Skip to content
home
latest
Reference
API reference
You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs).

Gloo Operator APIs

Page as Markdown
Review the API reference for the custom resources that you can install with the Gloo Operator, such as the ServiceMeshController.
For more information, see the Gloo Operator installation guide.
API Reference
Packages:
operator.gloo.solo.io/v1
Resource Types:
GatewayController
 
↩ Parent
GatewayController is the Schema for the gatewaycontrollers API
NameTypeDescriptionRequired
apiVersionstringoperator.gloo.solo.io/v1true
kindstringGatewayControllertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject GatewayControllerSpec defines the desired state of GatewayController
false
statusobject GatewayControllerStatus defines the observed state of GatewayController
false
GatewayController.spec
 
↩ Parent
GatewayControllerSpec defines the desired state of GatewayController
NameTypeDescriptionRequired
versionstring Version of the Gateway to deploy, e.g., 1.18.0.
true
distributionenum Distribution to use: Standard, or FIPS.
Defaults to standard.

 Enum: Standard, FIPS
 Default: Standard
false
installNamespacestring Namespace to install the Gateway into.
Defaults to gloo-system.

 Default: gloo-system
false
repositoryobject Repository to fetch the Gateway manifests from.
false
GatewayController.spec.repository
 
↩ Parent
Repository to fetch the Gateway manifests from.
NameTypeDescriptionRequired
secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
to use for pulling any of the manifests from an artifact registry.
false
urlstring Repository URL.
false
GatewayController.spec.repository.secrets[index]
 
↩ Parent
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
NameTypeDescriptionRequired
namestring name is unique within a namespace to reference a secret resource.
false
namespacestring namespace defines the space within which the secret name must be unique.
false
GatewayController.status
 
↩ Parent
GatewayControllerStatus defines the observed state of GatewayController
NameTypeDescriptionRequired
conditions[]object Represents the observations of a GatewayController's current state.

 Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:NotReconciled status:Unknown type:Ready]]
false
phasestring Represents the current phase of the GatewayController.

 Default: UNKNOWN
false
GatewayController.status.conditions[index]
 
↩ Parent
Condition contains details for one aspect of the current state of this API Resource.
NameTypeDescriptionRequired
lastTransitionTimestring lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

 Format: date-time
true
messagestring message is a human readable message indicating details about the transition.
This may be an empty string.
true
reasonstring reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
true
statusenum status of the condition, one of True, False, Unknown.

 Enum: True, False, Unknown
true
typestring type of condition in CamelCase or in foo.example.com/CamelCase.
true
observedGenerationinteger observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

 Format: int64
 Minimum: 0
false
KagentController
 
↩ Parent
KagentController is the Schema for the KagentControllers API
NameTypeDescriptionRequired
apiVersionstringoperator.gloo.solo.io/v1true
kindstringKagentControllertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject KagentControllerSpec defines the desired state of KagentController
false
statusobject KagentControllerStatus defines the observed state of KagentController
false
KagentController.spec
 
↩ Parent
KagentControllerSpec defines the desired state of KagentController
NameTypeDescriptionRequired
apiKeyobject APIKey is a reference to the secret containing the API key
true
oidcobject OIDC configuration for the Kagent UI
true
telemetryobject Telemetry component attributes.
true
versionstring Version is the version of the KagentController
true
repositoryobject Repository is a reference to the helm chart repository
false
KagentController.spec.apiKey
 
↩ Parent
APIKey is a reference to the secret containing the API key
NameTypeDescriptionRequired
secretRefobject SecretRef is a reference to the secret containing the API key
true
typeenum Type is the type of the API key

 Enum: OpenAI
true
KagentController.spec.apiKey.secretRef
 
↩ Parent
SecretRef is a reference to the secret containing the API key
NameTypeDescriptionRequired
namestring name is unique within a namespace to reference a secret resource.
false
namespacestring namespace defines the space within which the secret name must be unique.
false
KagentController.spec.oidc
 
↩ Parent
OIDC configuration for the Kagent UI
NameTypeDescriptionRequired
clientIdstring OIDC client ID for the Kagent UI
true
issuerstring OIDC issuer for the Kagent UI
true
secretstring OIDC secret for the Kagent UI
true
secretRefstring OIDC secret reference for the Kagent UI
true
KagentController.spec.telemetry
 
↩ Parent
Telemetry component attributes.
NameTypeDescriptionRequired
loggingobject Logging component attributes.
true
tracingobject Tracing component attributes.
true
KagentController.spec.telemetry.logging
 
↩ Parent
Logging component attributes.
NameTypeDescriptionRequired
endpointstring Endpoint for logging exporter in the format of 
true
KagentController.spec.telemetry.tracing
 
