Istio API Resources #

25 个 Istio CRD： - adapter - [attributemanifest](https://istio.io/latest/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/#AttributeManifest) - describes a set of Attributes produced by some component of an Istio deployment. - handler - HTTPAPISpecBinding - HTTPAPISpec - instance - QuotaSpecBinding - QuotaSpec - rule - template - [IstioOperator](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec) - defines the desired installed state of Istio components - [DestinationRule](https://istio.io/latest/docs/reference/config/networking/destination-rule/) - defines policies that apply to traffic intended for a service after routing has occurred. - [EnvoyFilter](https://istio.io/latest/docs/reference/config/networking/envoy-filter/) - provides a mechanism to customize the Envoy configuration generated by Istio Pilot. - [Gateway](https://istio.io/latest/docs/reference/config/networking/gateway/) - describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections. - ServiceEntry - Sidecar - [VirtualService](https://istio.io/latest/docs/reference/config/networking/virtual-service/) - Configuration affecting traffic routing. - [WorkloadEntry](https://istio.io/latest/docs/reference/config/networking/workload-entry/) - enables operators to describe the properties of a single non-Kubernetes workload such as a VM or a bare metal server as it is onboarded into the mesh. - ClusterRbacConfig - RbacConfig - ServiceRoleBinding - ServiceRole - AuthorizationPolicy - PeerAuthentication - RequestAuthentication --- 相比于 1.4.6 - 多了 - IstioOperator - WorkloadEntry - 少了 - MeshPolicy - Policy | NAME | SHORTNAMES | APIGROUP | NAMESPACED | KIND | 定义代码 | 备注 | | ------------------------------- | ---------- | ---------------------------- | ---------- | ------------------------------ | -------- | ---- | | bindings | | | true | Binding | | | | componentstatuses | cs | | false | ComponentStatus | | | | configmaps | cm | | true | ConfigMap | | | | endpoints | ep | | true | Endpoints | | | | events | ev | | true | Event | | | | limitranges | limits | | true | LimitRange | | | | namespaces | ns | | false | Namespace | | | | nodes | no | | false | Node | | | | persistentvolumeclaims | pvc | | true | PersistentVolumeClaim | | | | persistentvolumes | pv | | false | PersistentVolume | | | | pods | po | | true | Pod | | | | podtemplates | | | true | PodTemplate | | | | replicationcontrollers | rc | | true | ReplicationController | | | | resourcequotas | quota | | true | ResourceQuota | | | | secrets | | | true | Secret | | | | serviceaccounts | sa | | true | ServiceAccount | | | | services | svc | | true | Service | | | | mutatingwebhookconfigurations | | admissionregistration.k8s.io | false | MutatingWebhookConfiguration | | | | validatingwebhookconfigurations | | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration | | | | customresourcedefinitions | crd,crds | apiextensions.k8s.io | false | CustomResourceDefinition | | | | apiservices | | apiregistration.k8s.io | false | APIService | | | | controllerrevisions | | apps | true | ControllerRevision | | | | daemonsets | ds | apps | true | DaemonSet | | | | deployments | deploy | apps | true | Deployment | | | | replicasets | rs | apps | true | ReplicaSet | | | | statefulsets | sts | apps | true | StatefulSet | | | | tokenreviews | | authentication.k8s.io | false | TokenReview | | | | localsubjectaccessreviews | | authorization.k8s.io | true | LocalSubjectAccessReview | | | | selfsubjectaccessreviews | | authorization.k8s.io | false | SelfSubjectAccessReview | | | | selfsubjectrulesreviews | | authorization.k8s.io | false | SelfSubjectRulesReview | | | | subjectaccessreviews | | authorization.k8s.io | false | SubjectAccessReview | | | | horizontalpodautoscalers | hpa | autoscaling | true | HorizontalPodAutoscaler | | | | cronjobs | cj | batch | true | CronJob | | | | jobs | | batch | true | Job | | | | certificatesigningrequests | csr | certificates.k8s.io | false | CertificateSigningRequest | | | | adapters | | config.istio.io | true | adapter | | | | attributemanifests | | config.istio.io | true | attributemanifest | | | | handlers | | config.istio.io | true | handler | | | | httpapispecbindings | | config.istio.io | true | HTTPAPISpecBinding | | | | httpapispecs | | config.istio.io | true | HTTPAPISpec | | | | instances | | config.istio.io | true | instance | | | | quotaspecbindings | | config.istio.io | true | QuotaSpecBinding | | | | quotaspecs | | config.istio.io | true | QuotaSpec | | | | rules | | config.istio.io | true | rule | | | | templates | | config.istio.io | true | template | | | | leases | | coordination.k8s.io | true | Lease | | | | endpointslices | | discovery.k8s.io | true | EndpointSlice | | | | events | ev | events.k8s.io | true | Event | | | | ingresses | ing | extensions | true | Ingress | | | | istiooperators | iop | install.istio.io | true | IstioOperator | | | | destinationrules | dr | networking.istio.io | true | DestinationRule | | | | envoyfilters | | networking.istio.io | true | EnvoyFilter | | | | gateways | gw | networking.istio.io | true | Gateway | | | | serviceentries | se | networking.istio.io | true | ServiceEntry | | | | sidecars | | networking.istio.io | true | Sidecar | | | | virtualservices | vs | networking.istio.io | true | VirtualService | | | | workloadentries | we | networking.istio.io | true | WorkloadEntry | | | | ingressclasses | | networking.k8s.io | false | IngressClass | | | | ingresses | ing | networking.k8s.io | true | Ingress | | | | networkpolicies | netpol | networking.k8s.io | true | NetworkPolicy | | | | runtimeclasses | | node.k8s.io | false | RuntimeClass | | | | poddisruptionbudgets | pdb | policy | true | PodDisruptionBudget | | | | podsecuritypolicies | psp | policy | false | PodSecurityPolicy | | | | clusterrolebindings | | rbac.authorization.k8s.io | false | ClusterRoleBinding | | | | clusterroles | | rbac.authorization.k8s.io | false | ClusterRole | | | | rolebindings | | rbac.authorization.k8s.io | true | RoleBinding | | | | roles | | rbac.authorization.k8s.io | true | Role | | | | clusterrbacconfigs | | rbac.istio.io | false | ClusterRbacConfig | | | | rbacconfigs | | rbac.istio.io | true | RbacConfig | | | | servicerolebindings | | rbac.istio.io | true | ServiceRoleBinding | | | | serviceroles | | rbac.istio.io | true | ServiceRole | | | | priorityclasses | pc | scheduling.k8s.io | false | PriorityClass | | | | authorizationpolicies | | security.istio.io | true | AuthorizationPolicy | | | | peerauthentications | pa | security.istio.io | true | PeerAuthentication | | | | requestauthentications | ra | security.istio.io | true | RequestAuthentication | | | | csidrivers | | storage.k8s.io | false | CSIDriver | | | | csinodes | | storage.k8s.io | false | CSINode | | | | storageclasses | sc | storage.k8s.io | false | StorageClass | | | | volumeattachments | | storage.k8s.io | false | VolumeAttachment | | |

25 个 Istio CRD： - MeshPolicy - Policy - adapter - attributemanifest - handler - HTTPAPISpecBinding - HTTPAPISpec - instance - QuotaSpecBinding - QuotaSpec - rule - template - DestinationRule - EnvoyFilter - Gateway - ServiceEntry - Sidecar - VirtualService - ClusterRbacConfig - RbacConfig - ServiceRoleBinding - ServiceRole - AuthorizationPolicy - PeerAuthentication - RequestAuthentication | NAME | SHORTNAMES | APIGROUP | NAMESPACED | KIND | 定义代码 | 备注 | | ------------------------------- | ---------- | ---------------------------- | ---------- | ------------------------------ | -------- | ---- | | bindings | | | true | Binding | | | | componentstatuses | cs | | false | ComponentStatus | | | | configmaps | cm | | true | ConfigMap | | | | endpoints | ep | | true | Endpoints | | | | events | ev | | true | Event | | | | limitranges | limits | | true | LimitRange | | | | namespaces | ns | | false | Namespace | | | | nodes | no | | false | Node | | | | persistentvolumeclaims | pvc | | true | PersistentVolumeClaim | | | | persistentvolumes | pv | | false | PersistentVolume | | | | pods | po | | true | Pod | | | | podtemplates | | | true | PodTemplate | | | | replicationcontrollers | rc | | true | ReplicationController | | | | resourcequotas | quota | | true | ResourceQuota | | | | secrets | | | true | Secret | | | | serviceaccounts | sa | | true | ServiceAccount | | | | services | svc | | true | Service | | | | mutatingwebhookconfigurations | | admissionregistration.k8s.io | false | MutatingWebhookConfiguration | | | | validatingwebhookconfigurations | | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration | | | | customresourcedefinitions | crd, crds | apiextensions.k8s.io | false | CustomResourceDefinition | | | | apiservices | | apiregistration.k8s.io | false | APIService | | | | controllerrevisions | | apps | true | ControllerRevision | | | | daemonsets | ds | apps | true | DaemonSet | | | | deployments | deploy | apps | true | Deployment | | | | replicasets | rs | apps | true | ReplicaSet | | | | statefulsets | sts | apps | true | StatefulSet | | | | meshpolicies | | authentication.istio.io | false | MeshPolicy | | | | policies | | authentication.istio.io | true | Policy | | | | tokenreviews | | authentication.k8s.io | false | TokenReview | | | | localsubjectaccessreviews | | authorization.k8s.io | true | LocalSubjectAccessReview | | | | selfsubjectaccessreviews | | authorization.k8s.io | false | SelfSubjectAccessReview | | | | selfsubjectrulesreviews | | authorization.k8s.io | false | SelfSubjectRulesReview | | | | subjectaccessreviews | | authorization.k8s.io | false | SubjectAccessReview | | | | horizontalpodautoscalers | hpa | autoscaling | true | HorizontalPodAutoscaler | | | | cronjobs | cj | batch | true | CronJob | | | | jobs | | batch | true | Job | | | | certificatesigningrequests | csr | certificates.k8s.io | false | CertificateSigningRequest | | | | stacks | | compose.docker.com | true | Stack | | | | adapters | | config.istio.io | true | adapter | | | | attributemanifests | | config.istio.io | true | attributemanifest | | | | handlers | | config.istio.io | true | handler | | | | httpapispecbindings | | config.istio.io | true | HTTPAPISpecBinding | | | | httpapispecs | | config.istio.io | true | HTTPAPISpec | | | | instances | | config.istio.io | true | instance | | | | quotaspecbindings | | config.istio.io | true | QuotaSpecBinding | | | | quotaspecs | | config.istio.io | true | QuotaSpec | | | | rules | | config.istio.io | true | rule | | | | templates | | config.istio.io | true | template | | | | leases | | coordination.k8s.io | true | Lease | | | | events | ev | events.k8s.io | true | Event | | | | daemonsets | ds | extensions | true | DaemonSet | | | | deployments | deploy | extensions | true | Deployment | | | | ingresses | ing | extensions | true | Ingress | | | | networkpolicies | netpol | extensions | true | NetworkPolicy | | | | podsecuritypolicies | psp | extensions | false | PodSecurityPolicy | | | | replicasets | rs | extensions | true | ReplicaSet | | | | destinationrules | dr | networking.istio.io | true | DestinationRule | | | | envoyfilters | | networking.istio.io | true | EnvoyFilter | | | | gateways | gw | networking.istio.io | true | Gateway | | | | serviceentries | se | networking.istio.io | true | ServiceEntry | | | | sidecars | | networking.istio.io | true | Sidecar | | | | virtualservices | vs | networking.istio.io | true | VirtualService | | | | ingresses | ing | networking.k8s.io | true | Ingress | | | | networkpolicies | netpol | networking.k8s.io | true | NetworkPolicy | | | | runtimeclasses | | node.k8s.io | false | RuntimeClass | | | | poddisruptionbudgets | pdb | policy | true | PodDisruptionBudget | | | | podsecuritypolicies | psp | policy | false | PodSecurityPolicy | | | | clusterrolebindings | | rbac.authorization.k8s.io | false | ClusterRoleBinding | | | | clusterroles | | rbac.authorization.k8s.io | false | ClusterRole | | | | rolebindings | | rbac.authorization.k8s.io | true | RoleBinding | | | | roles | | rbac.authorization.k8s.io | true | Role | | | | clusterrbacconfigs | | rbac.istio.io | false | ClusterRbacConfig | | | | rbacconfigs | | rbac.istio.io | true | RbacConfig | | | | servicerolebindings | | rbac.istio.io | true | ServiceRoleBinding | | | | serviceroles | | rbac.istio.io | true | ServiceRole | | | | priorityclasses | pc | scheduling.k8s.io | false | PriorityClass | | | | authorizationpolicies | | security.istio.io | true | AuthorizationPolicy | | | | peerauthentications | | security.istio.io | true | PeerAuthentication | | | | requestauthentications | | security.istio.io | true | RequestAuthentication | | | | csidrivers | | storage.k8s.io | false | CSIDriver | | | | csinodes | | storage.k8s.io | false | CSINode | | | | storageclasses | sc | storage.k8s.io | false | StorageClass | | | | volumeattachments | | storage.k8s.io | false | VolumeAttachment | | |