---
title: v1alpha1
layout: protoc-gen-docs
generator: protoc-gen-docs
number_of_entries: 92
---
ArchConfig
ArchConfig specifies the pod scheduling target architecture(amd64, ppc64le, s390x) for all the Istio control plane components.
| Field |
Type |
Description |
Required |
amd64 |
uint32 |
Sets pod scheduling weight for amd64 arch
|
No
|
ppc64le |
uint32 |
Sets pod scheduling weight for ppc64le arch.
|
No
|
s390x |
uint32 |
Sets pod scheduling weight for s390x arch.
|
No
|
CNIConfig
Configuration for CNI.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether CNI is enabled.
|
No
|
hub |
string |
|
No
|
tag |
TypeInterface |
|
No
|
image |
string |
|
No
|
pullPolicy |
string |
|
No
|
cniBinDir |
string |
|
No
|
cniConfDir |
string |
|
No
|
cniConfFileName |
string |
|
No
|
excludeNamespaces |
string[] |
|
No
|
pspClusterRole |
string |
|
No
|
logLevel |
string |
|
No
|
repair |
CNIRepairConfig |
|
No
|
chained |
BoolValue |
|
No
|
podAnnotations |
TypeMapStringInterface |
|
No
|
CNIRepairConfig
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether repair behavior is enabled.
|
No
|
hub |
string |
|
No
|
tag |
TypeInterface |
|
No
|
image |
string |
|
No
|
labelPods |
bool |
Controls whether various repair behaviors are enabled.
|
No
|
deletePods |
bool |
|
No
|
brokenPodLabelKey |
string |
|
No
|
brokenPodLabelValue |
string |
|
No
|
initContainerName |
string |
|
No
|
createEvents |
string |
|
No
|
CPUTargetUtilizationConfig
Configuration for CPU target utilization for HorizontalPodAutoscaler target.
| Field |
Type |
Description |
Required |
targetAverageUtilization |
int32 |
K8s utilization setting for HorizontalPodAutoscaler target.
See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
No
|
Resources
Mirrors Resources for unmarshaling.
| Field |
Type |
Description |
Required |
limits |
map<string, string> |
|
No
|
requests |
map<string, string> |
|
No
|
CoreDNSConfig
Configuration for Core DNS.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether CoreDNS is enabled.
|
No
|
coreDNSImage |
string |
Image for Core DNS.
|
No
|
coreDNSTag |
string |
|
No
|
coreDNSPluginImage |
string |
|
No
|
autoscaleEnabled |
BoolValue |
Controls whether auto scaling with a HorizontalPodAutoscaler is enabled.
|
No
|
autoscaleMax |
uint32 |
maxReplicas setting for HorizontalPodAutoscaler.
|
No
|
autoscaleMin |
uint32 |
minReplicas setting for HorizontalPodAutoscaler.
|
No
|
nodeSelector |
TypeMapStringInterface |
K8s node selector.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
replicaCount |
uint32 |
Number of replicas for Core DNS.
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
rollingMaxSurge |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
rollingMaxUnavailable |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
cpu |
CPUTargetUtilizationConfig |
K8s utilization setting for HorizontalPodAutoscaler target.
See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
No
|
DefaultPodDisruptionBudgetConfig
DefaultPodDisruptionBudgetConfig specifies the default pod disruption budget configuration.
See https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether a PodDisruptionBudget with a default minAvailable value of 1 is created for each deployment.
|
No
|
DefaultResourcesConfig
DefaultResourcesConfig specifies the default k8s resources settings for all Istio control plane components.
| Field |
Type |
Description |
Required |
requests |
ResourcesRequestsConfig |
k8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
EgressGatewayConfig
Configuration for an egress gateway.
| Field |
Type |
Description |
Required |
autoscaleEnabled |
BoolValue |
Controls whether auto scaling with a HorizontalPodAutoscaler is enabled.
|
No
|
autoscaleMax |
uint32 |
maxReplicas setting for HorizontalPodAutoscaler.
|
No
|
autoscaleMin |
uint32 |
minReplicas setting for HorizontalPodAutoscaler.
|
No
|
connectTimeout |
string |
|
No
|
drainDuration |
Duration |
|
No
|
enabled |
BoolValue |
Controls whether an egress gateway is enabled.
|
No
|
env |
TypeMapStringInterface |
Environment variables passed to the proxy container.
|
No
|
labels |
GatewayLabelsConfig |
|
No
|
name |
string |
|
No
|
ports |
PortsConfig[] |
Ports Configuration for the egress gateway service.
|
No
|
secretVolumes |
SecretVolume[] |
Config for secret volume mounts.
|
No
|
serviceAnnotations |
TypeMapStringInterface |
Annotations to add to the egress gateway service.
|
No
|
type |
string |
Service type.
See https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
|
No
|
zvpn |
ZeroVPNConfig |
Enables cross-cluster access using SNI matching.
|
No
|
configVolumes |
TypeSliceOfMapStringInterface |
|
No
|
additionalContainers |
TypeSliceOfMapStringInterface |
|
No
|
runAsRoot |
BoolValue |
|
No
|
cpu |
CPUTargetUtilizationConfig |
K8s utilization setting for HorizontalPodAutoscaler target.
See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
No
|
nodeSelector |
TypeMapStringInterface |
K8s node selector.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
Pod anti-affinity label selector.
Specify the pod anti-affinity that allows you to constrain which nodes
your pod is eligible to be scheduled based on labels on pods that are
already running on the node rather than based on labels on nodes.
