Operator Installation
- AutoInjectionFeatureSpec
- AutoInjectionFeatureSpec.Components
- CNIComponentSpec
- CNIFeatureSpec
- CNIFeatureSpec.Components
- CertManagerComponentSpec
- CitadelComponentSpec
- ConfigManagementFeatureSpec
- ConfigManagementFeatureSpec.Components
- DeploymentStrategy
- EgressGatewayComponentSpec
- ExecAction
- GalleyComponentSpec
- GatewayFeatureSpec
- GatewayFeatureSpec.Components
- HTTPGetAction
- HTTPHeader
- IngressGatewayComponentSpec
- InstallStatus
- InstallStatus.Status
- InstallStatus.VersionStatus
- IstioControlPlane
- IstioControlPlaneSpec
- KubernetesResourcesSpec
- NodeAgentComponentSpec
- ObjectMeta
- PilotComponentSpec
- PodDisruptionBudgetSpec
- PolicyComponentSpec
- PolicyFeatureSpec
- PolicyFeatureSpec.Components
- ProxyComponentSpec
- ReadinessProbe
- Resources
- RollingUpdateDeployment
- SecurityFeatureSpec
- SecurityFeatureSpec.Components
- SidecarInjectorComponentSpec
- TCPSocketAction
- TelemetryComponentSpec
- TelemetryFeatureSpec
- TelemetryFeatureSpec.Components
- TrafficManagementFeatureSpec
- TrafficManagementFeatureSpec.Components
- TypeBoolValueForPB
- TypeIntOrStringForPB
- TypeInterface
- TypeMapStringInterface
- k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec
- k8s.io.api.core.v1.Affinity
- k8s.io.api.core.v1.EnvVar
- k8s.io.api.core.v1.ServiceSpec
- k8s.io.api.core.v1.Toleration
- k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector
- k8sObjectOverlay
- k8sObjectOverlay.PathValue

Operator Installation

IstioControlPlane is a schema for both defining and customizing Istio control plane installations.Running the operator with an empty user defined InstallSpec results in an control plane with default values, using thedefault charts.

The simplest install specialization is to point the user InstallSpec profile to a different values file, forexample an Istio minimal control plane, which will use the values associated with the minimal control plane profile forIstio.

Deeper customization is possible at three levels:

New APIs defined in this file

Feature API: this API groups an Istio install by features and allows enabling/disabling the features, selecting basecontrol plane profiles, as well as some additional high level settings that are feature specific. Each feature containsone or more components, which correspond to Istio components (Pods) in the cluster.

k8s API: this API is a pass through to k8s resource settings for Istio k8s resources. It allows customizing Istio k8sresources like Affinity, Resource requests/limits, PodDisruptionBudgetSpec, Selectors etc. in a more consistent andk8s specific way compared to values.yaml. See KubernetesResourcesSpec in this file for details.

values.yaml

The entirety of values.yaml settings is accessible through InstallSpec (see CommonComponentSpec/Values).This API will gradually be deprecated and values there will be moved either into CRDs that are used to directlyconfigure components or, in the case of k8s settings, will be replaced by the new API above.

k8s resource overlays

Once a manifest is rendered from InstallSpec, a further customization can be applied by specifying k8s resourceoverlays. The concept is similar to kustomize, where JSON patches are applied for object paths. This allowscustomization at the lowest level and eliminates the need to create ad-hoc template parameters, or edit templates.

Here are a few example uses:

Default Istio install

spec:

Default minimal profile install

spec:
  profile: minimal

Default install with telemetry disabled

spec:
  telemetry:
    enabled: false

Default install with each feature installed to different namespace and security components in separate namespaces

spec:
  traffic_management:
    components:
      namespace: istio-traffic-management
  policy:
    components:
      namespace: istio-policy
  telemetry:
    components:
      namespace: istio-telemetry
  config_management:
    components:
      namespace: istio-config-management
  security:
    components:
      citadel:
        namespace: istio-citadel
      cert_manager:
        namespace: istio-cert-manager
      node_agent:
        namespace: istio-node-agent

