by default, istio operator watches only istio-system for the istiooperators.install.istio.io CR
$ k -n istio-operator get po -o yaml |grep -A1 WATCH
- name: WATCH_NAMESPACE
value: istio-system
How to change it to watch for multiple other namespaces? I tried to change it to default (i want to watch many other namespaces though) but the pod still shows same WATCH_NAMESPACE variable.
istioctl operator init -n default
anyone knows about it?
Was trying to find a solution to this too and it seems like it’s possible to pass a comma-delimited list to watch specific namespace(s) or by leaving it empty to watch all namespaces.
References:
thx, do you know how to pass WATCH_NAMESPACE variable while installing the operator? I couldn’t find that from help. Do I need to set the env variable locally before installing the operator?
istioctl operator init --help
The init subcommand installs the Istio operator controller in the cluster.
Usage:
istioctl operator init [flags]
Flags:
--dry-run Console/log output only, make no changes.
-f, --filename string Path to file containing IstioOperator custom resource
-h, --help help for init
--hub string The hub for the operator controller image (default "docker.io/istio")
--logtostderr Send logs to stderr.
--operatorNamespace string The namespace the operator controller is installed into (default "istio-operator")
--readiness-timeout duration Maximum seconds to wait for the Istio operator to be ready. The --wait flag must be set for this flag to apply (default 5m0s)
--tag string The tag for the operator controller image (default "1.5.8")
--verbose Verbose output.
-w, --wait Wait, if set will wait until all Pods, Services, and minimum number of Pods of a Deployment are in a ready state before the command exits. It will wait for a maximum duration of --readiness-timeout seconds
Global Flags:
--context string The name of the kubeconfig context to use
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file
--log_output_level string Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cache, citadelclient, configmapcontroller, default, googleca, grpcAdapter, installer, mcp, model, patch, processing, rbac, resource, sds, secretfetcher, source, stsclient, tpath, translator, util, validation, vault] and level can be one of [debug, info, warn, error, fatal, none] (default "default:info,validation:error,processing:error,source:error,analysis:warn,installer:warn,translator:warn")
-n, --namespace string Config namespace
nevermind, i got it working with --istioNamespace argument
$ istioctl --istioNamespace abc,def operator init
Operator controller is already installed in istio-operator namespace, updating.
Using operator Deployment image: docker.io/istio/operator:1.5.8
- Applying manifest for component Operator...
✔ Finished applying manifest for component Operator.
Component Operator installed successfully.
*** Success. ***
$ k -n istio-operator get deploy -o yaml |grep -A 1 ": WATCH"
- name: WATCH_NAMESPACE
value: abc,def
but with -i it doesnt work, looks like some bug
$ istioctl -i abc,def operator init
Error: unknown shorthand flag: 'i' in -i
now another problem is operator doesn’t create any resource for the IstioOperator objects deployed in abc and def namespaces!