There are currently two types of anti-affinity:
“requiredDuringSchedulingIgnoredDuringExecution”
“preferredDuringSchedulingIgnoredDuringExecution”
which denote “hard” vs. “soft” requirements, you can define your values
in “podAntiAffinityLabelSelector” and “podAntiAffinityTermLabelSelector”
correspondingly.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
Examples:
podAntiAffinityLabelSelector:
- key: security
operator: In
values: S1,S2
topologyKey: “kubernetes.io/hostname”
This pod anti-affinity rule says that the pod requires not to be scheduled
onto a node if that node is already running a pod with label having key
“security” and value “S1”.
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
See PodAntiAffinityLabelSelector.
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
rollingMaxSurge |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
rollingMaxUnavailable |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
GatewayLabelsConfig
GatewayLabelsConfig is a set of Configuration for gateway labels.
| Field |
Type |
Description |
Required |
app |
string |
|
No
|
istio |
string |
|
No
|
GatewaysConfig
Configuration for gateways.
| Field |
Type |
Description |
Required |
istioEgressgateway |
EgressGatewayConfig |
Configuration for an egress gateway.
|
No
|
enabled |
BoolValue |
Controls whether any gateways are enabled.
|
No
|
istioIngressgateway |
IngressGatewayConfig |
Configuration for an ingress gateway.
|
No
|
GlobalConfig
Global Configuration for Istio components.
| Field |
Type |
Description |
Required |
arch |
ArchConfig |
Specifies pod scheduling arch(amd64, ppc64le, s390x) and weight as follows:
0 - Never scheduled
1 - Least preferred
2 - No preference
3 - Most preferred
|
No
|
configNamespace |
string |
Specifies the namespace for the configuration and validation component.
|
No
|
configRootNamespace |
string |
|
No
|
configValidation |
BoolValue |
Controls whether the server-side validation is enabled.
|
No
|
controlPlaneSecurityEnabled |
BoolValue |
Controls whether the MTLS for communication between the control plane components is enabled.
|
No
|
defaultConfigVisibilitySettings |
string[] |
|
No
|
enableHelmTest |
BoolValue |
Controls whether the helm test templates are enabled.
|
No
|
enableTracing |
BoolValue |
Controls whether the distributed tracing for the applications is enabled.
See https://opentracing.io/docs/overview/what-is-tracing/
|
No
|
hub |
string |
Specifies the docker hub for Istio images.
|
No
|
imagePullPolicy |
string |
Specifies the image pull policy for the Istio images. one of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
|
No
|
imagePullSecrets |
string[] |
|
No
|
istioNamespace |
string |
Specifies the default namespace for the Istio control plane components.
|
No
|
localityLbSetting |
TypeMapStringInterface |
Specifies the global locality load balancing settings.
Locality-weighted load balancing allows administrators to control the distribution of traffic to
endpoints based on the localities of where the traffic originates and where it will terminate.
Please set either failover or distribute configuration but not both.
localityLbSetting:
distribute:
- from: “us-central1/”
to:
“us-central1/”: 80
“us-central2/*”: 20
localityLbSetting:
failover:
- from: us-east
to: eu-west
- from: us-west
to: us-east
|
No
|
logAsJson |
BoolValue |
|
No
|
logging |
GlobalLoggingConfig |
Specifies the global logging level settings for the Istio control plane components.
|
No
|
meshExpansion |
MeshExpansionConfig |
Specifies the Configuration for Istio mesh expansion to bare metal.
|
No
|
meshID |
string |
|
No
|
meshNetworks |
TypeMapStringInterface |
Configure the mesh networks to be used by the Split Horizon EDS.
The following example defines two networks with different endpoints association methods.
For network1 all endpoints that their IP belongs to the provided CIDR range will be
mapped to network1. The gateway for this network example is specified by its public IP
address and port.
The second network, network2, in this example is defined differently with all endpoints
retrieved through the specified Multi-Cluster registry being mapped to network2. The
gateway is also defined differently with the name of the gateway service on the remote
cluster. The public IP for the gateway will be determined from that remote service (only
LoadBalancer gateway service type is currently supported, for a NodePort type gateway service,
it still need to be configured manually).
meshNetworks:
network1:
endpoints:
- fromCidr: “192.168.0.1⁄24”
gateways:
- address: 1.1.1.1
port: 80
network2:
endpoints:
- fromRegistry: reg1
gateways:
- registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local
port: 443
|
No
|
monitoringPort |
uint32 |
Specifies the monitor port number for all Istio control plane components.
|
No
|
multiCluster |
MultiClusterConfig |
Specifies the Configuration for Istio mesh across multiple clusters through Istio gateways.
|
No
|
network |
string |
|
No
|
podDNSSearchNamespaces |
string[] |
Custom DNS config for the pod to resolve names of services in other
clusters. Use this to add additional search domains, and other settings.
see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config
This does not apply to gateway pods as they typically need a different
set of DNS settings than the normal application pods (e.g. in multicluster scenarios).
|
No
|
omitSidecarInjectorConfigMap |
BoolValue |
|
No
|
oneNamespace |
BoolValue |
Controls whether to restrict the applications namespace the controller manages;
If set it to false, the controller watches all namespaces.
|
No
|
operatorManageWebhooks |
BoolValue |
|
No
|
outboundTrafficPolicy |
OutboundTrafficPolicyConfig |
Controls the default behavior of the sidecar for handling outbound traffic from the application.
|
No
|
policyCheckFailOpen |
BoolValue |
Controls whether to allow traffic in cases when the mixer policy service cannot be reached.
|
No
|
policyNamespace |
string |
Specifies the namespace for the policy component.
|
No
|
prometheusNamespace |
string |
|
No
|
proxy |
ProxyConfig |
Specifies how proxies are configured within Istio.
|
No
|
proxyInit |
ProxyInitConfig |
Specifies the Configuration for proxy_init container which sets the pods’ networking to intercept the inbound/outbound traffic.
|
No
|
sds |
SDSConfig |
Specifies the Configuration for the SecretDiscoveryService instead of using K8S secrets to mount the certificates.
|
No
|
tag |
TypeInterface |
Specifies the tag for the Istio docker images.
|
No
|
telemetryNamespace |
string |
Specifies the namespace for the telemetry component.
|
No
|
tracer |
TracerConfig |
Specifies the Configuration for each of the supported tracers.
|
No
|
trustDomain |
string |
Specifies the trust domain that corresponds to the root cert of CA.
|
No
|
trustDomainAliases |
string[] |
The trust domain aliases represent the aliases of trustDomain.
|
No
|
useMCP |
BoolValue |
Controls whether to use of Mesh Configuration Protocol to distribute configuration.
|
No
|
istioRemote |
BoolValue |
Settings for remote cluster.
Controls whether to use the Istio remote control plane
|
No
|
createRemoteSvcEndpoints |
BoolValue |
|
No
|
remotePilotCreateSvcEndpoint |
BoolValue |
If set, a selector-less service and endpoint for istio-pilot are created with the remotePilotAddress IP,
which ensures the istio-pilot. is DNS resolvable in the remote cluster.
|
No
|
remotePolicyAddress |
string |
Specifies the Istio control plane’s policy Pod IP address or remote cluster DNS resolvable hostname.
|
No
|
remotePilotAddress |
string |
Specifies the Istio control plane’s pilot Pod IP address or remote cluster DNS resolvable hostname.
|
No
|
remoteTelemetryAddress |
string |
Specifies the Istio control plane’s telemetry Pod IP address or remote cluster DNS resolvable hostname
|
No
|
istiod |
IstiodConfig |
Specifies the configution of istiod
|
No
|
pilotCertProvider |
string |
Configure the Pilot certificate provider.
Currently, two providers are supported: “kubernetes” and “citadel”.
|
No
|
jwtPolicy |
string |
Configure the policy for validating JWT.
Currently, two options are supported: “third-party-jwt” and “first-party-jwt”.
|
No
|
sts |
STSConfig |
Specifies the configuration for Security Token Service.
|
No
|
revision |
string |
Configures the revision this control plane is a part of
|
No
|
mountMtlsCerts |
BoolValue |
Controls whether the in-cluster MTLS key and certs are loaded from the secret volume mounts.
|
No
|
caAddress |
string |
The address of the CA for CSR.
|
No
|
centralIstiod |
BoolValue |
Controls whether one central istiod is enabled.
|
No
|
defaultNodeSelector |
TypeMapStringInterface |
Default k8s node selector for all the Istio control plane components
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
defaultPodDisruptionBudget |
DefaultPodDisruptionBudgetConfig |
Specifies the default pod disruption budget configuration.
|
No
|
defaultResources |
DefaultResourcesConfig |
Default k8s resources settings for all Istio control plane components.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
defaultTolerations |
TypeSliceOfMapStringInterface |
|
No
|
priorityClassName |
string |
Specifies the k8s priorityClassName for the istio control plane components.
See https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
No
|
STSConfig
Configuration for Security Token Service (STS) server.
See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16
| Field |
Type |
Description |
Required |
servicePort |
uint32 |
|
No
|
IstiodConfig
| Field |
Type |
Description |
Required |
enableAnalysis |
BoolValue |
If enabled, istiod will perform config analysis
|
No
|
GlobalLoggingConfig
GlobalLoggingConfig specifies the global logging level settings for the Istio control plane components.
| Field |
Type |
Description |
Required |
level |
string |
Comma-separated minimum per-scope logging level of messages to output, in the form of :,:
The control plane has different scopes depending on component, but can configure default log level across all components
If empty, default scope and level will be used as configured in code
|
No
|
IngressGatewayConfig
Configuration for an ingress gateway.
IngressGatewaySdsConfig
Secret Discovery Service (SDS) Configuration for ingress gateway.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
If true, ingress gateway fetches credentials from SDS server to handle TLS connections.
|
No
|
image |
string |
SDS server that watches kubernetes secrets and provisions credentials to ingress gateway.
This server runs in the same pod as ingress gateway.
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
IngressGatewayZvpnConfig
IngressGatewayZvpnConfig enables cross-cluster access using SNI matching.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether ZeroVPN is enabled.
|
No
|
suffix |
string |
|
No
|
KubernetesEnvMixerAdapterConfig
Configuration for Kubernetes environment adapter in mixer.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Enables the Kubernetes env adapter in Mixer.
See: https://istio.io/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/
|
No
|
LoadSheddingConfig
Configuration for when mixer starts rejecting grpc requests.
| Field |
Type |
Description |
Required |
latencyThreshold |
string |
|
No
|
mode |
mode |
|
No
|
MeshExpansionConfig
Configuration for Istio mesh expansion to bare metal.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Exposes Pilot and Citadel mTLS on the ingress gateway.
|
No
|
useILB |
BoolValue |
Exposes Pilot and Citadel mTLS and the plain text Pilot ports on an internal gateway.
|
No
|
MixerTelemetryAdaptersConfig
Configuration for Mixer Telemetry adapters.
MixerPolicyAdaptersConfig
Configuration for Mixer Policy adapters.
MixerConfig
MixerPolicyConfig
Configuration for Mixer Policy.
| Field |
Type |
Description |
Required |
autoscaleEnabled |
BoolValue |
Controls whether a HorizontalPodAutoscaler is installed for Mixer Policy.
|
No
|
autoscaleMax |
uint32 |
Maximum number of replicas in the HorizontalPodAutoscaler for Mixer Policy.
|
No
|
autoscaleMin |
uint32 |
Minimum number of replicas in the HorizontalPodAutoscaler for Mixer Policy.
|
No
|
enabled |
BoolValue |
Controls whether Mixer Policy is enabled
|
No
|
image |
string |
Image name used for Mixer Policy.
This can be set either to image name if hub is also set, or can be set to the full hub:name string.
Examples: custom-mixer, docker.io/someuser:custom-mixer
|
No
|
adapters |
MixerPolicyAdaptersConfig |
Configuration for different mixer adapters.
|
No
|
sessionAffinityEnabled |
BoolValue |
Controls whether to enable the sticky session setting when choosing backend pods.
|
No
|
env |
TypeMapStringInterface |
Environment variables passed to the Mixer container.
Examples:
env:
ENVVAR1: value1
ENVVAR2: value2
|
No
|
hub |
string |
|
No
|
tag |
TypeInterface |
|
No
|
cpu |
CPUTargetUtilizationConfig |
Target CPU utilization used in HorizontalPodAutoscaler.
See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations to attach to mixer policy deployment
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
replicaCount |
uint32 |
Number of replicas in the Mixer Policy Deployment
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
rollingMaxSurge |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
rollingMaxUnavailable |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
nodeSelector |
TypeMapStringInterface |
K8s node selector.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
MixerTelemetryConfig
Configuration for Mixer Telemetry.
| Field |
Type |
Description |
Required |
autoscaleEnabled |
BoolValue |
Controls whether a HorizontalPodAutoscaler is installed for Mixer Telemetry.
|
No
|
autoscaleMax |
uint32 |
Maximum number of replicas in the HorizontalPodAutoscaler for Mixer Telemetry.
|
No
|
autoscaleMin |
uint32 |
Minimum number of replicas in the HorizontalPodAutoscaler for Mixer Telemetry.
|
No
|
enabled |
BoolValue |
Controls whether Mixer Telemetry is enabled.
|
No
|
env |
TypeMapStringInterface |
Environment variables passed to the Mixer container.
Examples:
env:
ENVVAR1: value1
ENVVAR2: value2
|
No
|
image |
string |
Image name used for Mixer Telemetry.
This can be set either to image name if hub is also set, or can be set to the full hub:name string.
Examples: custom-mixer, docker.io/someuser:custom-mixer
|
No
|
loadshedding |
LoadSheddingConfig |
LoadSheddingConfig configs when mixer starts rejecting grpc requests.
|
No
|
useMCP |
BoolValue |
Controls whether to use of Mesh Configuration Protocol to distribute configuration.
|
No
|
sessionAffinityEnabled |
BoolValue |
Controls whether to enable the sticky session setting when choosing backend pods.
|
No
|
hub |
string |
|
No
|
tag |
TypeInterface |
|
No
|
cpu |
CPUTargetUtilizationConfig |
Target CPU utilization used in HorizontalPodAutoscaler.
See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
No
|
nodeSelector |
TypeMapStringInterface |
K8s node selector.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations to attach to mixer telemetry deployment
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
replicaCount |
uint32 |
Number of replicas in the Mixer Telemetry Deployment.
|
No
|
rollingMaxSurge |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
rollingMaxUnavailable |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
MultiClusterConfig
MultiClusterConfig specifies the Configuration for Istio mesh across multiple clusters through the istio gateways.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Enables the connection between two kubernetes clusters via their respective ingressgateway services.
Use if the pods in each cluster cannot directly talk to one another.
|
No
|
clusterName |
string |
|
No
|
OutboundTrafficPolicyConfig
OutboundTrafficPolicyConfig controls the default behavior of the sidecar for handling outbound traffic from the application.
| Field |
Type |
Description |
Required |
mode |
Mode |
|
No
|
PilotConfig
Configuration for Pilot.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether Pilot is enabled.
|
No
|
autoscaleEnabled |
BoolValue |
Controls whether a HorizontalPodAutoscaler is installed for Pilot.
|
No
|
autoscaleMin |
uint32 |
Minimum number of replicas in the HorizontalPodAutoscaler for Pilot.
|
No
|
autoscaleMax |
uint32 |
Maximum number of replicas in the HorizontalPodAutoscaler for Pilot.
|
No
|
image |
string |
Image name used for Pilot.
This can be set either to image name if hub is also set, or can be set to the full hub:name string.
Examples: custom-pilot, docker.io/someuser:custom-pilot
|
No
|
sidecar |
BoolValue |
Controls whether a sidecar proxy is installed in the Pilot pod.
Setting to true installs a proxy in the Pilot pod, used primarily for collecting Pilot telemetry.
|
No
|
traceSampling |
double |
Trace sampling fraction.
Used to set the fraction of time that traces are sampled. Higher values are more accurate but add CPU overhead.