Default install with specialized k8s settings for pilot

spec:
  traffic_management:
    components:
      pilot:
        k8s:
          resources:
            limits:
              cpu: 444m
              memory: 333Mi
            requests:
              cpu: 222m
              memory: 111Mi
          readinessProbe:
            failureThreshold: 44
            initialDelaySeconds: 11
            periodSeconds: 22
            successThreshold: 33

Default install with values.yaml customizations for proxy

spec:
  traffic_management:
    components:
      proxy:
        values:
        - global.proxy.enableCoreDump: true
        - global.proxy.dnsRefreshRate: 10s

Default install with modification to container flag in galley

spec:
  configuration_management:
    components:
      galley:
        k8s:
          overlays:
          - apiVersion: extensions/v1beta1
            kind: Deployment
            name: istio-galley
            patches:
            - path: spec.template.spec.containers.[name:galley].command.[--livenessProbeInterval]
              value: --livenessProbeInterval=123s

AutoInjectionFeatureSpec

Configuration options for auto injection feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether auto injection feature is installed. Must be set for any sub-component to be installed.	No
`components`	`Components`		No

AutoInjectionFeatureSpec.Components

Field	Type	Description	Required
`namespace`	`string`	Namespace that auto injections components are installed into.	No
`injector`	`SidecarInjectorComponentSpec`		No

CNIComponentSpec

Configuration options for cni component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

CNIFeatureSpec

Configuration options for cni feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether gateway feature is installed. Must be set for any sub-component to be installed.	No
`components`	`Components`		No

CNIFeatureSpec.Components

Field	Type	Description	Required
`namespace`	`string`	Namespace that cni components are installed into.	No
`cni`	`CNIComponentSpec`		No

CertManagerComponentSpec

Configuration options for certificate manager component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

CitadelComponentSpec

Configuration options for Citadel component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

ConfigManagementFeatureSpec

Configuration options for configuration management feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether config management feature is installed. Must be set for any sub-component to be installed.	No
`components`	`Components`		No

ConfigManagementFeatureSpec.Components

Field	Type	Description	Required
`namespace`	`string`	Namespace that security components are installed into.	No
`galley`	`GalleyComponentSpec`		No

DeploymentStrategy

Mirrors k8s.io.api.apps.v1.DeploymentStrategy for unmarshaling.

Field	Type	Description	Required
`type`	`string`		No
`rollingUpdate`	`RollingUpdateDeployment`		No

EgressGatewayComponentSpec

Configuration options for egress gateways.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

ExecAction

Mirrors k8s.io.api.core.v1.ExecAction for unmarshaling

Field	Type	Description	Required
`command`	`string[]`		No

GalleyComponentSpec

Configuration options for galley component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

GatewayFeatureSpec

Configuration options for gateway feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether gateway feature is installed. Must be set for any sub-component to be installed.	No
`components`	`Components`		No

GatewayFeatureSpec.Components

Field	Type	Description	Required
`namespace`	`string`	Namespace that auto injections components are installed into.	No
`ingressGateway`	`IngressGatewayComponentSpec`	Ingress/egress gateway configuration.	No
`egressGateway`	`EgressGatewayComponentSpec`		No

HTTPGetAction

Mirrors k8s.io.api.core.v1.HTTPGetAction for unmarshaling

Field	Type	Required
`path`	`string`	No
`port`	`TypeIntOrStringForPB`	No
`host`	`string`	No
`scheme`	`string`	No
`httpHeaders`	`HTTPHeader[]`	No

HTTPHeader

Mirrors k8s.io.api.core.v1.HTTPHeader for unmarshaling

Field	Type	Description	Required
`name`	`string`		No
`value`	`string`		No

IngressGatewayComponentSpec

Configuration options for ingress gateways.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

InstallStatus

Observed state of IstioControlPlane.

Field	Type	Description	Required
`status`	`map<string, VersionStatus>`		No

InstallStatus.Status

Name	Description
`NONE`
`UPDATING`
`HEALTHY`
`ERROR`
`RECONCILING`

InstallStatus.VersionStatus

Field	Type	Required
`version`	`string`	No
`status`	`Status`	No
`statusString`	`string`	No
`error`	`string`	No

IstioControlPlane

IstioControlPlane is a CustomResourceDefinition (CRD) describing an Istio control plane.

Field	Type	Description	Required
`spec`	`IstioControlPlaneSpec`	Spec defines the desired state of IstioControlPlane.	No
`status`	`InstallStatus`	Status reports the status of the Istio control plane.	No
`kind`	`string`		No
`apiVersion`	`string`		No
`placeholder`	`string`	GOFIELD:v11.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,7,opt,name=metadata"`GOFIELD:v11.TypeMeta `json:",inline"`	No

IstioControlPlaneSpec

IstioControlPlaneSpec defines the desired state of IstioControlPlane.The spec is a used to define a customization of the default profile values that are supplied with each Istio release.It is grouped at the top level by feature, where behavior of Istio functional areas is specified.Each feature contains components, where k8s resource level defaults can be overridden.Because the spec is a customization API, specifying an empty InstallSpec results in a default Istio control plane.

Field	Type	Description	Required
`defaultNamespace`	`string`	Default namespace if feature or component namespaces are not set.	No
`trafficManagement`	`TrafficManagementFeatureSpec`	Selection and configuration of core Istio features.	No
`policy`	`PolicyFeatureSpec`		No
`telemetry`	`TelemetryFeatureSpec`		No
`security`	`SecurityFeatureSpec`		No
`configManagement`	`ConfigManagementFeatureSpec`		No
`autoInjection`	`AutoInjectionFeatureSpec`		No
`gateways`	`GatewayFeatureSpec`		No
`cni`	`CNIFeatureSpec`		No
`values`	`TypeMapStringInterface`	Overrides for default global values.yaml.	No
`unvalidatedValues`	`TypeMapStringInterface`	Unvalidated overrides for default global values.yaml.	No
`profile`	`string`	Path or name for the profile e.g.- minimal (looks in profiles dir for a file called minimal.yaml)- /tmp/istio/install/values/custom/custom-install.yaml (local file path)default profile is used if this field is unset.	No
`installPackagePath`	`string`	Path for the install package. e.g.- /tmp/istio-installer/nightly (local file path)	No
`hub`	`string`	Root for docker image paths e.g. docker.io/istio-release.Releases are published to docker hub under ‘istio’ project.Daily builds from prow are on gcr.io, and nightly builds from circle on docker.io/istionightly	No
`tag`	`string`	Version tag for docker images e.g. 1.0.6	No

KubernetesResourcesSpec

KubernetesResourcesConfig is a common set of k8s resource configs for components.

Field	Type	Description	Required
`affinity`	`Affinity`	k8s affinity.https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity	No
`env`	`EnvVar[]`	Deployment environment variables.https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/	No
`hpaSpec`	`HorizontalPodAutoscalerSpec`	k8s HorizontalPodAutoscaler settings.https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/	No
`imagePullPolicy`	`string`	k8s imagePullPolicy.https://kubernetes.io/docs/concepts/containers/images/	No
`nodeSelector`	`map<string, string>`	k8s nodeSelector.https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector	No
`podDisruptionBudget`	`PodDisruptionBudgetSpec`	k8s PodDisruptionBudget settings.https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#how-disruption-budgets-work	No
`podAnnotations`	`map<string, string>`	k8s pod annotations.https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/	No
`priorityClassName`	`string`	k8s priority_class_name. Default for all resources unless overridden.https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass	No
`readinessProbe`	`ReadinessProbe`	k8s readinessProbe settings.https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/k8s.io.api.core.v1.Probe readiness_probe = 9;	No
`replicaCount`	`uint32`	k8s Deployment replicas setting.https://kubernetes.io/docs/concepts/workloads/controllers/deployment/	No
`resources`	`Resources`	k8s resources settings.https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container	No
`service`	`ServiceSpec`	k8s Service settings.https://kubernetes.io/docs/concepts/services-networking/service/	No
`strategy`	`DeploymentStrategy`	k8s deployment strategy.https://kubernetes.io/docs/concepts/workloads/controllers/deployment/	No
`tolerations`	`Toleration[]`	k8s tolerationhttps://kubernetes.io/docs/concepts/configuration/taint-and-toleration/	No
`overlays`	`k8sObjectOverlay[]`	Overlays for k8s resources in rendered manifests.	No

NodeAgentComponentSpec

Configuration options for node agent component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

ObjectMeta

Field	Type	Description	Required
`name`	`string`	From k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta	No
`namespace`	`string`		No

PilotComponentSpec

Configuration options for the pilot component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

PodDisruptionBudgetSpec

Mirrors k8s.io.api.policy.v1beta1.PodDisruptionBudget for unmarshaling.

Field	Type	Required
`minAvailable`	`uint32`	No
`selector`	`LabelSelector`	No
`maxUnavailable`	`uint32`	No

PolicyComponentSpec

Configuration options for the policy enforcement component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

PolicyFeatureSpec

Configuration options for the policy feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether policy is installed.Must be enabled to enable any sub-component.	No
`components`	`Components`		No

PolicyFeatureSpec.Components

Component specific config.

Field	Type	Description	Required
`namespace`	`string`	Namespace that all policy components are installed into.	No
`policy`	`PolicyComponentSpec`		No

ProxyComponentSpec

Configuration options for the proxy.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

ReadinessProbe

Mirrors k8s.io.api.core.v1.Probe for unmarshaling

Field	Type	Required
`exec`	`ExecAction`	No
`httpGet`	`HTTPGetAction`	No
`tcpSocket`	`TCPSocketAction`	No
`initialDelaySeconds`	`int32`	No
`timeoutSeconds`	`int32`	No
`periodSeconds`	`int32`	No
`successThreshold`	`int32`	No
`failureThreshold`	`int32`	No

Resources

Mirrors k8s.io.api.core.v1.ResourceRequirements for unmarshaling.

Field	Type	Description	Required
`limits`	`map<string, string>`		No
`requests`	`map<string, string>`		No

RollingUpdateDeployment

Mirrors k8s.io.api.apps.v1.RollingUpdateDeployment for unmarshaling.

Field	Type	Description	Required
`maxUnavailable`	`TypeIntOrStringForPB`		No
`maxSurge`	`TypeIntOrStringForPB`		No

SecurityFeatureSpec

Configuration options for security feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether security feature is installed. Must be set for any sub-component to be installed.	No
`components`	`Components`		No

SecurityFeatureSpec.Components

Field	Type	Description	Required
`namespace`	`string`	Namespace that security components are installed into.	No
`citadel`	`CitadelComponentSpec`		No
`certManager`	`CertManagerComponentSpec`		No
`nodeAgent`	`NodeAgentComponentSpec`		No

SidecarInjectorComponentSpec

Configuration options for the sidecar injector component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

TCPSocketAction

Mirrors k8s.io.api.core.v1.TCPSocketAction for unmarshaling

Field	Type	Description	Required
`port`	`TypeIntOrStringForPB`		No
`host`	`string`		No

TelemetryComponentSpec

Configuration options for the telemetry component.

Field	Type	Required
`enabled`	`TypeBoolValueForPB`	No
`namespace`	`string`	No
`k8s`	`KubernetesResourcesSpec`	No

TelemetryFeatureSpec

Configuration options for the telemetry feature.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether telemetry is installed.Must be enabled to enable any sub-component.	No
`components`	`Components`		No

TelemetryFeatureSpec.Components

Component specific config.

Field	Type	Description	Required
`namespace`	`string`	Namespace that all telemetry components are installed into.	No
`telemetry`	`TelemetryComponentSpec`		No

TrafficManagementFeatureSpec

Configuration options for traffic management.

Field	Type	Description	Required
`enabled`	`TypeBoolValueForPB`	Selects whether traffic management is installed.Must be enabled to enable any sub-component.	No
`components`	`Components`		No

TrafficManagementFeatureSpec.Components

Component specific config.

Field	Type	Description	Required
`namespace`	`string`	Namespace that all traffic management components are installed into.	No
`pilot`	`PilotComponentSpec`		No
`proxy`	`ProxyComponentSpec`		No

TypeBoolValueForPB

GOTYPE: *BoolValueForPB

TypeIntOrStringForPB

GOTYPE: *IntOrStringForPB

TypeInterface

GOTYPE: interface{}

TypeMapStringInterface

GOTYPE: map[string]interface{}

k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec

HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.

Field	Type	Description	Required
`scaleTargetRef`	`CrossVersionObjectReference`	scaleTargetRef points to the target resource to scale, and is used to the pods for which metricsshould be collected, as well as to actually change the replica count.	No
`minReplicas`	`int32`	minReplicas is the lower limit for the number of replicas to which the autoscalercan scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if thealpha feature gate HPAScaleToZero is enabled and at least one Object or Externalmetric is configured. Scaling is active as long as at least one metric value isavailable.+optional	No
`maxReplicas`	`int32`	maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.It cannot be less that minReplicas.	No
`metrics`	`MetricSpec[]`	metrics contains the specifications for which to use to calculate thedesired replica count (the maximum replica count across all metrics willbe used). The desired replica count is calculated multiplying theratio between the target value and the current value by the currentnumber of pods. Ergo, metrics used must decrease as the pod count isincreased, and vice-versa. See the individual metric source types formore information about how each type of metric must respond.+optional	No

k8s.io.api.core.v1.Affinity

Affinity is a group of affinity scheduling rules.

Field	Type	Description	Required
`nodeAffinity`	`NodeAffinity`	Describes node affinity scheduling rules for the pod.+optional	No
`podAffinity`	`PodAffinity`	Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).+optional	No
`podAntiAffinity`	`PodAntiAffinity`	Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).+optional	No

k8s.io.api.core.v1.EnvVar

EnvVar represents an environment variable present in a Container.

Field	Type	Description	Required
`name`	`string`	Name of the environment variable. Must be a C_IDENTIFIER.	No
`value`	`string`	Variable references $(VAR_NAME) are expandedusing the previous defined environment variables in the container andany service environment variables. If a variable cannot be resolved,the reference in the input string will be unchanged. The $(VAR_NAME)syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escapedreferences will never be expanded, regardless of whether the variableexists or not.Defaults to “”.+optional	No
`valueFrom`	`EnvVarSource`	Source for the environment variable’s value. Cannot be used if value is not empty.+optional	No

k8s.io.api.core.v1.ServiceSpec

ServiceSpec describes the attributes that a user creates on a service.

Field	Type	Description	Required
`ports`	`ServicePort[]`	The list of ports that are exposed by this service.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies+patchMergeKey=port+patchStrategy=merge+listType=map+listMapKey=port+listMapKey=protocol	No
`selector`	`map<string, string>`	Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/+optional	No
`clusterIP`	`string`	clusterIP is the IP address of the service and is usually assignedrandomly by the master. If an address is specified manually and is not inuse by others, it will be allocated to the service; otherwise, creationof the service will fail. This field can not be changed through updates.Valid values are “None”, empty string (“”), or a valid IP address. “None”can be specified for headless services when proxying is not required.Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored iftype is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies+optional	No
`type`	`string`	type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.“ExternalName” maps to the specified externalName.“ClusterIP” allocates a cluster-internal IP address for load-balancing toendpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object. If clusterIP is“None”, no virtual IP is allocated and the endpoints are published as aset of endpoints rather than a stable IP.“NodePort” builds on ClusterIP and allocates a port on every node whichroutes to the clusterIP.“LoadBalancer” builds on NodePort and creates anexternal load-balancer (if supported in the current cloud) which routesto the clusterIP.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types+optional	No
`externalIPs`	`string[]`	externalIPs is a list of IP addresses for which nodes in the clusterwill also accept traffic for this service. These IPs are not managed byKubernetes. The user is responsible for ensuring that traffic arrivesat a node with this IP. A common example is external load-balancersthat are not part of the Kubernetes system.+optional	No
`sessionAffinity`	`string`	Supports “ClientIP” and “None”. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies+optional	No
`loadBalancerIP`	`string`	Only applies to Service Type: LoadBalancerLoadBalancer will get created with the IP specified in this field.This feature depends on whether the underlying cloud-provider supports specifyingthe loadBalancerIP when a load balancer is created.This field will be ignored if the cloud-provider does not support the feature.+optional	No
`loadBalancerSourceRanges`	`string[]`	If specified and supported by the platform, this will restrict traffic through the cloud-providerload-balancer will be restricted to the specified client IPs. This field will be ignored if thecloud-provider does not support the feature.”More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/+optional	No
`externalName`	`string`	externalName is the external reference that kubedns or equivalent willreturn as a CNAME record for this service. No proxying will be involved.Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)and requires Type to be ExternalName.+optional	No
`externalTrafficPolicy`	`string`	externalTrafficPolicy denotes if this Service desires to route externaltraffic to node-local or cluster-wide endpoints. “Local” preserves theclient source IP and avoids a second hop for LoadBalancer and Nodeporttype services, but risks potentially imbalanced traffic spreading.“Cluster” obscures the client source IP and may cause a second hop toanother node, but should have good overall load-spreading.+optional	No
`healthCheckNodePort`	`int32`	healthCheckNodePort specifies the healthcheck nodePort for the service.If not specified, HealthCheckNodePort is created by the service apibackend with the allocated nodePort. Will use user-specified nodePort valueif specified by the client. Only effects when Type is set to LoadBalancerand ExternalTrafficPolicy is set to Local.+optional	No
`publishNotReadyAddresses`	`bool`	publishNotReadyAddresses, when set to true, indicates that DNS implementationsmust publish the notReadyAddresses of subsets for the Endpoints associated withthe Service. The default value is false.The primary use case for setting this field is to use a StatefulSet’s Headless Serviceto propagate SRV records for its Pods without respect to their readiness for purposeof peer discovery.+optional	No
`sessionAffinityConfig`	`SessionAffinityConfig`	sessionAffinityConfig contains the configurations of session affinity.+optional	No
`ipFamily`	`string`	ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs.IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it isavailable in the cluster. If no IP family is requested, the cluster’s primary IP family will be used.Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers whichallocate external load-balancers should use the same IP family. Endpoints for this Service will be ofthis family. This field is immutable after creation. Assigning a ServiceIPFamily not available in thecluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.+optional	No

k8s.io.api.core.v1.Toleration

The pod this Toleration is attached to tolerates any taint that matchesthe triple <key,value,effect> using the matching operator <operator>.

Field	Type	Description	Required
`key`	`string`	Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.+optional	No
`operator`	`string`	Operator represents a key’s relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.+optional	No
`value`	`string`	Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.+optional	No
`effect`	`string`	Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.+optional	No
`tolerationSeconds`	`int64`	TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.+optional	No

k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector

A label selector is a label query over a set of resources. The result of matchLabels andmatchExpressions are ANDed. An empty label selector matches all objects. A nulllabel selector matches no objects.

Field	Type	Description	Required
`matchLabels`	`map<string, string>`	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is “key”, theoperator is “In”, and the values array contains only “value”. The requirements are ANDed.+optional	No
`matchExpressions`	`LabelSelectorRequirement[]`	matchExpressions is a list of label selector requirements. The requirements are ANDed.+optional	No

k8sObjectOverlay

Patch for an existing k8s resource.

Field	Type	Description	Required
`apiVersion`	`string`	Resource API version.	No
`kind`	`string`	Resource kind.	No
`name`	`string`	Name of resource.Namespace is always the component namespace.	No
`patches`	`PathValue[]`	List of patches to apply to resource.	No

k8sObjectOverlay.PathValue

Field	Type	Description	Required
`path`	`string`	Path of the form a.b:c.e.:fWhere b:c is a list element selector of the form key:value and :f is a list selector of the form :value.All path intermediate nodes must exist.	No
`value`	`TypeInterface`	Value to add, delete or replace.For add, the path should be a new leaf.For delete, value should be unset.For replace, path should reference an existing node.All values are strings but are converted into appropriate type based on schema.	No