httpsPort: '30443'
- spec.nodeSelector
The same as in the pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
, it will be determined automatically.Format: the standard
nodeSelector
list. Instance pods inherit this field as is. - spec.resourcesRequests
Max amounts of CPU and memory resources that the pod can request when selecting a node (if the VPA is disabled, then these values become the default ones).
- spec.resourcesRequests.mode
Required value
The mode for managing resource requests.
Default:
"VPA"
Allowed values:
VPA
,Static
- spec.resourcesRequests.static
Static mode settings.
- spec.resourcesRequests.static.cpu
CPU requests.
Default:
"350m"
- spec.resourcesRequests.static.memory
Memory requests.
Default:
"500Mi"
- spec.resourcesRequests.vpa
Parameters of the vpa mode.
- spec.resourcesRequests.vpa.cpu
CPU-related parameters.
- spec.resourcesRequests.vpa.cpu.max
Maximum allowed CPU requests.
Default:
"100m"
- spec.resourcesRequests.vpa.cpu.min
Minimum allowed CPU requests.
Default:
"50m"
- spec.resourcesRequests.vpa.memory
The amount of memory requested.
- spec.resourcesRequests.vpa.memory.max
Maximum allowed memory requests.
Default:
"200Mi"
- spec.resourcesRequests.vpa.memory.min
Minimum allowed memory requests.
Default:
"100Mi"
- spec.resourcesRequests.vpa.mode
The VPA usage mode.
Default:
"Initial"
Allowed values:
Initial
,Auto
- spec.tolerations
The same as in the pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
, it will be determined automatically.Format: the standard toleration list. Instance pods inherit this field as is.
- spec.tolerations.effect
Allowed values:
NoSchedule
,PreferNoSchedule
,NoExecute
- spec.tolerations.key
- spec.tolerations.operator
Default:
"Equal"
Allowed values:
Exists
,Equal
- spec.tolerations.tolerationSeconds
- spec.tolerations.value
IstioFederation
Scope: Cluster
Version: v1alpha1
Custom resource for setting remote cluster as trusted one.
- spec
Required value
This feature is available in enterprise edition only.
- spec.metadataEndpoint
Required value
HTTPS endpoint with remote cluster metadata.
This feature is available in enterprise edition only.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$
Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/
- spec.trustDomain
Required value
The
TrustDomain
of the remote cluster.A mandatory parameter, however, it isn’t used currently since Istio cannot match TrustDomain with the root CA.
This feature is available in enterprise edition only.
Pattern:
^[0-9a-zA-Z._-]+$
Example:
trustDomain: cluster.local
IstioMulticluster
Scope: Cluster
Version: v1alpha1
Custom resource for setting remote cluster as trusted one.
- spec
Required value
This feature is available in enterprise edition only.
- spec.enableIngressGateway
Should Istio use ingressgateways to access remote Pods?
If remote Pods are accessible directly from our cluster (“flat” network), it is efficient not to use extra hop.
Default:
true
This feature is available in enterprise edition only.
- spec.metadataEndpoint
Required value
HTTPS endpoint with remote cluster metadata.
This feature is available in enterprise edition only.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$
Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/