Allowed values: 0.0 to 1.0
|
No
|
configNamespace |
string |
Namespace that the configuration management feature is installed into, if different from Pilot namespace.
|
No
|
keepaliveMaxServerConnectionAge |
Duration |
Maximum duration that a sidecar can be connected to a pilot.
This setting balances out load across pilot instances, but adds some resource overhead.
Examples: 300s, 30m, 1h
|
No
|
deploymentLabels |
TypeMapStringInterface |
Labels that are added to Pilot pods.
See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
No
|
configMap |
BoolValue |
Configuration settings passed to Pilot as a ConfigMap.
This controls whether the mesh config map, generated from values.yaml is generated.
If false, pilot wil use default values or user-supplied values, in that order of preference.
|
No
|
useMCP |
BoolValue |
Controls whether Pilot is configured through the Mesh Control Protocol (MCP).
If set to true, Pilot requires an MCP server (like Galley) to be installed.
|
No
|
env |
TypeMapStringInterface |
Environment variables passed to the Pilot container.
Examples:
env:
ENVVAR1: value1
ENVVAR2: value2
|
No
|
policy |
PilotPolicyConfig |
Controls whether Istio policy is applied to Pilot.
|
No
|
appNamespaces |
TypeSliceOfMapStringInterface |
|
No
|
enableProtocolSniffingForOutbound |
BoolValue |
if protocol sniffing is enabled for outbound
|
No
|
enableProtocolSniffingForInbound |
BoolValue |
if protocol sniffing is enabled for inbound
|
No
|
configSource |
PilotConfigSource |
ConfigSource describes a source of configuration data for networking
rules, and other Istio configuration artifacts. Multiple data sources
can be configured for a single control plane.
|
No
|
plugins |
TypeSliceString |
|
No
|
hub |
string |
|
No
|
tag |
TypeInterface |
|
No
|
replicaCount |
uint32 |
Number of replicas in the Pilot Deployment.
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
cpu |
CPUTargetUtilizationConfig |
Target CPU utilization used in HorizontalPodAutoscaler.
See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
No
|
nodeSelector |
TypeMapStringInterface |
K8s node selector.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
See EgressGatewayConfig.
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
See EgressGatewayConfig.
|
No
|
rollingMaxSurge |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
rollingMaxUnavailable |
TypeIntOrStringForPB |
K8s rolling update strategy
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
PilotIngressConfig
Controls legacy k8s ingress. Only one pilot profile should enable ingress support.
| Field |
Type |
Description |
Required |
ingressService |
string |
Sets the type ingress service for Pilot.
If empty, node-port is assumed.
Allowed values: node-port, istio-ingressgateway, ingress
|
No
|
ingressControllerMode |
ingressControllerMode |
|
No
|
ingressClass |
string |
If mode is STRICT, this value must be set on “kubernetes.io/ingress.class” annotation to activate.
|
No
|
PilotPolicyConfig
Controls whether Istio policy is applied to Pilot.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether Istio policy is applied to Pilot.
|
No
|
TelemetryConfig
Controls telemetry configuration
TelemetryV1Config
Controls whether pilot will configure telemetry v1.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether pilot will configure telemetry v1.
|
No
|
TelemetryV2Config
Controls whether pilot will configure telemetry v2.
| Field |
Type |
Description |
Required |
wasmEnabled |
BoolValue |
Controls whether enabled WebAssembly runtime for metadata exchange filter.
|
No
|
TelemetryV2PrometheusConfig
Conrols telemetry v2 prometheus settings.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether stats envoyfilter would be enabled or not.
|
No
|
wasmEnabled |
BoolValue |
Controls whether enabled WebAssembly runtime for stats filter.
|
No
|
TelemetryV2StackDriverConfig
Conrols telemetry v2 stackdriver settings.
TelemetryV2AccessLogPolicyFilterConfig
Conrols telemetry v2 access log policy filter settings.
PilotConfigSource
PilotConfigSource describes information about a configuration store inside a
mesh. A single control plane instance can interact with one or more data
sources.
| Field |
Type |
Description |
Required |
subscribedResources |
string[] |
Describes the source of configuration, if nothing is specified default is MCP.
|
No
|
PortsConfig
Configuration for a port.
| Field |
Type |
Description |
Required |
name |
string |
Port name.
|
No
|
port |
int32 |
Port number.
|
No
|
nodePort |
int32 |
NodePort number.
|
No
|
targetPort |
int32 |
Target port number.
|
No
|
PrometheusConfig
Configuration for Prometheus.
| Field |
Type |
Description |
Required |
createPrometheusResource |
BoolValue |
|
No
|
enabled |
BoolValue |
|
No
|
hub |
string |
|
No
|
tag |
TypeInterface |
|
No
|
retention |
string |
|
No
|
scrapeInterval |
Duration |
|
No
|
contextPath |
string |
|
No
|
service |
PrometheusServiceConfig |
|
No
|
security |
PrometheusSecurityConfig |
|
No
|
provisionPrometheusCert |
BoolValue |
Configure whether provisions a certificate to Prometheus through Istio Agent.
When this option is set as true, a sidecar is deployed along Prometheus to
provision a certificate through Istio Agent to Prometheus. The provisioned certificate
is shared with Prometheus through mounted files.
When this option is set as false, this certificate provisioning mechanism is disabled.
|
No
|
replicaCount |
uint32 |
|
No
|
nodeSelector |
TypeMapStringInterface |
GOSTRUCT: NodeSelector map[string]interface{} json:"nodeSelector,omitempty"
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
datasources |
TypeSliceOfMapStringInterface |
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
image |
string |
|
No
|
PrometheusMixerAdapterConfig
Configuration for Prometheus adapter in mixer.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Enables the Prometheus adapter in Mixer.
|
No
|
metricsExpiryDuration |
Duration |
Sets the duration after which Prometheus registry purges a metric.
See: https://istio.io/docs/reference/config/policy-and-telemetry/adapters/prometheus/#Params
|
No
|
PrometheusSecurityConfig
Configuration for Prometheus adapter security.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether Prometheus security is enabled.
|
No
|
PrometheusServiceConfig
Configuration for Prometheus adapter service.
PrometheusServiceNodePortConfig
Configuration for Prometheus Service NodePort.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether Prometheus NodePort config is enabled.
|
No
|
port |
uint32 |
|
No
|
ProxyConfig
Configuration for Proxy.
| Field |
Type |
Description |
Required |
autoInject |
string |
|
No
|
clusterDomain |
string |
Domain for the cluster, default: “cluster.local”.
K8s allows this to be customized, see https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/
|
No
|
componentLogLevel |
string |
Per Component log level for proxy, applies to gateways and sidecars.
If a component level is not set, then the global “logLevel” will be used. If left empty, “misc:error” is used.
|
No
|
enableCoreDump |
BoolValue |
Enables core dumps for newly injected sidecars.
If set, newly injected sidecars will have core dumps enabled.
|
No
|
excludeInboundPorts |
string |
Specifies the Istio ingress ports not to capture.
|
No
|
excludeIPRanges |
string |
Lists the excluded IP ranges of Istio egress traffic that the sidecar captures.
|
No
|
image |
string |
Image name or path for the proxy, default: “proxyv2”.
If registry or tag are not specified, global.hub and global.tag are used.
Examples: my-proxy (uses global.hub/tag), docker.io/myrepo/my-proxy:v1.0.0
|
No
|
includeIPRanges |
string |
Lists the IP ranges of Istio egress traffic that the sidecar captures.
Example: “172.30.0.0/16,172.20.0.0/16”
This would only capture egress traffic on those two IP Ranges, all other outbound traffic would # be allowed by the sidecar.”
|
No
|
logLevel |
string |
Log level for proxy, applies to gateways and sidecars. If left empty, “warning” is used. Expected values are: trace|debug|info|warning|error|critical|off
|
No
|
privileged |
BoolValue |
Enables privileged securityContext for the istio-proxy container.
See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
No
|
readinessInitialDelaySeconds |
uint32 |
Sets the initial delay for readiness probes in seconds.
|
No
|
readinessPeriodSeconds |
uint32 |
Sets the interval between readiness probes in seconds.
|
No
|
readinessFailureThreshold |
uint32 |
Sets the number of successive failed probes before indicating readiness failure.
|
No
|
statusPort |
uint32 |
Default port used for the Pilot agent’s health checks.
|
No
|
tracer |
tracer |
|
No
|
excludeOutboundPorts |
string |
|
No
|
lifecycle |
TypeMapStringInterface |
|
No
|
holdApplicationUntilProxyStarts |
BoolValue |
Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
ProxyInitConfig
Configuration for proxy_init container which sets the pods’ networking to intercept the inbound/outbound traffic.
| Field |
Type |
Description |
Required |
image |
string |
Specifies the image for the proxy_init container.
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
ResourcesRequestsConfig
Configuration for K8s resource requests.
| Field |
Type |
Description |
Required |
cpu |
string |
|
No
|
memory |
string |
|
No
|
SDSConfig
Configuration for the SecretDiscoveryService instead of using K8S secrets to mount the certificates.
SecretVolume
Configuration for secret volume mounts.
See https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets.
| Field |
Type |
Description |
Required |
mountPath |
string |
|
No
|
name |
string |
|
No
|
secretName |
string |
|
No
|
ServiceConfig
ServiceConfig is described in istio.io documentation.
| Field |
Type |
Description |
Required |
annotations |
TypeMapStringInterface |
|
No
|
externalPort |
uint32 |
|
No
|
name |
string |
|
No
|
type |
string |
|
No
|
SidecarInjectorConfig
SidecarInjectorConfig is described in istio.io documentation.
| Field |
Type |
Description |
Required |
enableNamespacesByDefault |
BoolValue |
Enables sidecar auto-injection in namespaces by default.
|
No
|
neverInjectSelector |
TypeSliceOfMapStringInterface |
Instructs Istio to not inject the sidecar on those pods, based on labels that are present in those pods.
Annotations in the pods have higher precedence than the label selectors.
Order of evaluation: Pod Annotations → NeverInjectSelector → AlwaysInjectSelector → Default Policy.
See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions
|
No
|
alwaysInjectSelector |
TypeSliceOfMapStringInterface |
See NeverInjectSelector.
|
No
|
rewriteAppHTTPProbe |
BoolValue |
If true, webhook or istioctl injector will rewrite PodSpec for liveness health check to redirect request to sidecar. This makes liveness check work even when mTLS is enabled.
|
No
|
injectLabel |
string |
|
No
|
injectedAnnotations |
TypeMapStringInterface |
injectedAnnotations are additional annotations that will be added to the pod spec after injection
This is primarily to support PSP annotations.
|
No
|
objectSelector |
TypeMapStringInterface |
Enable objectSelector to filter out pods with no need for sidecar before calling istio-sidecar-injector.
|
No
|
injectionURL |
string |
Configure the injection url for sidecar injector webhook
|
No
|
StdioMixerAdapterConfig
Configuration for stdio adapter in mixer, recommended for debug usage only.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Enable stdio adapter to output logs and metrics to local machine.
|
No
|
outputAsJson |
BoolValue |
Whether to output a console-friendly or json-friendly format.
|
No
|
StackdriverMixerAdapterConfig
Configuration for stackdriver adapter in mixer.
StackdriverAuthConfig
| Field |
Type |
Description |
Required |
appCredentials |
BoolValue |
|
No
|
apiKey |
string |
|
No
|
serviceAccountPath |
string |
|
No
|
StackdriverTracerConfig
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
|
No
|
sampleProbability |
uint32 |
|
No
|
StackdriverContextGraph
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
|
No
|
TracerConfig
Configuration for each of the supported tracers.
TracerDatadogConfig
Configuration for the datadog tracing service.
| Field |
Type |
Description |
Required |
address |
string |
Address in host:port format for reporting trace data to the Datadog agent.
|
No
|
TracerLightStepConfig
Configuration for the lightstep tracing service.
| Field |
Type |
Description |
Required |
address |
string |
Sets the lightstep satellite pool address in host:port format for reporting trace data.
|
No
|
accessToken |
string |
Sets the lightstep access token.
|
No
|
TracerZipkinConfig
Configuration for the zipkin tracing service.
| Field |
Type |
Description |
Required |
address |
string |
Address of zipkin instance in host:port format for reporting trace data.
Example: .:941
|
No
|
TracerStackdriverConfig
Configuration for the stackdriver tracing service.
| Field |
Type |
Description |
Required |
debug |
BoolValue |
enables trace output to stdout.
|
No
|
maxNumberOfAttributes |
uint32 |
The global default max number of attributes per span.
|
No
|
maxNumberOfAnnotations |
uint32 |
The global default max number of annotation events per span.
|
No
|
maxNumberOfMessageEvents |
uint32 |
The global default max number of message events per span.
|
No
|
TracingConfig
Configurations for different tracing system to be installed.
TracingOpencensusConfig
| Field |
Type |
Description |
Required |
hub |
string |
Image hub for Opencensus tracing deployment.
|
No
|
tag |
TypeInterface |
Image tag for Opencensus tracing deployment.
|
No
|
exporters |
TracingOpencensusExportersConfig |
|
No
|
resources |
TypeMapStringInterface |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
TracingOpencensusExportersConfig
TracingJaegerConfig
Configuration for addon Jaeger tracing.
| Field |
Type |
Description |
Required |
hub |
string |
Image hub for Jaeger tracing deployment.
|
No
|
tag |
TypeInterface |
Image tag for Jaeger tracing deployment.
|
No
|
image |
string |
|
No
|
memory |
TracingJaegerMemoryConfig |
Configures Jaeger in-memory storage setting.
|
No
|
spanStorageType |
string |
|
No
|
persist |
BoolValue |
|
No
|
storageClassName |
string |
|
No
|
accessMode |
string |
|
No
|
resources |
TypeMapStringInterface |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
TracingJaegerMemoryConfig
Configuration for Jaeger in-memory storage setting.
| Field |
Type |
Description |
Required |
maxTraces |
uint32 |
Set limit of the amount of traces stored in memory for Jaeger
|
No
|
TracingZipkinConfig
Configuration for Zipkin.
| Field |
Type |
Description |
Required |
hub |
string |
Image hub for Zipkin tracing deployment.
|
No
|
tag |
TypeInterface |
Image tag for Zipkin tracing deployment.
|
No
|
image |
string |
|
No
|
probeStartupDelay |
uint32 |
InitialDelaySeconds of readiness probe for Zipkin deployment
|
No
|
livenessProbeStartupDelay |
uint32 |
InitialDelaySeconds of liveness probe for Zipkin deployment
|
No
|
queryPort |
uint32 |
Container port for Zipkin deployment
|
No
|
javaOptsHeap |
uint32 |
Configure java heap opts for Zipkin deployment
|
No
|
maxSpans |
uint32 |
Configures number of max spans to keep in Zipkin memory storage.
Example: A safe estimate is 1K of memory per span (each span with 2 annotations + 1 binary annotation), plus 100 MB for a safety buffer
|
No
|
node |
TracingZipkinNodeConfig |
Configures GC values of JAVA_OPTS for Zipkin deployment
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
TracingZipkinNodeConfig
Configuration for GC values of JAVA_OPTS for Zipkin deployment
| Field |
Type |
Description |
Required |
cpus |
uint32 |
Configures -XX:ConcGCThreads value of JAVA_OPTS for Zipkin deployment
|
No
|
KialiSecurityConfig
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
|
No
|
certFile |
string |
|
No
|
privateKeyFile |
string |
|
No
|
KialiServiceConfig
| Field |
Type |
Description |
Required |
annotations |
TypeMapStringInterface |
|
No
|
type |
string |
Service type.
See https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
|
No
|
KialiDashboardConfig
| Field |
Type |
Description |
Required |
secretName |
string |
|
No
|
usernameKey |
string |
|
No
|
passphraseKey |
string |
|
No
|
viewOnlyMode |
BoolValue |
|
No
|
grafanaURL |
string |
|
No
|
jaegerURL |
string |
|
No
|
auth |
TypeMapStringInterface |
|
No
|
grafanaInClusterURL |
string |
|
No
|
jaegerInClusterURL |
string |
|
No
|
KialiConfig
Configuration for Kiali addon.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
|
No
|
createDemoSecret |
BoolValue |
|
No
|
hub |
string |
Image hub for kiali deployment.
|
No
|
tag |
TypeInterface |
Image tag for kiali deployment.
|
No
|
prometheusNamespace |
string |
|
No
|
security |
KialiSecurityConfig |
|
No
|
dashboard |
KialiDashboardConfig |
|
No
|
contextPath |
string |
|
No
|
service |
KialiServiceConfig |
|
No
|
replicaCount |
uint32 |
Number of replicas for Kiali.
|
No
|
nodeSelector |
TypeMapStringInterface |
K8s node selector.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
No
|
podAnnotations |
TypeMapStringInterface |
K8s annotations for pods.
See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
No
|
podAntiAffinityLabelSelector |
TypeSliceOfMapStringInterface |
Pod anti-affinity label selector.
Specify the pod anti-affinity that allows you to constrain which nodes
your pod is eligible to be scheduled based on labels on pods that are
already running on the node rather than based on labels on nodes.
There are currently two types of anti-affinity:
“requiredDuringSchedulingIgnoredDuringExecution”
“preferredDuringSchedulingIgnoredDuringExecution”
which denote “hard” vs. “soft” requirements, you can define your values
in “podAntiAffinityLabelSelector” and “podAntiAffinityTermLabelSelector”
correspondingly.
See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
Examples:
podAntiAffinityLabelSelector:
- key: security
operator: In
values: S1,S2
topologyKey: “kubernetes.io/hostname”
This pod anti-affinity rule says that the pod requires not to be scheduled
onto a node if that node is already running a pod with label having key
“security” and value “S1”.
|
No
|
podAntiAffinityTermLabelSelector |
TypeSliceOfMapStringInterface |
See PodAntiAffinityLabelSelector.
|
No
|
tolerations |
TypeSliceOfMapStringInterface |
|
No
|
image |
string |
|
No
|
resources |
Resources |
K8s resources settings.
See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container
|
No
|
prometheusAddr |
string |
|
No
|
BaseConfig
| Field |
Type |
Description |
Required |
enableCRDTemplates |
BoolValue |
For Helm2 use, adds the CRDs to templates.
|
No
|
validationURL |
string |
URL to use for validating webhook.
|
No
|
IstiodRemoteConfig
| Field |
Type |
Description |
Required |
injectionURL |
string |
URL to use for sidecar injector webhook.
|
No
|
Values
TypeMapStringInterface
GOTYPE: map[string]interface{}
TypeSliceOfMapStringInterface
GOTYPE: []map[string]interface{}
TypeIntOrStringForPB
GOTYPE: *IntOrStringForPB
TypeSliceString
ZeroVPNConfig
ZeroVPNConfig enables cross-cluster access using SNI matching.
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
Controls whether ZeroVPN is enabled.
|
No
|
suffix |
string |
|
No
|
TypeInterface
StackdriverMixerAdapterConfig.EnabledConfig
| Field |
Type |
Description |
Required |
enabled |
BoolValue |
|
No
|
OutboundTrafficPolicyConfig.Mode
Specifies the sidecar’s default behavior when handling outbound traffic from the application.
| Name |
Description |
ALLOW_ANY |
Outbound traffic to unknown destinations will be allowed, in case there are no services or ServiceEntries for the destination port
|
REGISTRY_ONLY |
Restrict outbound traffic to services defined in the service registry as well as those defined through ServiceEntries
|
mode
Throttling behavior for mixer.
| Name |
Description |
disabled |
Removes throttling behavior for mixer.
|
log_only |
Enables an advisory mode for throttling behavior for mixer.
|
enforce |
Turn on throttling behavior for mixer.
|
ingressControllerMode
Mode for the ingress controller.
| Name |
Description |
UNSPECIFIED |
Unspecified Istio ingress controller.
|
DEFAULT |
Selects all Ingress resources, with or without Istio annotation.
|
STRICT |
Selects only resources with istio annotation.
|
OFF |
No ingress or sync.
|
accessLogEncoding
Configures the access log for sidecar to JSON or TEXT
| Name |
Description |
JSON |
|
TEXT |
|
tracer
Specifies which tracer to use.
| Name |
Description |
zipkin |
|
lightstep |
|
datadog |
|
stackdriver |
|
mode
Throttling behavior for mixer.
| Name |
Description |
disabled |
Removes throttling behavior for mixer.
|
log_only |
Enables an advisory mode for throttling behavior for mixer.
|
enforce |
Turn on throttling behavior for mixer.
|
OutboundTrafficPolicyConfig.Mode
Specifies the sidecar’s default behavior when handling outbound traffic from the application.
| Name |
Description |
ALLOW_ANY |
Outbound traffic to unknown destinations will be allowed, in case there are no services or ServiceEntries for the destination port
|
REGISTRY_ONLY |
Restrict outbound traffic to services defined in the service registry as well as those defined through ServiceEntries
|
ingressControllerMode
Mode for the ingress controller.
| Name |
Description |
UNSPECIFIED |
Unspecified Istio ingress controller.
|
DEFAULT |
Selects all Ingress resources, with or without Istio annotation.
|
STRICT |
Selects only resources with istio annotation.
|
OFF |
No ingress or sync.
|
tracer
Specifies which tracer to use.
| Name |
Description |
zipkin |
|
lightstep |
|
datadog |
|
stackdriver |
|