diff --git a/api/v1alpha1/values_types_extra.go b/api/v1alpha1/values_types_extra.go index 68b39c3fe..5d65a6690 100644 --- a/api/v1alpha1/values_types_extra.go +++ b/api/v1alpha1/values_types_extra.go @@ -93,7 +93,7 @@ type ZTunnelConfig struct { // Same as `global.logging.level`, but will override it if set Logging *GlobalLoggingConfig `json:"logging,omitempty"` // Specifies whether istio components should output logs in json format by adding --log_as_json argument to each container. - LogAsJson *bool `json:"logAsJson,omitempty"` + LogAsJSON *bool `json:"logAsJSON,omitempty"` } // ZTunnelGlobalConfig is a subset of the Global Configuration used in the Istio ztunnel chart. @@ -118,7 +118,7 @@ type ZTunnelGlobalConfig struct { // Default k8s resources settings for all Isti ImagePullSecrets []string `json:"imagePullSecrets,omitempty"` // Specifies whether istio components should output logs in json format by adding --log_as_json argument to each container. - LogAsJson *bool `json:"logAsJson,omitempty"` + LogAsJSON *bool `json:"logAsJSON,omitempty"` // Specifies the global logging level settings for the Istio control plane components. Logging *GlobalLoggingConfig `json:"logging,omitempty"` diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 08b87e21f..85c39feab 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 creationTimestamp: null name: ztunnels.sailoperator.io spec: @@ -58,6 +58,7 @@ spec: spec: default: namespace: kube-system + profile: ambient version: v1.24.0 description: ZTunnelSpec defines the desired state of ZTunnel properties: @@ -67,10 +68,11 @@ spec: be installed. type: string profile: + default: ambient description: |- The built-in installation configuration profile to use. - The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, openshift-ambient, openshift, preview, remote, stable. + The 'default' profile is 'ambient' and it is always applied. + Must be one of: ambient, default, demo, empty, external, preview, remote, stable. enum: - ambient - default @@ -1560,6 +1562,11 @@ spec: description: Address of the Datadog Agent. type: string type: object + enableIstioTags: + description: |- + Determines whether or not trace spans generated by Envoy will include Istio specific tags. + By default Istio specific tags are included in the trace spans. + type: boolean lightstep: description: |- Use a Lightstep tracer. @@ -2051,6 +2058,12 @@ spec: implements the Envoy ext_authz filter authorization check service using the gRPC API. properties: + clearRouteCache: + description: |- + If true, clears route cache in order to allow the external authorization service to correctly affect routing decisions. + If true, recalculate routes with the new ExtAuthZ added/removed headers. + Default is false + type: boolean failOpen: description: |- If true, the HTTP request or TCP connection will be allowed even if the communication with the authorization service has failed, @@ -2120,6 +2133,12 @@ spec: implements the Envoy ext_authz filter authorization check service using the HTTP API. properties: + clearRouteCache: + description: |- + If true, clears route cache in order to allow the external authorization service to correctly affect routing decisions. + If true, recalculate routes with the new ExtAuthZ added/removed headers. + Default is false + type: boolean failOpen: description: |- If true, the user request will be allowed even if the communication with the authorization service has failed, @@ -2694,7 +2713,7 @@ spec: initialMetadata: description: |- Optional. Additional metadata to include in streams initiated to the GrpcService. This can be used for - scenarios in which additional ad hoc authorization headers (e.g. “x-foo-bar: baz-key“) are to + scenarios in which additional ad hoc authorization headers (e.g. "x-foo-bar: baz-key") are to be injected. items: properties: diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index a5cdde17e..855595438 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 name: ztunnels.sailoperator.io spec: group: sailoperator.io @@ -58,6 +58,7 @@ spec: spec: default: namespace: kube-system + profile: ambient version: v1.24.0 description: ZTunnelSpec defines the desired state of ZTunnel properties: @@ -67,10 +68,11 @@ spec: be installed. type: string profile: + default: ambient description: |- The built-in installation configuration profile to use. - The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, openshift-ambient, openshift, preview, remote, stable. + The 'default' profile is 'ambient' and it is always applied. + Must be one of: ambient, default, demo, empty, external, preview, remote, stable. enum: - ambient - default @@ -1560,6 +1562,11 @@ spec: description: Address of the Datadog Agent. type: string type: object + enableIstioTags: + description: |- + Determines whether or not trace spans generated by Envoy will include Istio specific tags. + By default Istio specific tags are included in the trace spans. + type: boolean lightstep: description: |- Use a Lightstep tracer. @@ -2051,6 +2058,12 @@ spec: implements the Envoy ext_authz filter authorization check service using the gRPC API. properties: + clearRouteCache: + description: |- + If true, clears route cache in order to allow the external authorization service to correctly affect routing decisions. + If true, recalculate routes with the new ExtAuthZ added/removed headers. + Default is false + type: boolean failOpen: description: |- If true, the HTTP request or TCP connection will be allowed even if the communication with the authorization service has failed, @@ -2120,6 +2133,12 @@ spec: implements the Envoy ext_authz filter authorization check service using the HTTP API. properties: + clearRouteCache: + description: |- + If true, clears route cache in order to allow the external authorization service to correctly affect routing decisions. + If true, recalculate routes with the new ExtAuthZ added/removed headers. + Default is false + type: boolean failOpen: description: |- If true, the user request will be allowed even if the communication with the authorization service has failed, @@ -2694,7 +2713,7 @@ spec: initialMetadata: description: |- Optional. Additional metadata to include in streams initiated to the GrpcService. This can be used for - scenarios in which additional ad hoc authorization headers (e.g. “x-foo-bar: baz-key“) are to + scenarios in which additional ad hoc authorization headers (e.g. "x-foo-bar: baz-key") are to be injected. items: properties: diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index e357a4987..b2a9c002b 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -3137,7 +3137,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:kube-system version:v1.24.0 \} | | +| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:kube-system profile:ambient version:v1.24.0 \} | | | `status` _[ZTunnelStatus](#ztunnelstatus)_ | | | | @@ -3295,7 +3295,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `version` _string_ | Defines the version of Istio to install. Must be one of: v1.24.0 or latest. | v1.24.0 | Enum: [v1.24.0 latest] | -| `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, external, openshift-ambient, openshift, preview, remote, stable. | | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | +| `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | kube-system | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | |