Created
May 28, 2020 22:15
-
-
Save madorn/59e30c15b76b416c73ab5bde9a582969 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: operators.coreos.com/v1alpha1 | |
kind: ClusterServiceVersion | |
metadata: | |
annotations: | |
alm-examples: "[\n {\n \"apiVersion\": \"maistra.io/v1\",\n \"kind\": \"ServiceMeshControlPlane\",\n | |
\ \"metadata\": {\n \"name\": \"basic-install\",\n \"namespace\": | |
\"control-plane-namespace\"\n },\n \"spec\": {\n \"version\": \"v1.1\",\n | |
\ \"istio\": {\n \"gateways\": {\n \"istio-egressgateway\": | |
{\n \"autoscaleEnabled\": false\n },\n \"istio-ingressgateway\": | |
{\n \"autoscaleEnabled\": false,\n \"ior_enabled\": false\n | |
\ }\n },\n \"mixer\": {\n \"policy\": {\n \"autoscaleEnabled\": | |
false\n },\n \"telemetry\": {\n \"autoscaleEnabled\": | |
false\n }\n },\n \"pilot\": {\n \"autoscaleEnabled\": | |
false,\n \"traceSampling\": 100.0\n },\n \"kiali\": {\n | |
\ \"enabled\": true\n },\n \"grafana\": {\n \"enabled\": | |
true\n },\n \"tracing\": {\n \"enabled\": true,\n \"jaeger\": | |
{\n \"template\": \"all-in-one\"\n }\n }\n }\n | |
\ }\n },\n {\n \"apiVersion\": \"maistra.io/v1\",\n \"kind\": \"ServiceMeshMemberRoll\",\n | |
\ \"metadata\": {\n \"name\": \"default\",\n \"namespace\": \"control-plane-namespace\"\n | |
\ },\n \"spec\": {\n \"members\": [\n \"your-project\",\n \"another-of-your-projects\" | |
\n ]\n }\n },\n {\n \"apiVersion\": \"maistra.io/v1\",\n \"kind\": | |
\"ServiceMeshMember\",\n \"metadata\": {\n \"name\": \"default\",\n | |
\ \"namespace\": \"application-namespace\"\n },\n \"spec\": {\n \"controlPlaneRef\": | |
{\n \"name\": \"basic-install\",\n \"namespace\": \"control-plane-namespace\"\n | |
\ }\n }\n }\n]" | |
capabilities: Seamless Upgrades | |
categories: OpenShift Optional, Integration & Delivery | |
certified: "false" | |
containerImage: registry.redhat.io/openshift-service-mesh/istio-rhel8-operator:1.1.1 | |
createdAt: 2020-04-27T12:29:22MDT | |
description: The OpenShift Service Mesh Operator enables you to install, configure, | |
and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service | |
Mesh is based on the open source Istio project. | |
olm.operatorGroup: global-operators | |
olm.operatorNamespace: openshift-operators | |
olm.skipRange: '>=1.0.2 <1.1.1' | |
olm.targetNamespaces: "" | |
repository: https://github.com/maistra/istio-operator | |
support: Red Hat, Inc. | |
creationTimestamp: "2020-05-28T22:14:52Z" | |
generation: 1 | |
labels: | |
olm.api.1d316f16185c2e24: provided | |
olm.api.362f21bbb2de66a0: provided | |
olm.api.542a393f6dfeda9f: provided | |
name: servicemeshoperator.v1.1.1 | |
namespace: openshift-operators | |
resourceVersion: "83515" | |
selfLink: /apis/operators.coreos.com/v1alpha1/namespaces/openshift-operators/clusterserviceversions/servicemeshoperator.v1.1.1 | |
uid: b7d84702-c00b-4bb2-8baa-2914f8125e9e | |
spec: | |
apiservicedefinitions: {} | |
customresourcedefinitions: | |
owned: | |
- description: An Istio control plane installation | |
displayName: Istio Service Mesh Control Plane | |
kind: ServiceMeshControlPlane | |
name: servicemeshcontrolplanes.maistra.io | |
specDescriptors: | |
- description: Specify the version of control control plane you want to install | |
displayName: Control Plane Version | |
path: version | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:General | |
- urn:alm:descriptor:com.tectonic.ui:select:v1.1 | |
- urn:alm:descriptor:com.tectonic.ui:select:v1.0 | |
- description: Enable mTLS for communication between control plane components | |
(galley, pilot, etc.) | |
displayName: Control Plane Security | |
path: istio.global.controlPlaneSecurityEnabled | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:General | |
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | |
- description: Enable mTLS for communcation between services in the mesh | |
displayName: Data Plane Security | |
path: istio.global.mtls.enabled | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:General | |
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | |
- description: Set to true to install Kiali | |
displayName: Install Kiali | |
path: istio.kiali.enabled | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:visualization | |
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | |
- description: Set to true to install Grafana | |
displayName: Install Grafana | |
path: istio.grafana.enabled | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:visualization | |
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | |
- description: Set to false to disable tracing | |
displayName: Install Jaeger | |
path: istio.tracing.enabled | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:tracing | |
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | |
- description: Set template to use when installing Jaeger | |
displayName: Jaeger template | |
path: istio.tracing.jaeger.template | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:tracing | |
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:istio.tracing.enabled:true | |
- urn:alm:descriptor:com.tectonic.ui:select:all-in-one | |
- urn:alm:descriptor:com.tectonic.ui:select:production-elasticsearch | |
- description: Set to true to install the Istio 3Scale adapter | |
displayName: Install 3Scale Adapter | |
path: threeScale.enabled | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:API_Management | |
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch | |
- urn:alm:descriptor:com.tectonic.ui:advanced | |
- description: Limits describes the minimum/maximum amount of compute resources | |
required/allowed | |
displayName: Default Resource Requirements | |
path: istio.global.defaultResources | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:Resource_Requirements | |
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements | |
- urn:alm:descriptor:com.tectonic.ui:advanced | |
version: v1 | |
- description: Marks the containing namespace as a member of the referenced Service | |
Mesh | |
displayName: Istio Service Mesh Member | |
kind: ServiceMeshMember | |
name: servicemeshmembers.maistra.io | |
specDescriptors: | |
- description: The namespace of the ServiceMeshControlPlane to which this namespace | |
belongs | |
displayName: Namespace | |
path: controlPlaneRef.namespace | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:Service_Mesh_Control_Plane | |
- urn:alm:descriptor:io.kubernetes:Namespace | |
- description: The name of the ServiceMeshControlPlane to which this namespace | |
belongs | |
displayName: Name | |
path: controlPlaneRef.name | |
x-descriptors: | |
- urn:alm:descriptor:com.tectonic.ui:fieldGroup:Service_Mesh_Control_Plane | |
- urn:alm:descriptor:com.tectonic.ui:text | |
version: v1 | |
- description: A list of namespaces in Service Mesh | |
displayName: Istio Service Mesh Member Roll | |
kind: ServiceMeshMemberRoll | |
name: servicemeshmemberrolls.maistra.io | |
version: v1 | |
description: |- | |
Red Hat OpenShift Service Mesh is a platform that provides behavioral insight and operational control over a service mesh, providing a uniform way to connect, secure, and monitor microservice applications. | |
### Overview | |
Red Hat OpenShift Service Mesh, based on the open source [Istio](https://istio.io/) project, adds a transparent layer on existing | |
distributed applications without requiring any changes to the service code. You add Red Hat OpenShift Service Mesh | |
support to services by deploying a special sidecar proxy throughout your environment that intercepts all network | |
communication between microservices. You configure and manage the service mesh using the control plane features. | |
Red Hat OpenShift Service Mesh provides an easy way to create a network of deployed services that provides discovery, | |
load balancing, service-to-service authentication, failure recovery, metrics, and monitoring. A service mesh also | |
provides more complex operational functionality, including A/B testing, canary releases, rate limiting, access | |
control, and end-to-end authentication. | |
### Core Capabilities | |
Red Hat OpenShift Service Mesh supports uniform application of a number of key capabilities across a network of services: | |
+ **Traffic Management** - Control the flow of traffic and API calls between services, make calls more reliable, | |
and make the network more robust in the face of adverse conditions. | |
+ **Service Identity and Security** - Provide services in the mesh with a verifiable identity and provide the | |
ability to protect service traffic as it flows over networks of varying degrees of trustworthiness. | |
+ **Policy Enforcement** - Apply organizational policy to the interaction between services, ensure access policies | |
are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the | |
mesh, not by changing application code. | |
+ **Telemetry** - Gain understanding of the dependencies between services and the nature and flow of traffic between | |
them, providing the ability to quickly identify issues. | |
### Joining Projects Into a Mesh | |
Once an instance of Red Hat OpenShift Service Mesh has been installed, it will only exercise control over services within its own | |
project. Other projects may be added into the mesh using one of two methods: | |
1. A **ServiceMeshMember** resource may be created in other projects to add those projects into the mesh. The | |
**ServiceMeshMember** specifies a reference to the **ServiceMeshControlPlane** object that was used to install | |
the control plane. The user creating the **ServiceMeshMember** resource must have permission to *use* the | |
**ServiceMeshControlPlane** object. The adminstrator for the project containing the control plane can grant | |
individual users or groups the *use* permissions. | |
2. A **ServiceMeshMemberRoll** resource may be created in the project containing the control plane. This resource | |
contains a single *members* list of all the projects that should belong in the mesh. The resource must be named | |
*default*. The user creating the resource must have *edit* or *admin* permissions for all projects in the | |
*members* list. | |
### More Information | |
* [Documentation](https://docs.openshift.com/container-platform/latest/service_mesh/servicemesh-release-notes.html) | |
* [Bugs](https://issues.redhat.com/projects/OSSM) | |
displayName: Red Hat OpenShift Service Mesh | |
icon: | |
- base64data: |- | |
iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAADDPmHLAAAACXBIWXMAAAFiAAABYgFfJ9BTAAAH | |
L0lEQVR4nO2du24bRxSGz5LL+01kaMuX2HShnmlSi2VUBM4bKG/gdGFnl+rsBwggvUHUsTT9AIGd | |
noWCIIWNIJZNWKLM5Uww1K4sC6JEQrP7z8yeDyDYCHuG3F/nNmeWnpSSTMXvD3tE9Ey9gp3e0NiF | |
WkzGgqVvEtFLvz/c8/vDNQPW4xQ2CCBim4gO/P7wFzOW4wY2CUDRIKLnfn/4xu8PvzNgPdZjmwAi | |
ukT02u8Pn5mxHHuxVQART9kb3AzbBUDsDW6GFgEMRuNHwM8QobzBkCuF1dDlAfYGo/GeAULYDCuF | |
Hngd1qAzBKgy7c1gNEa74kbYN+CQsAS6cwD15T8djMZKCOj/QhUS9jkkXE1cSaBKzF4ORuMXg9EY | |
eQMeE9GQq4TFxF0FPAnDAtIbdEMRcF5wCUmUgZ3QGyBjcpQX/Axcg5Ek2QeIcgNkpbDLyeHXJN0I | |
6oYh4aeE7Z5HJYd7QPtGgegEKnf8OzgkbLMITkG2glVI2AdWCXMRpL1MRO8FzMs0pAjCCiG1IjBh | |
M0jlBQeD0RhVq3fTLAJTdgMboSeAigBkG4pJ28FKBK8HozGqVu+mMTE0cR5gFyiC1FUHpg6EsAgS | |
wuSJoN3t7+//ALK9nZbpY6NHwh7drf8qG+VjkPnnadg7MFoA+bxPYn2tBBTBrutbyVYMhc5FUMih | |
zDs9T2DNVLB42D4GiUCVp862jO0ZC/e8knjYnlAGsmTVKHKyMrDrXIDnFWedW/+BRPDYxVkC+w6G | |
5LItca/5L8i6miVAzjJox8qTQbJcaIt2/QPIvMoHTDgIowVrj4bJVrUhq8UjgGmVFO4D7MaC1WcD | |
xd2mR7kswrTaOHqBMKwbuw+Hel5p9m0blRQ+cWHU3P7TwSopvFVHJYXWnzxy4Xg4yUa5DcwHrO4P | |
OCEAOs0HMsD+gLWloTMCUE0i8eAbVCiwtlXsjgBUKCjk2rJZnQBMWxsKnBKAQrRrAlQaWhkKnBMA | |
eV5Z3GtxKFgS9wQQhQLMEIkKBVY1iJwUgELcbnigqmDbpgaRswKYVwV31t6CrFvjBdwVgAoF1eK6 | |
LBcQpru2TBU7LQCFuLOGSgif2ZAQOi8A8rOcEF6B+wLAJ4RGTxSnQgDzhLBVRU0QGe0F0iEAlRA2 | |
KzlQh3DT5LIwNQKYdwhvNbgsvEB6BBCWhcARMiPPGaZKAAqgFzDyTEHqBAD0Ah0TvUDqBEDsBb4i | |
lQJgL/CFVAqA2AuckVoBsBc4JbUCUIhGBdUdNMYLpFoAslnJg/YIOqbMD6ZaAOpomawVUc8fMmJe | |
IN0CmE8R1z+DTBuxR5B6AVA2o46Zo6zDk0EWwOmzBv4Gmd5GP2yCBaAEUMw/AJWEhPYCLIAQYEkI | |
TQZZACFyrSxAphvIxhALICKTaaYxGWQBnEM2yqhkcBM1PMoCOIesFB+AOoOEygVYABcAdgYhrWEW | |
wAVEq4YSACQZZAFcJJdtAXsCiXsBFsAlyFrpPcj046Q7gyyASxBrlRnQfKJegAVwGX62nZbWMAtg | |
AcAw0E2yJ8ACWIColxFPHo1IzAuwABaR9+8Dm0KJ5QEsgCsANoU6SYUBFsAVyGoR9XgZSioMsACu | |
QP00DdB8ImGABXAVamoY94OViYQBFsA1yHoJdYRMEfvUMAvgGmSlGADNx54HsACuA1sOduPeG2AB | |
LIEs55HmYw0DLIAlkNXiP0DzsVYDLIAlkKU8Mg9gDwAn53eAS2jEeYaQBbAkoKeOR7AA0MhKAdkP | |
iC0PYAEsSymPOkZOYTkYy6PnWQBLon6HCLyEWMIAC2BZPK8EHBMjFoABADeGiAVgALJc+Au4iljy | |
ABbAKhRz6O9LuxdgAayAzPtV8BK0zwewAFYhk2mCV8AeAA24I7ip+4IsgFXJZVGTwnN0j4mxAFZE | |
FnLvwEtgAUBxrBJgAayIzGZQTxOLYA8Axc/eAa+gq/Nivs6LOUMwe0tCBt7RSUBSFr1PJ+vqo3lH | |
J+oNWgZQmAgGO703Wq6l4yLWoW6wlBPv+LMf3ugOCUneZEok5h5+3fCPpMIAC2AhQrynmfjofQ4y | |
NJ0J72R6m6azkjcNiKbzh3+YfoOvQ9uouJ0CkPKYgtk7byYyNJkKL5jVaTJt0kyQdzJVf9EMX66i | |
rRIwWQCv3n+ctLzDT/WzOPzlBpfU2Tn8EmE44QH+JKLDMJadvW9t1IbRH/z42x+9DNFL4BpNRZv4 | |
4xSA2js/OPc6u9FbG7XDGO2mAjUqHuz0hjf9rLoEsBe+5jd8a6N2oOm6zGK0DIdoEcDWRm1Px3WY | |
lVCl4P5NvzLuBNqLFg/AArAXLXsC3Ao2m0srJfUe7PS0JNIsACwXK6WzV7DTSySRZgHEy4fL/nuT | |
vMHXwQK4Oa/CKwzP32hdu3VxwwK4notxeN580dGEMQEWwJc4HFuiZTJpEEAUh2GJlsm4IIBFiZY1 | |
cRiJLQI4n2iRa3EYBhH9D18eNW58bi76AAAAAElFTkSuQmCC | |
mediatype: image/png | |
install: | |
spec: | |
clusterPermissions: | |
- rules: | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
- endpoints | |
- namespaces | |
- persistentvolumeclaims | |
- pods | |
- replicationcontrollers | |
- secrets | |
- serviceaccounts | |
- services | |
- events | |
verbs: | |
- '*' | |
- apiGroups: | |
- apps | |
- extensions | |
resources: | |
- daemonsets | |
- deployments | |
- deployments/finalizers | |
- ingresses | |
- ingresses/status | |
- replicasets | |
- statefulsets | |
verbs: | |
- '*' | |
- apiGroups: | |
- autoscaling | |
resources: | |
- horizontalpodautoscalers | |
verbs: | |
- '*' | |
- apiGroups: | |
- policy | |
resources: | |
- poddisruptionbudgets | |
verbs: | |
- '*' | |
- apiGroups: | |
- admissionregistration.k8s.io | |
resources: | |
- mutatingwebhookconfigurations | |
- validatingwebhookconfigurations | |
verbs: | |
- '*' | |
- apiGroups: | |
- apiextensions.k8s.io | |
resources: | |
- customresourcedefinitions | |
verbs: | |
- '*' | |
- apiGroups: | |
- certmanager.k8s.io | |
resources: | |
- clusterissuers | |
verbs: | |
- '*' | |
- apiGroups: | |
- networking.k8s.io | |
resources: | |
- networkpolicies | |
verbs: | |
- '*' | |
- apiGroups: | |
- rbac.authorization.k8s.io | |
resources: | |
- clusterrolebindings | |
- clusterroles | |
- rolebindings | |
- roles | |
verbs: | |
- '*' | |
- apiGroups: | |
- authentication.istio.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- config.istio.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- networking.istio.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- rbac.istio.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- security.istio.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- jaegertracing.io | |
resources: | |
- jaegers | |
verbs: | |
- '*' | |
- apiGroups: | |
- kiali.io | |
resources: | |
- kialis | |
verbs: | |
- '*' | |
- apiGroups: | |
- maistra.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- authentication.maistra.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- rbac.maistra.io | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- apiGroups: | |
- route.openshift.io | |
resources: | |
- routes | |
- routes/custom-host | |
verbs: | |
- '*' | |
- apiGroups: | |
- authorization.k8s.io | |
resources: | |
- subjectaccessreviews | |
verbs: | |
- create | |
- apiGroups: | |
- network.openshift.io | |
resources: | |
- clusternetworks | |
verbs: | |
- get | |
- apiGroups: | |
- config.openshift.io | |
resources: | |
- networks | |
verbs: | |
- get | |
- apiGroups: | |
- image.openshift.io | |
resources: | |
- imagestreams | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- network.openshift.io | |
resources: | |
- netnamespaces | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
- apiGroups: | |
- k8s.cni.cncf.io | |
resources: | |
- network-attachment-definitions | |
verbs: | |
- create | |
- delete | |
- get | |
- list | |
- patch | |
- watch | |
- apiGroups: | |
- security.openshift.io | |
resourceNames: | |
- privileged | |
resources: | |
- securitycontextconstraints | |
verbs: | |
- use | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
- nodes/proxy | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- authentication.k8s.io | |
resources: | |
- tokenreviews | |
verbs: | |
- create | |
- nonResourceURLs: | |
- /metrics | |
verbs: | |
- get | |
serviceAccountName: istio-operator | |
deployments: | |
- name: istio-operator | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
name: istio-operator | |
strategy: {} | |
template: | |
metadata: | |
annotations: | |
oauth-proxy.name: oauth-proxy | |
oauth-proxy.namespace: openshift | |
oauth-proxy.query: "true" | |
oauth-proxy.tag: v4.4 | |
olm.relatedImage.v1_0.3scale-istio-adapter: registry.redhat.io/openshift-service-mesh/3scale-istio-adapter-rhel8@sha256:00fb544a95b16c652cc571396679c65d5889b2cfe6f1a0176f560a1678309a35 | |
olm.relatedImage.v1_0.citadel: registry.redhat.io/openshift-service-mesh/citadel-rhel8@sha256:a49954528575c8480d6763e4793ab65de0f4c19ba5963544d57c91ededd63a90 | |
olm.relatedImage.v1_0.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:b7b36d109847b11748442358178892d1e19ac121c920efe940f3b8dbc70ee28b | |
olm.relatedImage.v1_0.galley: registry.redhat.io/openshift-service-mesh/galley-rhel8@sha256:620c85bdec44380711c00f189c4042f3a669eba2c089ca6cf9ae8ee5c4358121 | |
olm.relatedImage.v1_0.grafana: registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:f76e8bbd26c2bd474d55ce6378874fcb736e464aa0737ca22897a7b58b55661f | |
olm.relatedImage.v1_0.mixer: registry.redhat.io/openshift-service-mesh/mixer-rhel8@sha256:ad6ad158e647d11031d4478ed46bbabba83b4f66ba3a8068bd5ec82679511c5f | |
olm.relatedImage.v1_0.pilot: registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:ebfc7f79d8c0cec52c6aac1727eee84f15c43a3d0f7b4503ae14d8ee6a8bd025 | |
olm.relatedImage.v1_0.prometheus: registry.redhat.io/openshift-service-mesh/prometheus-rhel8@sha256:70960efc418688d96d6e9b1ee8a35905ce221cb08d9e5aefff9616e44b95cd9f | |
olm.relatedImage.v1_0.proxy-init: registry.redhat.io/openshift-service-mesh/proxy-init-rhel7@sha256:7d14fc0fb52b7bf98427e9fb0cefbb3fd269e8a9341c2e17ba9cc347e53f73b8 | |
olm.relatedImage.v1_0.proxyv2: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:e7813217b71b1004f7fcf5e212bf4f13ae7148f498860fb8b1e521a0147580ad | |
olm.relatedImage.v1_0.sidecar-injector: registry.redhat.io/openshift-service-mesh/sidecar-injector-rhel8@sha256:2f2361f4a0216fb3a2563b121ab7218e35af63114811683fc5c8e4889e999652 | |
olm.relatedImage.v1_1.3scale-istio-adapter: registry.redhat.io/openshift-service-mesh/3scale-istio-adapter-rhel8@sha256:00fb544a95b16c652cc571396679c65d5889b2cfe6f1a0176f560a1678309a35 | |
olm.relatedImage.v1_1.citadel: registry.redhat.io/openshift-service-mesh/citadel-rhel8@sha256:f086c33effa80982191d20ca2dde3856ec8fd434336080d3664fafd2c0b7ba34 | |
olm.relatedImage.v1_1.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:187adf6108d6f35a9ef6ad2f36b99915641e58f41089efc992aeba3ea5a59930 | |
olm.relatedImage.v1_1.galley: registry.redhat.io/openshift-service-mesh/galley-rhel8@sha256:099e233bec27e0653e0eec41f1da296df2065985ae721d7da0c6461ee2e97a4f | |
olm.relatedImage.v1_1.grafana: registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:44fb361aae40bef62186df44428cbf8bcabce2d645078313e4fd29cf9cb520ff | |
olm.relatedImage.v1_1.ior: registry.redhat.io/openshift-service-mesh/ior-rhel8@sha256:93f4f298d09bee60c79aa29d58dbb67a3ac2902c06b31a96c389992e989d3146 | |
olm.relatedImage.v1_1.mixer: registry.redhat.io/openshift-service-mesh/mixer-rhel8@sha256:060dbd5b792157edd3d4a7e03df3774565e1bf6e49d5fb0dff55c443408177c7 | |
olm.relatedImage.v1_1.pilot: registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:5ef83ddc7f1f26aa20102dab19a096884ad590efb7972b1ca25481aa7be1160c | |
olm.relatedImage.v1_1.prometheus: registry.redhat.io/openshift-service-mesh/prometheus-rhel8@sha256:38d8ef942e938a8a3501a8f5213bdfd2bf27fcdf5f5bbc6d1ed23483affe1835 | |
olm.relatedImage.v1_1.proxy-init: registry.redhat.io/openshift-service-mesh/proxy-init-rhel7@sha256:9e049ae662c966369a907839fc01168860f12e97c30304edf9b141c9e781fcd9 | |
olm.relatedImage.v1_1.proxyv2: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:c80671c1cc8254336499fe92c9de7b597e2e6b71d8c5420e63e7ce90e422b5ed | |
olm.relatedImage.v1_1.sidecar-injector: registry.redhat.io/openshift-service-mesh/sidecar-injector-rhel8@sha256:70d89f0888dc52dfd97961d62270bd3fcdfe1fa457cc8bbba678832f0d5fc2fd | |
creationTimestamp: null | |
labels: | |
name: istio-operator | |
spec: | |
containers: | |
- command: | |
- istio-operator | |
- --config | |
- /etc/operator/olm/config.properties | |
env: | |
- name: WATCH_NAMESPACE | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: OPERATOR_NAME | |
value: istio-operator | |
image: registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:00e9dc96b46596c8a0da521cb32042dbf06a1c5e8bcc1988dee37ba17e5d964f | |
imagePullPolicy: Always | |
name: istio-operator | |
ports: | |
- containerPort: 11999 | |
name: validation | |
- containerPort: 60000 | |
name: metrics | |
resources: {} | |
volumeMounts: | |
- mountPath: /etc/operator/olm | |
name: operator-olm-config | |
readOnly: true | |
serviceAccountName: istio-operator | |
volumes: | |
- downwardAPI: | |
defaultMode: 420 | |
items: | |
- fieldRef: | |
fieldPath: metadata.annotations | |
path: config.properties | |
name: operator-olm-config | |
strategy: deployment | |
installModes: | |
- supported: false | |
type: OwnNamespace | |
- supported: false | |
type: SingleNamespace | |
- supported: false | |
type: MultiNamespace | |
- supported: true | |
type: AllNamespaces | |
keywords: | |
- istio | |
- maistra | |
- servicemesh | |
links: | |
- name: Red Hat OpenShift Service Mesh | |
url: https://docs.openshift.com/container-platform/latest/service_mesh/servicemesh-release-notes.html | |
- name: Istio | |
url: https://istio.io/ | |
- name: Operator Source Code | |
url: https://github.com/Maistra/istio-operator | |
- name: Bugs | |
url: https://issues.redhat.com/projects/OSSM | |
maintainers: | |
- email: istio-feedback@redhat.com | |
name: Red Hat, OpenShift Service Mesh | |
maturity: alpha | |
provider: | |
name: Red Hat, Inc. | |
version: 1.1.1 | |
status: | |
conditions: | |
- lastTransitionTime: "2020-05-28T22:14:52Z" | |
lastUpdateTime: "2020-05-28T22:14:52Z" | |
message: requirements not yet checked | |
phase: Pending | |
reason: RequirementsUnknown | |
- lastTransitionTime: "2020-05-28T22:14:52Z" | |
lastUpdateTime: "2020-05-28T22:14:52Z" | |
message: one or more requirements couldn't be found | |
phase: Pending | |
reason: RequirementsNotMet | |
- lastTransitionTime: "2020-05-28T22:14:54Z" | |
lastUpdateTime: "2020-05-28T22:14:54Z" | |
message: all requirements found, attempting install | |
phase: InstallReady | |
reason: AllRequirementsMet | |
- lastTransitionTime: "2020-05-28T22:14:55Z" | |
lastUpdateTime: "2020-05-28T22:14:55Z" | |
message: waiting for install components to report healthy | |
phase: Installing | |
reason: InstallSucceeded | |
- lastTransitionTime: "2020-05-28T22:14:55Z" | |
lastUpdateTime: "2020-05-28T22:14:56Z" | |
message: | | |
installing: waiting for deployment istio-operator to become ready: Waiting for rollout to finish: 0 of 1 updated replicas are available... | |
phase: Installing | |
reason: InstallWaiting | |
- lastTransitionTime: "2020-05-28T22:15:00Z" | |
lastUpdateTime: "2020-05-28T22:15:00Z" | |
message: install strategy completed with no errors | |
phase: Succeeded | |
reason: InstallSucceeded | |
lastTransitionTime: "2020-05-28T22:15:00Z" | |
lastUpdateTime: "2020-05-28T22:15:00Z" | |
message: install strategy completed with no errors | |
phase: Succeeded | |
reason: InstallSucceeded | |
requirementStatus: | |
- group: apiextensions.k8s.io | |
kind: CustomResourceDefinition | |
message: CRD is present and Established condition is true | |
name: servicemeshcontrolplanes.maistra.io | |
status: Present | |
uuid: 3c5077f8-a722-464e-a56a-4ea8ccee8f3d | |
version: v1beta1 | |
- group: apiextensions.k8s.io | |
kind: CustomResourceDefinition | |
message: CRD is present and Established condition is true | |
name: servicemeshmemberrolls.maistra.io | |
status: Present | |
uuid: 9c883715-a59c-4bca-891d-71075461c8a2 | |
version: v1beta1 | |
- group: apiextensions.k8s.io | |
kind: CustomResourceDefinition | |
message: CRD is present and Established condition is true | |
name: servicemeshmembers.maistra.io | |
status: Present | |
uuid: f281cc3c-2bf0-4429-84a4-72121a9bf29f | |
version: v1beta1 | |
- dependents: | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":[""],"resources":["configmaps","endpoints","namespaces","persistentvolumeclaims","pods","replicationcontrollers","secrets","serviceaccounts","services","events"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["apps","extensions"],"resources":["daemonsets","deployments","deployments/finalizers","ingresses","ingresses/status","replicasets","statefulsets"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["policy"],"resources":["poddisruptionbudgets"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["admissionregistration.k8s.io"],"resources":["mutatingwebhookconfigurations","validatingwebhookconfigurations"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["certmanager.k8s.io"],"resources":["clusterissuers"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["networking.k8s.io"],"resources":["networkpolicies"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["rbac.authorization.k8s.io"],"resources":["clusterrolebindings","clusterroles","rolebindings","roles"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["authentication.istio.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["config.istio.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["networking.istio.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["rbac.istio.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["security.istio.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["jaegertracing.io"],"resources":["jaegers"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["kiali.io"],"resources":["kialis"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["maistra.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["authentication.maistra.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["rbac.maistra.io"],"resources":["*"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["*"],"apiGroups":["route.openshift.io"],"resources":["routes","routes/custom-host"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["create"],"apiGroups":["authorization.k8s.io"],"resources":["subjectaccessreviews"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["get"],"apiGroups":["network.openshift.io"],"resources":["clusternetworks"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["get"],"apiGroups":["config.openshift.io"],"resources":["networks"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["get","list","watch"],"apiGroups":["image.openshift.io"],"resources":["imagestreams"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["get","list","watch","update"],"apiGroups":["network.openshift.io"],"resources":["netnamespaces"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["create","delete","get","list","patch","watch"],"apiGroups":["k8s.cni.cncf.io"],"resources":["network-attachment-definitions"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["use"],"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"resourceNames":["privileged"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["get","list","watch"],"apiGroups":[""],"resources":["nodes","nodes/proxy"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["create"],"apiGroups":["authentication.k8s.io"],"resources":["tokenreviews"]} | |
status: Satisfied | |
version: v1beta1 | |
- group: rbac.authorization.k8s.io | |
kind: PolicyRule | |
message: cluster rule:{"verbs":["get"],"nonResourceURLs":["/metrics"]} | |
status: Satisfied | |
version: v1beta1 | |
group: "" | |
kind: ServiceAccount | |
message: "" | |
name: istio-operator | |
status: Present | |
version: v1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment