Skip to content

Instantly share code, notes, and snippets.

@madorn

madorn/gist:59e30c15b76b416c73ab5bde9a582969

Created May 28, 2020 22:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save madorn/59e30c15b76b416c73ab5bde9a582969 to your computer and use it in GitHub Desktop.
Save madorn/59e30c15b76b416c73ab5bde9a582969 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: "[\n {\n \"apiVersion\": \"maistra.io/v1\",\n \"kind\": \"ServiceMeshControlPlane\",\n
\ \"metadata\": {\n \"name\": \"basic-install\",\n \"namespace\":
\"control-plane-namespace\"\n },\n \"spec\": {\n \"version\": \"v1.1\",\n
\ \"istio\": {\n \"gateways\": {\n \"istio-egressgateway\":
{\n \"autoscaleEnabled\": false\n },\n \"istio-ingressgateway\":
{\n \"autoscaleEnabled\": false,\n \"ior_enabled\": false\n
\ }\n },\n \"mixer\": {\n \"policy\": {\n \"autoscaleEnabled\":
false\n },\n \"telemetry\": {\n \"autoscaleEnabled\":
false\n }\n },\n \"pilot\": {\n \"autoscaleEnabled\":
false,\n \"traceSampling\": 100.0\n },\n \"kiali\": {\n
\ \"enabled\": true\n },\n \"grafana\": {\n \"enabled\":
true\n },\n \"tracing\": {\n \"enabled\": true,\n \"jaeger\":
{\n \"template\": \"all-in-one\"\n }\n }\n }\n
\ }\n },\n {\n \"apiVersion\": \"maistra.io/v1\",\n \"kind\": \"ServiceMeshMemberRoll\",\n
\ \"metadata\": {\n \"name\": \"default\",\n \"namespace\": \"control-plane-namespace\"\n
\ },\n \"spec\": {\n \"members\": [\n \"your-project\",\n \"another-of-your-projects\"
\n ]\n }\n },\n {\n \"apiVersion\": \"maistra.io/v1\",\n \"kind\":
\"ServiceMeshMember\",\n \"metadata\": {\n \"name\": \"default\",\n
\ \"namespace\": \"application-namespace\"\n },\n \"spec\": {\n \"controlPlaneRef\":
{\n \"name\": \"basic-install\",\n \"namespace\": \"control-plane-namespace\"\n
\ }\n }\n }\n]"
capabilities: Seamless Upgrades
categories: OpenShift Optional, Integration & Delivery
certified: "false"
containerImage: registry.redhat.io/openshift-service-mesh/istio-rhel8-operator:1.1.1
createdAt: 2020-04-27T12:29:22MDT
description: The OpenShift Service Mesh Operator enables you to install, configure,
and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service
Mesh is based on the open source Istio project.
olm.operatorGroup: global-operators
olm.operatorNamespace: openshift-operators
olm.skipRange: '>=1.0.2 <1.1.1'
olm.targetNamespaces: ""
repository: https://github.com/maistra/istio-operator
support: Red Hat, Inc.
creationTimestamp: "2020-05-28T22:14:52Z"
generation: 1
labels:
olm.api.1d316f16185c2e24: provided
olm.api.362f21bbb2de66a0: provided
olm.api.542a393f6dfeda9f: provided
name: servicemeshoperator.v1.1.1
namespace: openshift-operators
resourceVersion: "83515"
selfLink: /apis/operators.coreos.com/v1alpha1/namespaces/openshift-operators/clusterserviceversions/servicemeshoperator.v1.1.1
uid: b7d84702-c00b-4bb2-8baa-2914f8125e9e
spec:
apiservicedefinitions: {}
customresourcedefinitions:
owned:
- description: An Istio control plane installation
displayName: Istio Service Mesh Control Plane
kind: ServiceMeshControlPlane
name: servicemeshcontrolplanes.maistra.io
specDescriptors:
- description: Specify the version of control control plane you want to install
displayName: Control Plane Version
path: version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:General
- urn:alm:descriptor:com.tectonic.ui:select:v1.1
- urn:alm:descriptor:com.tectonic.ui:select:v1.0
- description: Enable mTLS for communication between control plane components
(galley, pilot, etc.)
displayName: Control Plane Security
path: istio.global.controlPlaneSecurityEnabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:General
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- description: Enable mTLS for communcation between services in the mesh
displayName: Data Plane Security
path: istio.global.mtls.enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:General
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- description: Set to true to install Kiali
displayName: Install Kiali
path: istio.kiali.enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:visualization
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- description: Set to true to install Grafana
displayName: Install Grafana
path: istio.grafana.enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:visualization
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- description: Set to false to disable tracing
displayName: Install Jaeger
path: istio.tracing.enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:tracing
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- description: Set template to use when installing Jaeger
displayName: Jaeger template
path: istio.tracing.jaeger.template
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:tracing
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:istio.tracing.enabled:true
- urn:alm:descriptor:com.tectonic.ui:select:all-in-one
- urn:alm:descriptor:com.tectonic.ui:select:production-elasticsearch
- description: Set to true to install the Istio 3Scale adapter
displayName: Install 3Scale Adapter
path: threeScale.enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:API_Management
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:advanced
- description: Limits describes the minimum/maximum amount of compute resources
required/allowed
displayName: Default Resource Requirements
path: istio.global.defaultResources
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:Resource_Requirements
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- urn:alm:descriptor:com.tectonic.ui:advanced
version: v1
- description: Marks the containing namespace as a member of the referenced Service
Mesh
displayName: Istio Service Mesh Member
kind: ServiceMeshMember
name: servicemeshmembers.maistra.io
specDescriptors:
- description: The namespace of the ServiceMeshControlPlane to which this namespace
belongs
displayName: Namespace
path: controlPlaneRef.namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:Service_Mesh_Control_Plane
- urn:alm:descriptor:io.kubernetes:Namespace
- description: The name of the ServiceMeshControlPlane to which this namespace
belongs
displayName: Name
path: controlPlaneRef.name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:Service_Mesh_Control_Plane
- urn:alm:descriptor:com.tectonic.ui:text
version: v1
- description: A list of namespaces in Service Mesh
displayName: Istio Service Mesh Member Roll
kind: ServiceMeshMemberRoll
name: servicemeshmemberrolls.maistra.io
version: v1
description: |-
Red Hat OpenShift Service Mesh is a platform that provides behavioral insight and operational control over a service mesh, providing a uniform way to connect, secure, and monitor microservice applications.
### Overview
Red Hat OpenShift Service Mesh, based on the open source [Istio](https://istio.io/) project, adds a transparent layer on existing
distributed applications without requiring any changes to the service code. You add Red Hat OpenShift Service Mesh
support to services by deploying a special sidecar proxy throughout your environment that intercepts all network
communication between microservices. You configure and manage the service mesh using the control plane features.
Red Hat OpenShift Service Mesh provides an easy way to create a network of deployed services that provides discovery,
load balancing, service-to-service authentication, failure recovery, metrics, and monitoring. A service mesh also
provides more complex operational functionality, including A/B testing, canary releases, rate limiting, access
control, and end-to-end authentication.
### Core Capabilities
Red Hat OpenShift Service Mesh supports uniform application of a number of key capabilities across a network of services:
+ **Traffic Management** - Control the flow of traffic and API calls between services, make calls more reliable,
and make the network more robust in the face of adverse conditions.
+ **Service Identity and Security** - Provide services in the mesh with a verifiable identity and provide the
ability to protect service traffic as it flows over networks of varying degrees of trustworthiness.
+ **Policy Enforcement** - Apply organizational policy to the interaction between services, ensure access policies
are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the
mesh, not by changing application code.
+ **Telemetry** - Gain understanding of the dependencies between services and the nature and flow of traffic between
them, providing the ability to quickly identify issues.
### Joining Projects Into a Mesh
Once an instance of Red Hat OpenShift Service Mesh has been installed, it will only exercise control over services within its own
project. Other projects may be added into the mesh using one of two methods:
1. A **ServiceMeshMember** resource may be created in other projects to add those projects into the mesh. The
**ServiceMeshMember** specifies a reference to the **ServiceMeshControlPlane** object that was used to install
the control plane. The user creating the **ServiceMeshMember** resource must have permission to *use* the
**ServiceMeshControlPlane** object. The adminstrator for the project containing the control plane can grant
individual users or groups the *use* permissions.
2. A **ServiceMeshMemberRoll** resource may be created in the project containing the control plane. This resource
contains a single *members* list of all the projects that should belong in the mesh. The resource must be named
*default*. The user creating the resource must have *edit* or *admin* permissions for all projects in the
*members* list.
### More Information
* [Documentation](https://docs.openshift.com/container-platform/latest/service_mesh/servicemesh-release-notes.html)
* [Bugs](https://issues.redhat.com/projects/OSSM)
displayName: Red Hat OpenShift Service Mesh
icon:
- base64data: |-
iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAADDPmHLAAAACXBIWXMAAAFiAAABYgFfJ9BTAAAH
L0lEQVR4nO2du24bRxSGz5LL+01kaMuX2HShnmlSi2VUBM4bKG/gdGFnl+rsBwggvUHUsTT9AIGd
noWCIIWNIJZNWKLM5Uww1K4sC6JEQrP7z8yeDyDYCHuG3F/nNmeWnpSSTMXvD3tE9Ey9gp3e0NiF
WkzGgqVvEtFLvz/c8/vDNQPW4xQ2CCBim4gO/P7wFzOW4wY2CUDRIKLnfn/4xu8PvzNgPdZjmwAi
ukT02u8Pn5mxHHuxVQART9kb3AzbBUDsDW6GFgEMRuNHwM8QobzBkCuF1dDlAfYGo/GeAULYDCuF
Hngd1qAzBKgy7c1gNEa74kbYN+CQsAS6cwD15T8djMZKCOj/QhUS9jkkXE1cSaBKzF4ORuMXg9EY
eQMeE9GQq4TFxF0FPAnDAtIbdEMRcF5wCUmUgZ3QGyBjcpQX/Axcg5Ek2QeIcgNkpbDLyeHXJN0I
6oYh4aeE7Z5HJYd7QPtGgegEKnf8OzgkbLMITkG2glVI2AdWCXMRpL1MRO8FzMs0pAjCCiG1IjBh
M0jlBQeD0RhVq3fTLAJTdgMboSeAigBkG4pJ28FKBK8HozGqVu+mMTE0cR5gFyiC1FUHpg6EsAgS
wuSJoN3t7+//ALK9nZbpY6NHwh7drf8qG+VjkPnnadg7MFoA+bxPYn2tBBTBrutbyVYMhc5FUMih
zDs9T2DNVLB42D4GiUCVp862jO0ZC/e8knjYnlAGsmTVKHKyMrDrXIDnFWedW/+BRPDYxVkC+w6G
5LItca/5L8i6miVAzjJox8qTQbJcaIt2/QPIvMoHTDgIowVrj4bJVrUhq8UjgGmVFO4D7MaC1WcD
xd2mR7kswrTaOHqBMKwbuw+Hel5p9m0blRQ+cWHU3P7TwSopvFVHJYXWnzxy4Xg4yUa5DcwHrO4P
OCEAOs0HMsD+gLWloTMCUE0i8eAbVCiwtlXsjgBUKCjk2rJZnQBMWxsKnBKAQrRrAlQaWhkKnBMA
eV5Z3GtxKFgS9wQQhQLMEIkKBVY1iJwUgELcbnigqmDbpgaRswKYVwV31t6CrFvjBdwVgAoF1eK6
LBcQpru2TBU7LQCFuLOGSgif2ZAQOi8A8rOcEF6B+wLAJ4RGTxSnQgDzhLBVRU0QGe0F0iEAlRA2
KzlQh3DT5LIwNQKYdwhvNbgsvEB6BBCWhcARMiPPGaZKAAqgFzDyTEHqBAD0Ah0TvUDqBEDsBb4i
lQJgL/CFVAqA2AuckVoBsBc4JbUCUIhGBdUdNMYLpFoAslnJg/YIOqbMD6ZaAOpomawVUc8fMmJe
IN0CmE8R1z+DTBuxR5B6AVA2o46Zo6zDk0EWwOmzBv4Gmd5GP2yCBaAEUMw/AJWEhPYCLIAQYEkI
TQZZACFyrSxAphvIxhALICKTaaYxGWQBnEM2yqhkcBM1PMoCOIesFB+AOoOEygVYABcAdgYhrWEW
wAVEq4YSACQZZAFcJJdtAXsCiXsBFsAlyFrpPcj046Q7gyyASxBrlRnQfKJegAVwGX62nZbWMAtg
AcAw0E2yJ8ACWIColxFPHo1IzAuwABaR9+8Dm0KJ5QEsgCsANoU6SYUBFsAVyGoR9XgZSioMsACu
QP00DdB8ImGABXAVamoY94OViYQBFsA1yHoJdYRMEfvUMAvgGmSlGADNx54HsACuA1sOduPeG2AB
LIEs55HmYw0DLIAlkNXiP0DzsVYDLIAlkKU8Mg9gDwAn53eAS2jEeYaQBbAkoKeOR7AA0MhKAdkP
iC0PYAEsSymPOkZOYTkYy6PnWQBLon6HCLyEWMIAC2BZPK8EHBMjFoABADeGiAVgALJc+Au4iljy
ABbAKhRz6O9LuxdgAayAzPtV8BK0zwewAFYhk2mCV8AeAA24I7ip+4IsgFXJZVGTwnN0j4mxAFZE
FnLvwEtgAUBxrBJgAayIzGZQTxOLYA8Axc/eAa+gq/Nivs6LOUMwe0tCBt7RSUBSFr1PJ+vqo3lH
J+oNWgZQmAgGO703Wq6l4yLWoW6wlBPv+LMf3ugOCUneZEok5h5+3fCPpMIAC2AhQrynmfjofQ4y
NJ0J72R6m6azkjcNiKbzh3+YfoOvQ9uouJ0CkPKYgtk7byYyNJkKL5jVaTJt0kyQdzJVf9EMX66i
rRIwWQCv3n+ctLzDT/WzOPzlBpfU2Tn8EmE44QH+JKLDMJadvW9t1IbRH/z42x+9DNFL4BpNRZv4
4xSA2js/OPc6u9FbG7XDGO2mAjUqHuz0hjf9rLoEsBe+5jd8a6N2oOm6zGK0DIdoEcDWRm1Px3WY
lVCl4P5NvzLuBNqLFg/AArAXLXsC3Ao2m0srJfUe7PS0JNIsACwXK6WzV7DTSySRZgHEy4fL/nuT
vMHXwQK4Oa/CKwzP32hdu3VxwwK4notxeN580dGEMQEWwJc4HFuiZTJpEEAUh2GJlsm4IIBFiZY1
cRiJLQI4n2iRa3EYBhH9D18eNW58bi76AAAAAElFTkSuQmCC
mediatype: image/png
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- namespaces
- persistentvolumeclaims
- pods
- replicationcontrollers
- secrets
- serviceaccounts
- services
- events
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- daemonsets
- deployments
- deployments/finalizers
- ingresses
- ingresses/status
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- certmanager.k8s.io
resources:
- clusterissuers
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- '*'
- apiGroups:
- authentication.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- jaegertracing.io
resources:
- jaegers
verbs:
- '*'
- apiGroups:
- kiali.io
resources:
- kialis
verbs:
- '*'
- apiGroups:
- maistra.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- authentication.maistra.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.maistra.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- network.openshift.io
resources:
- clusternetworks
verbs:
- get
- apiGroups:
- config.openshift.io
resources:
- networks
verbs:
- get
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- get
- list
- watch
- apiGroups:
- network.openshift.io
resources:
- netnamespaces
verbs:
- get
- list
- watch
- update
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- nonResourceURLs:
- /metrics
verbs:
- get
serviceAccountName: istio-operator
deployments:
- name: istio-operator
spec:
replicas: 1
selector:
matchLabels:
name: istio-operator
strategy: {}
template:
metadata:
annotations:
oauth-proxy.name: oauth-proxy
oauth-proxy.namespace: openshift
oauth-proxy.query: "true"
oauth-proxy.tag: v4.4
olm.relatedImage.v1_0.3scale-istio-adapter: registry.redhat.io/openshift-service-mesh/3scale-istio-adapter-rhel8@sha256:00fb544a95b16c652cc571396679c65d5889b2cfe6f1a0176f560a1678309a35
olm.relatedImage.v1_0.citadel: registry.redhat.io/openshift-service-mesh/citadel-rhel8@sha256:a49954528575c8480d6763e4793ab65de0f4c19ba5963544d57c91ededd63a90
olm.relatedImage.v1_0.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:b7b36d109847b11748442358178892d1e19ac121c920efe940f3b8dbc70ee28b
olm.relatedImage.v1_0.galley: registry.redhat.io/openshift-service-mesh/galley-rhel8@sha256:620c85bdec44380711c00f189c4042f3a669eba2c089ca6cf9ae8ee5c4358121
olm.relatedImage.v1_0.grafana: registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:f76e8bbd26c2bd474d55ce6378874fcb736e464aa0737ca22897a7b58b55661f
olm.relatedImage.v1_0.mixer: registry.redhat.io/openshift-service-mesh/mixer-rhel8@sha256:ad6ad158e647d11031d4478ed46bbabba83b4f66ba3a8068bd5ec82679511c5f
olm.relatedImage.v1_0.pilot: registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:ebfc7f79d8c0cec52c6aac1727eee84f15c43a3d0f7b4503ae14d8ee6a8bd025
olm.relatedImage.v1_0.prometheus: registry.redhat.io/openshift-service-mesh/prometheus-rhel8@sha256:70960efc418688d96d6e9b1ee8a35905ce221cb08d9e5aefff9616e44b95cd9f
olm.relatedImage.v1_0.proxy-init: registry.redhat.io/openshift-service-mesh/proxy-init-rhel7@sha256:7d14fc0fb52b7bf98427e9fb0cefbb3fd269e8a9341c2e17ba9cc347e53f73b8
olm.relatedImage.v1_0.proxyv2: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:e7813217b71b1004f7fcf5e212bf4f13ae7148f498860fb8b1e521a0147580ad
olm.relatedImage.v1_0.sidecar-injector: registry.redhat.io/openshift-service-mesh/sidecar-injector-rhel8@sha256:2f2361f4a0216fb3a2563b121ab7218e35af63114811683fc5c8e4889e999652
olm.relatedImage.v1_1.3scale-istio-adapter: registry.redhat.io/openshift-service-mesh/3scale-istio-adapter-rhel8@sha256:00fb544a95b16c652cc571396679c65d5889b2cfe6f1a0176f560a1678309a35
olm.relatedImage.v1_1.citadel: registry.redhat.io/openshift-service-mesh/citadel-rhel8@sha256:f086c33effa80982191d20ca2dde3856ec8fd434336080d3664fafd2c0b7ba34
olm.relatedImage.v1_1.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:187adf6108d6f35a9ef6ad2f36b99915641e58f41089efc992aeba3ea5a59930
olm.relatedImage.v1_1.galley: registry.redhat.io/openshift-service-mesh/galley-rhel8@sha256:099e233bec27e0653e0eec41f1da296df2065985ae721d7da0c6461ee2e97a4f
olm.relatedImage.v1_1.grafana: registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:44fb361aae40bef62186df44428cbf8bcabce2d645078313e4fd29cf9cb520ff
olm.relatedImage.v1_1.ior: registry.redhat.io/openshift-service-mesh/ior-rhel8@sha256:93f4f298d09bee60c79aa29d58dbb67a3ac2902c06b31a96c389992e989d3146
olm.relatedImage.v1_1.mixer: registry.redhat.io/openshift-service-mesh/mixer-rhel8@sha256:060dbd5b792157edd3d4a7e03df3774565e1bf6e49d5fb0dff55c443408177c7
olm.relatedImage.v1_1.pilot: registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:5ef83ddc7f1f26aa20102dab19a096884ad590efb7972b1ca25481aa7be1160c
olm.relatedImage.v1_1.prometheus: registry.redhat.io/openshift-service-mesh/prometheus-rhel8@sha256:38d8ef942e938a8a3501a8f5213bdfd2bf27fcdf5f5bbc6d1ed23483affe1835
olm.relatedImage.v1_1.proxy-init: registry.redhat.io/openshift-service-mesh/proxy-init-rhel7@sha256:9e049ae662c966369a907839fc01168860f12e97c30304edf9b141c9e781fcd9
olm.relatedImage.v1_1.proxyv2: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:c80671c1cc8254336499fe92c9de7b597e2e6b71d8c5420e63e7ce90e422b5ed
olm.relatedImage.v1_1.sidecar-injector: registry.redhat.io/openshift-service-mesh/sidecar-injector-rhel8@sha256:70d89f0888dc52dfd97961d62270bd3fcdfe1fa457cc8bbba678832f0d5fc2fd
creationTimestamp: null
labels:
name: istio-operator
spec:
containers:
- command:
- istio-operator
- --config
- /etc/operator/olm/config.properties
env:
- name: WATCH_NAMESPACE
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: istio-operator
image: registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:00e9dc96b46596c8a0da521cb32042dbf06a1c5e8bcc1988dee37ba17e5d964f
imagePullPolicy: Always
name: istio-operator
ports:
- containerPort: 11999
name: validation
- containerPort: 60000
name: metrics
resources: {}
volumeMounts:
- mountPath: /etc/operator/olm
name: operator-olm-config
readOnly: true
serviceAccountName: istio-operator
volumes:
- downwardAPI:
defaultMode: 420
items:
- fieldRef:
fieldPath: metadata.annotations
path: config.properties
name: operator-olm-config
strategy: deployment
installModes:
- supported: false
type: OwnNamespace
- supported: false
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: true
type: AllNamespaces
keywords:
- istio
- maistra
- servicemesh
links:
- name: Red Hat OpenShift Service Mesh
url: https://docs.openshift.com/container-platform/latest/service_mesh/servicemesh-release-notes.html
- name: Istio
url: https://istio.io/
- name: Operator Source Code
url: https://github.com/Maistra/istio-operator
- name: Bugs
url: https://issues.redhat.com/projects/OSSM
maintainers:
- email: istio-feedback@redhat.com
name: Red Hat, OpenShift Service Mesh
maturity: alpha
provider:
name: Red Hat, Inc.
