View Source
const (
	// MetadataNamespace is the namespace for mesh metadata (labels, annotations)
	MetadataNamespace = ""
	// OwningResourceName represents the name of the owner to which the resource relates
	OwningResourceName = MetadataNamespace + "/owning-resource"
	// OwningResourceNamespace represents the namespace of the owner to which the resource relates
	OwningResourceNamespace = MetadataNamespace + "/owning-resource-namespace"

	// IstioComponentLabelStr indicates which Istio component a resource belongs to.
	IstioComponentLabelStr = name.OperatorAPINamespace + "/component"


View Source
var (
	// ComponentDependencies is a tree of component dependencies. The semantics are ComponentDependencies[cname] gives
	// the subtree of components that must wait for cname to be installed before starting installation themselves.
	ComponentDependencies = componentNameToListMap{
		name.PilotComponentName: {
		name.IstioBaseComponentName: {

	// InstallTree is a top down hierarchy tree of dependencies where children must wait for the parent to complete
	// before starting installation.
	InstallTree = make(ComponentTree)
View Source
var (
	// NamespacedResources orders non cluster scope resources types which should be deleted, first to last
	NamespacedResources = []schema.GroupVersionKind{
		{Group: "autoscaling", Version: "v2beta1", Kind: name.HPAStr},
		{Group: "policy", Version: "v1beta1", Kind: name.PDBStr},
		{Group: "apps", Version: "v1", Kind: name.DeploymentStr},
		{Group: "apps", Version: "v1", Kind: name.DaemonSetStr},
		{Group: "", Version: "v1", Kind: name.ServiceStr},
		{Group: "", Version: "v1", Kind: name.CMStr},
		{Group: "", Version: "v1", Kind: name.PVCStr},
		{Group: "", Version: "v1", Kind: name.PodStr},
		{Group: "", Version: "v1", Kind: name.SecretStr},
		{Group: "", Version: "v1", Kind: name.SAStr},
		{Group: "", Version: "v1", Kind: name.RoleBindingStr},
		{Group: "", Version: "v1", Kind: name.RoleStr},
		{Group: name.NetworkingAPIGroupName, Version: "v1alpha3", Kind: name.DestinationRuleStr},
		{Group: name.NetworkingAPIGroupName, Version: "v1alpha3", Kind: name.EnvoyFilterStr},
		{Group: name.NetworkingAPIGroupName, Version: "v1alpha3", Kind: name.GatewayStr},
		{Group: name.NetworkingAPIGroupName, Version: "v1alpha3", Kind: name.VirtualServiceStr},
		{Group: name.SecurityAPIGroupName, Version: "v1beta1", Kind: name.PeerAuthenticationStr},

	// ClusterResources are resource types the operator prunes, ordered by which types should be deleted, first to last.
	ClusterResources = []schema.GroupVersionKind{
		{Group: "", Version: "v1beta1", Kind: name.MutatingWebhookConfigurationStr},
		{Group: "", Version: "v1beta1", Kind: name.ValidatingWebhookConfigurationStr},
		{Group: "", Version: "v1", Kind: name.ClusterRoleStr},
		{Group: "", Version: "v1", Kind: name.ClusterRoleBindingStr},
	// ClusterCPResources lists cluster scope resources types which should be deleted during uninstall command.
	ClusterCPResources = []schema.GroupVersionKind{
		{Group: "", Version: "v1beta1", Kind: name.MutatingWebhookConfigurationStr},
		{Group: "", Version: "v1", Kind: name.MutatingWebhookConfigurationStr},
		{Group: "", Version: "v1", Kind: name.ClusterRoleStr},
		{Group: "", Version: "v1", Kind: name.ClusterRoleBindingStr},
	// AllClusterResources lists all cluster scope resources types which should be deleted in purge case, including CRD.
	AllClusterResources = append(ClusterResources,
		schema.GroupVersionKind{Group: "", Version: "v1beta1", Kind: name.MutatingWebhookConfigurationStr},
		schema.GroupVersionKind{Group: "", Version: "v1beta1", Kind: name.ValidatingWebhookConfigurationStr},
		schema.GroupVersionKind{Group: "", Version: "v1", Kind: name.CRDStr},
		schema.GroupVersionKind{Group: "", Version: "v1beta1", Kind: name.CRDStr})
View Source
var (
	// TestMode sets the controller into test mode. Used for unit tests to bypass things like waiting on resources.
	TestMode = false


func CreateNamespace

func CreateNamespace(cs kubernetes.Interface, namespace string, network string) error

    CreateNamespace creates a namespace using the given k8s interface.

    func InstallTreeString

    func InstallTreeString() string

      InstallTreeString returns a string representation of the dependency tree.

      func WaitForResources

      func WaitForResources(objects object.K8sObjects, restConfig *rest.Config, cs kubernetes.Interface,
      	waitTimeout time.Duration, dryRun bool, l *progress.ManifestLog) error

        WaitForResources polls to get the current status of all pods, PVCs, and Services until all are ready or a timeout is reached


        type ComponentTree

        type ComponentTree map[name.ComponentName]interface{}

          ComponentTree represents a tree of component dependencies.

          type HelmReconciler

          type HelmReconciler struct {
          	// contains filtered or unexported fields

            HelmReconciler reconciles resources rendered by a set of helm charts.

            func NewHelmReconciler

            func NewHelmReconciler(client client.Client, restConfig *rest.Config, iop *valuesv1alpha1.IstioOperator, opts *Options) (*HelmReconciler, error)

              NewHelmReconciler creates a HelmReconciler and returns a ptr to it

              func (*HelmReconciler) ApplyManifest

              func (h *HelmReconciler) ApplyManifest(manifest name.Manifest, serverSideApply bool) (object.K8sObjects, int, error)

                ApplyManifest applies the manifest to create or update resources. It returns the processed (created or updated) objects and the number of objects in the manifests.

                func (*HelmReconciler) ApplyObject

                func (h *HelmReconciler) ApplyObject(obj *unstructured.Unstructured, serverSideApply bool) error

                  ApplyObject creates or updates an object in the API server depending on whether it already exists. It mutates obj.

                  func (*HelmReconciler) CheckSSAEnabled

                  func (h *HelmReconciler) CheckSSAEnabled() bool

                    CheckSSAEnabled is a helper function to check whether ServerSideApply should be used when applying manifests.

                    func (*HelmReconciler) Delete

                    func (h *HelmReconciler) Delete() error

                      Delete resources associated with the custom resource instance

                      func (*HelmReconciler) DeleteAll

                      func (h *HelmReconciler) DeleteAll() error

                        DeleteAll deletes all Istio resources in the cluster.

                        func (*HelmReconciler) DeleteControlPlaneByManifests

                        func (h *HelmReconciler) DeleteControlPlaneByManifests(manifestMap name.ManifestMap,
                        	revision string, includeClusterResources bool) error

                          DeleteControlPlaneByManifests removed resources by manifests with matching revision label. If purge option is set to true, all manifests would be removed regardless of labels match.

                          func (*HelmReconciler) DeleteObjectsList

                          func (h *HelmReconciler) DeleteObjectsList(objectsList []*unstructured.UnstructuredList) error

                            DeleteObjectsList removed resources that are in the slice of UnstructuredList.

                            func (*HelmReconciler) GetPrunedResources

                            func (h *HelmReconciler) GetPrunedResources(revision string, includeClusterResources bool, componentName string) (
                            	[]*unstructured.UnstructuredList, error)

                              GetPrunedResources get the list of resources to be removed 1. if includeClusterResources is false, we list the namespaced resources by matching revision and component labels. 2. if includeClusterResources is true, we list the namespaced and cluster resources by component labels only. If componentName is not empty, only resources associated with specific components would be returned UnstructuredList of objects and corresponding list of name kind hash of k8sObjects would be returned

                              func (*HelmReconciler) Prune

                              func (h *HelmReconciler) Prune(manifests name.ManifestMap, all bool) error

                                Prune removes any resources not specified in manifests generated by HelmReconciler h.

                                func (*HelmReconciler) PruneControlPlaneByRevisionWithController

                                func (h *HelmReconciler) PruneControlPlaneByRevisionWithController(ns, revision string) (*v1alpha1.InstallStatus, error)

                                  PruneControlPlaneByRevisionWithController is called to remove specific control plane revision in specific namespace during reconciliation process of controller. It returns the install status and any error encountered.

                                  func (*HelmReconciler) Reconcile

                                  func (h *HelmReconciler) Reconcile() (*v1alpha1.InstallStatus, error)

                                    Reconcile reconciles the associated resources.

                                    func (*HelmReconciler) RenderCharts

                                    func (h *HelmReconciler) RenderCharts() (name.ManifestMap, error)

                                      RenderCharts renders charts for h.

                                      func (*HelmReconciler) SetStatusBegin

                                      func (h *HelmReconciler) SetStatusBegin() error

                                        SetStatusBegin updates the status field on the IstioOperator instance before reconciling.

                                        func (*HelmReconciler) SetStatusComplete

                                        func (h *HelmReconciler) SetStatusComplete(status *v1alpha1.InstallStatus) error

                                          SetStatusComplete updates the status field on the IstioOperator instance based on the resulting err parameter.

                                          type Options

                                          type Options struct {
                                          	// DryRun executes all actions but does not write anything to the cluster.
                                          	DryRun bool
                                          	// Log is a console logger for user visible CLI output.
                                          	Log clog.Logger
                                          	// Wait determines if we will wait for resources to be fully applied. Only applies to components that have no
                                          	// dependencies.
                                          	Wait bool
                                          	// WaitTimeout controls the amount of time to wait for resources in a component to become ready before giving up.
                                          	WaitTimeout time.Duration
                                          	// Log tracks the installation progress for all components.
                                          	ProgressLog *progress.Log
                                          	// Force ignores validation errors
                                          	Force bool

                                            Options are options for HelmReconciler.