↩ Parent
Tracing component attributes.
NameTypeDescriptionRequired
endpointstring Endpoint for tracing exporter in the format of 
true
KagentController.spec.repository
 
↩ Parent
Repository is a reference to the helm chart repository
NameTypeDescriptionRequired
secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
to use for pulling any of the manifests from an artifact registry.
false
urlstring Repository URL.
false
KagentController.spec.repository.secrets[index]
 
↩ Parent
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
NameTypeDescriptionRequired
namestring name is unique within a namespace to reference a secret resource.
false
namespacestring namespace defines the space within which the secret name must be unique.
false
KagentController.status
 
↩ Parent
KagentControllerStatus defines the observed state of KagentController
NameTypeDescriptionRequired
conditions[]object Represents the observations of a KagentController's current state.

 Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:NotReconciled status:Unknown type:Ready]]
false
phasestring Represents the current phase of the KagentController.

 Default: UNKNOWN
false
KagentController.status.conditions[index]
 
↩ Parent
Condition contains details for one aspect of the current state of this API Resource.
NameTypeDescriptionRequired
lastTransitionTimestring lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

 Format: date-time
true
messagestring message is a human readable message indicating details about the transition.
This may be an empty string.
true
reasonstring reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
true
statusenum status of the condition, one of True, False, Unknown.

 Enum: True, False, Unknown
true
typestring type of condition in CamelCase or in foo.example.com/CamelCase.
true
observedGenerationinteger observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

 Format: int64
 Minimum: 0
false
KagentManagementController
 
↩ Parent
KagentManagementController is the Schema for the KagentManagementControllers API
NameTypeDescriptionRequired
apiVersionstringoperator.gloo.solo.io/v1true
kindstringKagentManagementControllertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject KagentManagementControllerSpec defines the desired state of KagentManagementController
false
statusobject KagentManagementControllerStatus defines the observed state of KagentManagementController
false
KagentManagementController.spec
 
↩ Parent
KagentManagementControllerSpec defines the desired state of KagentManagementController
NameTypeDescriptionRequired
oidcobject OIDC configuration for the Kagent Enterprise UI
true
versionstring Version is the version of the KagentManagementController
true
imageobject Image attributes
false
repositoryobject Repository is a reference to the helm chart repository
false
KagentManagementController.spec.oidc
 
↩ Parent
OIDC configuration for the Kagent Enterprise UI
NameTypeDescriptionRequired
authEndpointstring OIDC auth endpoint for the Kagent Enterprise UI
true
clientIDstring OIDC client ID for the Kagent Enterprise UI
true
clientSecretstring Reference to the secret containing the OIDC client secret for the Kagent Enterprise UI
true
issuerstring OIDC issuer for the Kagent Enterprise UI
true
logoutEndpointstring OIDC logout endpoint for the Kagent Enterprise UI
true
tokenEndpointstring OIDC token endpoint for the Kagent Enterprise UI
true
KagentManagementController.spec.image
 
↩ Parent
Image attributes
NameTypeDescriptionRequired
registrystring Image registry.
false
repositorystring Image repository.
false
secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
in the same namespace to use for pulling any of the images from a container registry.
false
KagentManagementController.spec.image.secrets[index]
 
↩ Parent
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
NameTypeDescriptionRequired
namestring Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

 Default:
false
KagentManagementController.spec.repository
 
↩ Parent
Repository is a reference to the helm chart repository
NameTypeDescriptionRequired
secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
to use for pulling any of the manifests from an artifact registry.
false
urlstring Repository URL.
false
KagentManagementController.spec.repository.secrets[index]
 
↩ Parent
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
NameTypeDescriptionRequired
namestring name is unique within a namespace to reference a secret resource.
false
namespacestring namespace defines the space within which the secret name must be unique.
false
KagentManagementController.status
 
↩ Parent
KagentManagementControllerStatus defines the observed state of KagentManagementController
NameTypeDescriptionRequired
conditions[]object Represents the observations of a KagentManagementController's current state.

 Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:NotReconciled status:Unknown type:Ready]]
false
phasestring Represents the current phase of the KagentManagementController.

 Default: UNKNOWN
false
KagentManagementController.status.conditions[index]
 
↩ Parent
Condition contains details for one aspect of the current state of this API Resource.
NameTypeDescriptionRequired
lastTransitionTimestring lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

 Format: date-time
true
messagestring message is a human readable message indicating details about the transition.
This may be an empty string.
true
reasonstring reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
true
statusenum status of the condition, one of True, False, Unknown.

 Enum: True, False, Unknown
true
typestring type of condition in CamelCase or in foo.example.com/CamelCase.
true
observedGenerationinteger observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

 Format: int64
 Minimum: 0
false
KagentRelayController
 
↩ Parent
KagentRelayController is the Schema for the KagentRelayControllers API
NameTypeDescriptionRequired
apiVersionstringoperator.gloo.solo.io/v1true
kindstringKagentRelayControllertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject KagentRelayControllerSpec defines the desired state of KagentRelayController
false
statusobject KagentRelayControllerStatus defines the observed state of KagentRelayController
false
KagentRelayController.spec
 
↩ Parent
KagentRelayControllerSpec defines the desired state of KagentRelayController
NameTypeDescriptionRequired
clusterstring The name of the cluster where the KagentRelay is installed.
true
telemetryobject Telemetry component attributes.
true
trustbundlestring TrustBundle is the trust bundle for control plane certificates
used to verify the certificates of the control plane.
true
tunnelobject Tunnel component attributes.
true
versionstring Version specifies KagentRelay's version
true
repositoryobject Repository to fetch the KagentRelay manifests from.
false
KagentRelayController.spec.telemetry
 
↩ Parent
Telemetry component attributes.
NameTypeDescriptionRequired
fqdnstring Fully qualified domain name for Otel Gateway in Control Plane 
true
KagentRelayController.spec.tunnel
 
↩ Parent
Tunnel component attributes.
NameTypeDescriptionRequired
fqdnstring Fully qualified domain name for Tunnel Server in Control Plane 
true
KagentRelayController.spec.repository
 
↩ Parent
Repository to fetch the KagentRelay manifests from.
NameTypeDescriptionRequired
secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
to use for pulling any of the manifests from an artifact registry.
false
urlstring Repository URL.
false
KagentRelayController.spec.repository.secrets[index]
 
↩ Parent
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
NameTypeDescriptionRequired
namestring name is unique within a namespace to reference a secret resource.
false
namespacestring namespace defines the space within which the secret name must be unique.
false
KagentRelayController.status
 
↩ Parent
KagentRelayControllerStatus defines the observed state of KagentRelayController
NameTypeDescriptionRequired
conditions[]object Represents the observations of a KagentRelayController's current state.

 Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:NotReconciled status:Unknown type:Ready]]
false
phasestring Represents the current phase of the KagentRelayController.

 Default: UNKNOWN
false
KagentRelayController.status.conditions[index]
 
↩ Parent
Condition contains details for one aspect of the current state of this API Resource.
NameTypeDescriptionRequired
lastTransitionTimestring lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

 Format: date-time
true
messagestring message is a human readable message indicating details about the transition.
This may be an empty string.
true
reasonstring reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
true
statusenum status of the condition, one of True, False, Unknown.

 Enum: True, False, Unknown
true
typestring type of condition in CamelCase or in foo.example.com/CamelCase.
true
observedGenerationinteger observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

 Format: int64
 Minimum: 0
false
OTelController
 
↩ Parent
OTelController is the Schema for the OTelControllers API
NameTypeDescriptionRequired
apiVersionstringoperator.gloo.solo.io/v1true
kindstringOTelControllertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject OTelControllerSpec defines the desired state of OTelController
false
statusobject OTelControllerStatus defines the observed state of OTelController
false
OTelController.spec
 
↩ Parent
OTelControllerSpec defines the desired state of OTelController
NameTypeDescriptionRequired
versionstring OpenTelemetry Collector version to deploy.
true
installNamespacestring Namespace to install the OpenTelemetry components into.
false
OTelController.status
 
↩ Parent
OTelControllerStatus defines the observed state of OTelController
NameTypeDescriptionRequired
conditions[]object Represents the observations of a OTelController's current state.

 Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:NotReconciled status:Unknown type:Ready]]
false
phasestring Represents the current phase of the OTelController.

 Default: UNKNOWN
false
OTelController.status.conditions[index]
 
↩ Parent
Condition contains details for one aspect of the current state of this API Resource.
NameTypeDescriptionRequired
lastTransitionTimestring lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

 Format: date-time
true
messagestring message is a human readable message indicating details about the transition.
This may be an empty string.
true
reasonstring reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
true
statusenum status of the condition, one of True, False, Unknown.

 Enum: True, False, Unknown
true
typestring type of condition in CamelCase or in foo.example.com/CamelCase.
true
observedGenerationinteger observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

 Format: int64
 Minimum: 0
false
ServiceMeshController
 
↩ Parent
ServiceMeshController is the Schema for the servicemeshcontrollers API
NameTypeDescriptionRequired
apiVersionstringoperator.gloo.solo.io/v1true
kindstringServiceMeshControllertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject ServiceMeshControllerSpec defines the desired state of ServiceMeshController

 Validations:
  • self.trafficCaptureMode == 'InitContainer' ? self.dataplaneMode == 'Sidecar' : true: trafficCaptureMode can be InitContainer only when dataplaneMode is Sidecar
    		• false
    statusobject ServiceMeshControllerStatus defines the observed state of ServiceMeshController
    		false
    ServiceMeshController.spec
 
    ↩ Parent
    ServiceMeshControllerSpec defines the desired state of ServiceMeshController
    NameTypeDescriptionRequired
    versionstring Istio version to deploy, e.g. 1.23.1.
    		true
    clusterstring Cluster name. Should be set in a multi-cluster environment.
    		false
    dataplaneModeenum Dataplane mode to use: Ambient or Sidecar.
Defaults to Ambient.

     Enum: Ambient, Sidecar
     Default: Ambient
    		false
    distributionenum Distribution to use: Standard, or FIPS.
Defaults to standard.

     Enum: Standard, FIPS
     Default: Standard
    		false
    imageobject Image attributes.
    		false
    installNamespacestring Namespace to install the service mesh components into.
Defaults to istio-system.

     Default: istio-system
    		false
    networkstring The default network workloads belong to. Should be set in a multi-network environment.
The network is a logical grouping of workloads that reside in the same L3 domain/network.
Workloads in the same network are directly reachable from one another, while workloads
in different networks require an east-west gateway to establish connectivity.
    		false
    onConflictenum Conflict resolution mode to use: Force or Abort.
Force implies that the existing resources will be updated on conflict.
Abort implies that the installation will be aborted if a conflict is detected.
Defaults to Abort.

     Enum: Force, Abort
     Default: Abort
    		false
    repositoryobject Repository to fetch the manifests from.
    		false
    scalingProfileenum Scaling profile to use: Default or Large.
Default implies a scaling profile suitable for most environments.
Large implies a scaling profile suitable for large environments.
Demo implies a scaling profile for demo environments.
Defaults to Default.

     Enum: Default, Large, Demo
     Default: Default
    		false
    trafficCaptureModeenum Traffic capture mode to use: Auto or InitContainer.
Auto implies that the most suitable traffic capture mode will be automatically
selected based on the environment, such as using a CNI to capture traffic.
InitContainer implies that the traffic capture will be done using an init container.
Defaults to Auto.

     Enum: Auto, InitContainer
     Default: Auto
    		false
    trustDomainstring Trust domain corresponds to the trust root of a system and is part of a workload's identity.
    		false
    ServiceMeshController.spec.image
 
    ↩ Parent
    Image attributes.
    NameTypeDescriptionRequired
    registrystring Image registry.
    		false
    repositorystring Image repository.
    		false
    secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
in the same namespace to use for pulling any of the images from a container registry.
    		false
    ServiceMeshController.spec.image.secrets[index]
 
    ↩ Parent
    LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
    NameTypeDescriptionRequired
    namestring Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

     Default:
    		false
    ServiceMeshController.spec.repository
 
    ↩ Parent
    Repository to fetch the manifests from.
    NameTypeDescriptionRequired
    secrets[]object Secrets references a list of secrets of type kubernetes.io/dockerconfigjson,
to use for pulling any of the manifests from an artifact registry.
    		false
    urlstring Repository URL.
    		false
    ServiceMeshController.spec.repository.secrets[index]
 
    ↩ Parent
    SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
    NameTypeDescriptionRequired
    namestring name is unique within a namespace to reference a secret resource.
    		false
    namespacestring namespace defines the space within which the secret name must be unique.
    		false
    ServiceMeshController.status
 
    ↩ Parent
    ServiceMeshControllerStatus defines the observed state of ServiceMeshController
    NameTypeDescriptionRequired
    conditions[]object Represents the observations of a ServiceMeshController's current state.

     Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:NotReconciled status:Unknown type:Ready]]
    		false
    phasestring Represents the current phase of the ServiceMeshController.

     Default: UNKNOWN
    		false
    ServiceMeshController.status.conditions[index]
 
    ↩ Parent
    Condition contains details for one aspect of the current state of this API Resource.
    NameTypeDescriptionRequired
    lastTransitionTimestring lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

     Format: date-time
    		true
    messagestring message is a human readable message indicating details about the transition.
This may be an empty string.
    		true
    reasonstring reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
    		true
    statusenum status of the condition, one of True, False, Unknown.

     Enum: True, False, Unknown
    		true
    typestring type of condition in CamelCase or in foo.example.com/CamelCase.
    		true
    observedGenerationinteger observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

     Format: int64
     Minimum: 0
    		false
    InsightsConfig