IngressIstioController
Scope: Cluster
Version: v1alpha1
- objectspec
Required value
- objectspec.hostPort
HostPortinlet settings.- integerspec.hostPort.httpPort
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPortis not set.Example:
httpPort: '80' - integerspec.hostPort.httpsPort
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPortis not set.Example:
httpsPort: '443'
- stringspec.ingressGatewayClass
Required value
Ingress gateway class is used by application Gateway resources for identifying the right Ingress gateway setup.
The identification is organized by setting the spec.selector:
istio.deckhouse.io/ingress-gateway-class: <ingressGatewayClass value>.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?$Example:
ingressGatewayClass: istio - stringspec.inlet
Required value
The way traffic goes to cluster from the outer network.
LoadBalancer— Ingress controller is deployed and the service ofLoadBalancertype is provisioned.NodePort— Ingress controller is deployed and available through nodes’ ports vianodePort.-
HostPort— Ingress controller is deployed and available through nodes’ ports viahostPort.Caution! There can be only one controller with this inlet type on a host.
Allowed values:
LoadBalancer,HostPort,NodePort - objectspec.loadBalancer
Not required value.
A section of parameters of the
LoadBalancerinlet.- objectspec.loadBalancer.annotations
Annotations to assign to the service for flexible configuration of the load balancer.
- objectspec.nodePort
HostPortinlet settings.- integerspec.nodePort.httpPort
Port for insecure HTTP connections.
If the parameter is not set, the connection over HTTP cannot be established.
This parameter is mandatory if
httpsPortis not set.Example:
httpPort: '30080' - integerspec.nodePort.httpsPort
Port for secure HTTPS connections.
If the parameter is not set, the connection over HTTPS cannot be established.
This parameter is mandatory if
httpPortis not set.Example:
httpsPort: '30443'
- objectspec.nodeSelector
The same as in the pods’
spec.nodeSelectorparameter in Kubernetes.If the parameter is omitted or
false, it will be determined automatically.Format: the standard
nodeSelectorlist. Instance pods inherit this field as is. - objectspec.resourcesRequests
Max amounts of CPU and memory resources that the pod can request when selecting a node (if the VPA is disabled, then these values become the default ones).
- stringspec.resourcesRequests.mode
Required value
The mode for managing resource requests.
Default:
"VPA"Allowed values:
VPA,Static - objectspec.resourcesRequests.static
Static mode settings.
- stringspec.resourcesRequests.static.cpu
CPU requests.
Default:
"350m" - stringspec.resourcesRequests.static.memory
Memory requests.
Default:
"500Mi"
- objectspec.resourcesRequests.vpa
Parameters of the vpa mode.
- objectspec.resourcesRequests.vpa.cpu
CPU-related parameters.
- stringspec.resourcesRequests.vpa.cpu.max
Maximum allowed CPU requests.
Default:
"100m" - stringspec.resourcesRequests.vpa.cpu.min
Minimum allowed CPU requests.
Default:
"50m"
- objectspec.resourcesRequests.vpa.memory
The amount of memory requested.
- stringspec.resourcesRequests.vpa.memory.max
Maximum allowed memory requests.
Default:
"200Mi" - stringspec.resourcesRequests.vpa.memory.min
Minimum allowed memory requests.
Default:
"100Mi"
- stringspec.resourcesRequests.vpa.mode
The VPA usage mode.
Default:
"Initial"Allowed values:
Initial,Auto
- array of objectsspec.tolerations
The same as in the pods’
spec.tolerationsparameter in Kubernetes;If the parameter is omitted or
false, it will be determined automatically.Format: the standard toleration list. Instance pods inherit this field as is.
- stringspec.tolerations.effect
Allowed values:
NoSchedule,PreferNoSchedule,NoExecute - stringspec.tolerations.key
- stringspec.tolerations.operator
Default:
"Equal"Allowed values:
Exists,Equal - integerspec.tolerations.tolerationSeconds
- stringspec.tolerations.value
IstioFederation
Scope: Cluster
Version: v1alpha1
Custom resource for setting remote cluster as trusted one.
- objectspec
Required value
This feature is available in enterprise edition only.
- stringspec.metadataEndpoint
Required value
HTTPS endpoint with remote cluster metadata.
This feature is available in enterprise edition only.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/ - stringspec.trustDomain
Required value
The
TrustDomainof the remote cluster.A mandatory parameter, however, it isn’t used currently since Istio cannot match TrustDomain with the root CA.
This feature is available in enterprise edition only.
Pattern:
^[0-9a-zA-Z._-]+$Example:
trustDomain: cluster.local
IstioMulticluster
Scope: Cluster
Version: v1alpha1
Custom resource for setting remote cluster as trusted one.
- objectspec
Required value
This feature is available in enterprise edition only.
- booleanspec.enableIngressGateway
Should Istio use ingressgateways to access remote Pods?
If remote Pods are accessible directly from our cluster (“flat” network), it is efficient not to use extra hop.
Default:
trueThis feature is available in enterprise edition only.
- stringspec.metadataEndpoint
Required value
HTTPS endpoint with remote cluster metadata.
This feature is available in enterprise edition only.
Pattern:
^(https|file)://[0-9a-zA-Z._/-]+$Example:
metadataEndpoint: https://istio.k8s.example.com/metadata/