version: 1.1.1
status:
conditions:
- lastTransitionTime: "2020-05-28T22:14:52Z"
lastUpdateTime: "2020-05-28T22:14:52Z"
message: requirements not yet checked
phase: Pending
reason: RequirementsUnknown
- lastTransitionTime: "2020-05-28T22:14:52Z"
lastUpdateTime: "2020-05-28T22:14:52Z"
message: one or more requirements couldn't be found
phase: Pending
reason: RequirementsNotMet
- lastTransitionTime: "2020-05-28T22:14:54Z"
lastUpdateTime: "2020-05-28T22:14:54Z"
message: all requirements found, attempting install
phase: InstallReady
reason: AllRequirementsMet
- lastTransitionTime: "2020-05-28T22:14:55Z"
lastUpdateTime: "2020-05-28T22:14:55Z"
message: waiting for install components to report healthy
phase: Installing
reason: InstallSucceeded
- lastTransitionTime: "2020-05-28T22:14:55Z"
lastUpdateTime: "2020-05-28T22:14:56Z"
message: |
installing: waiting for deployment istio-operator to become ready: Waiting for rollout to finish: 0 of 1 updated replicas are available...
phase: Installing
reason: InstallWaiting
- lastTransitionTime: "2020-05-28T22:15:00Z"
lastUpdateTime: "2020-05-28T22:15:00Z"
message: install strategy completed with no errors
phase: Succeeded
reason: InstallSucceeded
lastTransitionTime: "2020-05-28T22:15:00Z"
lastUpdateTime: "2020-05-28T22:15:00Z"
message: install strategy completed with no errors
phase: Succeeded
reason: InstallSucceeded
requirementStatus:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
message: CRD is present and Established condition is true
name: servicemeshcontrolplanes.maistra.io
status: Present
uuid: 3c5077f8-a722-464e-a56a-4ea8ccee8f3d
version: v1beta1
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
message: CRD is present and Established condition is true
name: servicemeshmemberrolls.maistra.io
status: Present
uuid: 9c883715-a59c-4bca-891d-71075461c8a2
version: v1beta1
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
message: CRD is present and Established condition is true
name: servicemeshmembers.maistra.io
status: Present
uuid: f281cc3c-2bf0-4429-84a4-72121a9bf29f
version: v1beta1
- dependents:
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":[""],"resources":["configmaps","endpoints","namespaces","persistentvolumeclaims","pods","replicationcontrollers","secrets","serviceaccounts","services","events"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["apps","extensions"],"resources":["daemonsets","deployments","deployments/finalizers","ingresses","ingresses/status","replicasets","statefulsets"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["policy"],"resources":["poddisruptionbudgets"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["admissionregistration.k8s.io"],"resources":["mutatingwebhookconfigurations","validatingwebhookconfigurations"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["certmanager.k8s.io"],"resources":["clusterissuers"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["networking.k8s.io"],"resources":["networkpolicies"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["rbac.authorization.k8s.io"],"resources":["clusterrolebindings","clusterroles","rolebindings","roles"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["authentication.istio.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["config.istio.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["networking.istio.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["rbac.istio.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["security.istio.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["jaegertracing.io"],"resources":["jaegers"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["kiali.io"],"resources":["kialis"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["maistra.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["authentication.maistra.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["rbac.maistra.io"],"resources":["*"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["*"],"apiGroups":["route.openshift.io"],"resources":["routes","routes/custom-host"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["create"],"apiGroups":["authorization.k8s.io"],"resources":["subjectaccessreviews"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["get"],"apiGroups":["network.openshift.io"],"resources":["clusternetworks"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["get"],"apiGroups":["config.openshift.io"],"resources":["networks"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["get","list","watch"],"apiGroups":["image.openshift.io"],"resources":["imagestreams"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["get","list","watch","update"],"apiGroups":["network.openshift.io"],"resources":["netnamespaces"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["create","delete","get","list","patch","watch"],"apiGroups":["k8s.cni.cncf.io"],"resources":["network-attachment-definitions"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["use"],"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"resourceNames":["privileged"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["get","list","watch"],"apiGroups":[""],"resources":["nodes","nodes/proxy"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["create"],"apiGroups":["authentication.k8s.io"],"resources":["tokenreviews"]}
status: Satisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: cluster rule:{"verbs":["get"],"nonResourceURLs":["/metrics"]}
status: Satisfied
version: v1beta1
group: ""
kind: ServiceAccount
message: ""
name: istio-operator
status: Present
version: v1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment