@@ -15,52 +15,6 @@ metadata:
1515 namespace : istio-operator
1616 name : istio-operator
1717---
18- # Source: istio-operator/templates/crd.yaml
19- apiVersion : apiextensions.k8s.io/v1beta1
20- kind : CustomResourceDefinition
21- metadata :
22- name : istiooperators.install.istio.io
23- spec :
24- group : install.istio.io
25- names :
26- kind : IstioOperator
27- plural : istiooperators
28- singular : istiooperator
29- shortNames :
30- - iop
31- scope : Namespaced
32- subresources :
33- status : {}
34- validation :
35- openAPIV3Schema :
36- properties :
37- apiVersion :
38- description : ' APIVersion defines the versioned schema of this representation
39- of an object. Servers should convert recognized schemas to the latest
40- internal value, and may reject unrecognized values.
41- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
42- type : string
43- kind :
44- description : ' Kind is a string value representing the REST resource this
45- object represents. Servers may infer this from the endpoint the client
46- submits requests to. Cannot be updated. In CamelCase.
47- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
48- type : string
49- spec :
50- description : ' Specification of the desired state of the istio control plane resource.
51- More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
52- type : object
53- status :
54- description : ' Status describes each of istio control plane component status at the current time.
55- 0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
56- More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
57- https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
58- type : object
59- versions :
60- - name : v1alpha1
61- served : true
62- storage : true
63- ---
6418# Source: istio-operator/templates/clusterrole.yaml
6519apiVersion : rbac.authorization.k8s.io/v1
6620kind : ClusterRole
@@ -93,12 +47,6 @@ rules:
9347 - ' *'
9448 verbs :
9549 - ' *'
96- - apiGroups :
97- - rbac.istio.io
98- resources :
99- - ' *'
100- verbs :
101- - ' *'
10250- apiGroups :
10351 - security.istio.io
10452 resources :
@@ -145,6 +93,7 @@ rules:
14593 verbs :
14694 - get
14795 - create
96+ - update
14897- apiGroups :
14998 - policy
15099 resources :
@@ -168,6 +117,7 @@ rules:
168117 - events
169118 - namespaces
170119 - pods
120+ - pods/proxy
171121 - persistentvolumeclaims
172122 - secrets
173123 - services
@@ -224,10 +174,20 @@ spec:
224174 serviceAccountName : istio-operator
225175 containers :
226176 - name : istio-operator
227- image : docker.io/istio/operator:1.5.3
177+ image : docker.io/istio/operator:1.7.4
228178 command :
229179 - operator
230180 - server
181+ securityContext :
182+ allowPrivilegeEscalation : false
183+ capabilities :
184+ drop :
185+ - ALL
186+ privileged : false
187+ readOnlyRootFilesystem : true
188+ runAsGroup : 1337
189+ runAsUser : 1337
190+ runAsNonRoot : true
231191 imagePullPolicy : IfNotPresent
232192 resources :
233193 limits :
@@ -238,12 +198,16 @@ spec:
238198 memory : 128Mi
239199 env :
240200 - name : WATCH_NAMESPACE
241- value : istio-system
201+ value : " istio-system"
242202 - name : LEADER_ELECTION_NAMESPACE
243- value : istio-operator
203+ value : " istio-operator"
244204 - name : POD_NAME
245205 valueFrom :
246206 fieldRef :
247207 fieldPath : metadata.name
248208 - name : OPERATOR_NAME
249- value : istio-operator
209+ value : " istio-operator"
210+ - name : WAIT_FOR_RESOURCES_TIMEOUT
211+ value : " 300s"
212+ - name : REVISION
213+ value : " "
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments