--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: helm.sh/resource-policy: keep operatorframework.io/installed-alongside-63e273da4c200797: openshift-operators/servicemeshoperator3.v3.1.0 creationTimestamp: "2026-03-18T16:53:27Z" generation: 1 labels: app: istio-pilot chart: istio heritage: Tiller olm.managed: "true" operators.coreos.com/servicemeshoperator3.openshift-operators: "" release: istio managedFields: - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:helm.sh/resource-policy: {} f:operatorframework.io/installed-alongside-63e273da4c200797: {} f:labels: .: {} f:app: {} f:chart: {} f:heritage: {} f:olm.managed: {} f:release: {} f:spec: f:conversion: .: {} f:strategy: {} f:group: {} f:names: f:categories: {} f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:scope: {} f:versions: {} manager: catalog operation: Update time: "2026-03-18T16:53:27Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:acceptedNames: f:categories: {} f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:conditions: k:{"type":"Established"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"NamesAccepted"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-apiserver operation: Update subresource: status time: "2026-03-18T16:53:27Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: f:operators.coreos.com/servicemeshoperator3.openshift-operators: {} manager: olm operation: Update time: "2026-03-18T16:53:32Z" name: serviceentries.networking.istio.io resourceVersion: "12508" uid: 7e700821-9e8e-474e-88d3-aea85c281ac8 spec: conversion: strategy: None group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: ServiceEntry listKind: ServiceEntryList plural: serviceentries shortNames: - se singular: serviceentry scope: Namespaced versions: - additionalPrinterColumns: - description: The hosts associated with the ServiceEntry jsonPath: .spec.hosts name: Hosts type: string - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) jsonPath: .spec.location name: Location type: string - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) jsonPath: .spec.resolution name: Resolution type: string - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: properties: spec: description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' properties: addresses: description: The virtual IP addresses associated with the service. items: maxLength: 64 type: string maxItems: 256 type: array endpoints: description: One or more endpoints associated with the service. items: properties: address: description: Address associated with the network endpoint without the port. maxLength: 256 type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string description: One or more labels associated with the endpoint. maxProperties: 256 type: object locality: description: The locality associated with the endpoint. maxLength: 2048 type: string network: description: Network enables Istio to group endpoints resident in the same L3 domain/network. maxLength: 2048 type: string ports: additionalProperties: maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 description: Set of ports associated with the endpoint. maxProperties: 128 type: object x-kubernetes-validations: - message: port name must be valid rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. maxLength: 253 type: string weight: description: The load balancing weight associated with the endpoint. maximum: 4294967295 minimum: 0 type: integer type: object x-kubernetes-validations: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports rule: '(has(self.address) ? self.address : "").startsWith("unix://") ? !has(self.ports) : true' maxItems: 4096 type: array exportTo: description: A list of namespaces to which this service is exported. items: type: string type: array hosts: description: The hosts associated with the ServiceEntry. items: type: string x-kubernetes-validations: - message: hostname cannot be wildcard rule: self != "*" maxItems: 256 minItems: 1 type: array location: description: |- Specify whether the service should be considered external to the mesh or part of the mesh. Valid Options: MESH_EXTERNAL, MESH_INTERNAL enum: - MESH_EXTERNAL - MESH_INTERNAL type: string ports: description: The ports associated with the external service. items: properties: name: description: Label assigned to the port. maxLength: 256 type: string number: description: A valid non-negative integer port number. maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 protocol: description: The protocol exposed on the port. maxLength: 256 type: string targetPort: description: The port number on the endpoint where the traffic will be received. maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 required: - number - name type: object maxItems: 256 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map x-kubernetes-validations: - message: port number cannot be duplicated rule: self.all(l1, self.exists_one(l2, l1.number == l2.number)) resolution: description: |- Service resolution mode for the hosts. Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN enum: - NONE - STATIC - DNS - DNS_ROUND_ROBIN type: string subjectAltNames: description: If specified, the proxy will verify that the server certificate's subject alternate name matches one of the specified values. items: type: string type: array workloadSelector: description: Applicable only for MESH_INTERNAL services. properties: labels: additionalProperties: maxLength: 63 type: string x-kubernetes-validations: - message: wildcard is not supported in selector rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 type: object type: object required: - hosts type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types rule: '!((has(self.addresses) ? self.addresses : []).exists(k, k.contains("/")) && !((has(self.resolution) ? self.resolution : "NONE") in ["STATIC", "NONE"]))' - message: NONE mode cannot set endpoints rule: '((has(self.resolution) ? self.resolution : "NONE") == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints rule: '((has(self.resolution) ? self.resolution : "") == "DNS_ROUND_ROBIN") ? ((has(self.endpoints) ? self.endpoints : []).size() <= 1) : true' status: properties: conditions: description: Current service state of the resource. items: properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: description: Last time the condition transitioned from one status to another. format: date-time type: string message: description: Human-readable message indicating details about last transition. type: string observedGeneration: anyOf: - type: integer - type: string description: Resource Generation to which the Condition refers. x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. items: properties: documentationUrl: description: A url pointing to the Istio documentation for this specific error type. type: string level: description: |- Represents how severe a message is. Valid Options: UNKNOWN, ERROR, WARNING, INFO enum: - UNKNOWN - ERROR - WARNING - INFO type: string type: properties: code: description: A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type. type: string name: description: A human-readable name for the message type. type: string type: object type: object type: array type: object x-kubernetes-preserve-unknown-fields: true required: - spec type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - description: The hosts associated with the ServiceEntry jsonPath: .spec.hosts name: Hosts type: string - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) jsonPath: .spec.location name: Location type: string - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) jsonPath: .spec.resolution name: Resolution type: string - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha3 schema: openAPIV3Schema: properties: spec: description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' properties: addresses: description: The virtual IP addresses associated with the service. items: maxLength: 64 type: string maxItems: 256 type: array endpoints: description: One or more endpoints associated with the service. items: properties: address: description: Address associated with the network endpoint without the port. maxLength: 256 type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string description: One or more labels associated with the endpoint. maxProperties: 256 type: object locality: description: The locality associated with the endpoint. maxLength: 2048 type: string network: description: Network enables Istio to group endpoints resident in the same L3 domain/network. maxLength: 2048 type: string ports: additionalProperties: maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 description: Set of ports associated with the endpoint. maxProperties: 128 type: object x-kubernetes-validations: - message: port name must be valid rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. maxLength: 253 type: string weight: description: The load balancing weight associated with the endpoint. maximum: 4294967295 minimum: 0 type: integer type: object x-kubernetes-validations: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports rule: '(has(self.address) ? self.address : "").startsWith("unix://") ? !has(self.ports) : true' maxItems: 4096 type: array exportTo: description: A list of namespaces to which this service is exported. items: type: string type: array hosts: description: The hosts associated with the ServiceEntry. items: type: string x-kubernetes-validations: - message: hostname cannot be wildcard rule: self != "*" maxItems: 256 minItems: 1 type: array location: description: |- Specify whether the service should be considered external to the mesh or part of the mesh. Valid Options: MESH_EXTERNAL, MESH_INTERNAL enum: - MESH_EXTERNAL - MESH_INTERNAL type: string ports: description: The ports associated with the external service. items: properties: name: description: Label assigned to the port. maxLength: 256 type: string number: description: A valid non-negative integer port number. maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 protocol: description: The protocol exposed on the port. maxLength: 256 type: string targetPort: description: The port number on the endpoint where the traffic will be received. maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 required: - number - name type: object maxItems: 256 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map x-kubernetes-validations: - message: port number cannot be duplicated rule: self.all(l1, self.exists_one(l2, l1.number == l2.number)) resolution: description: |- Service resolution mode for the hosts. Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN enum: - NONE - STATIC - DNS - DNS_ROUND_ROBIN type: string subjectAltNames: description: If specified, the proxy will verify that the server certificate's subject alternate name matches one of the specified values. items: type: string type: array workloadSelector: description: Applicable only for MESH_INTERNAL services. properties: labels: additionalProperties: maxLength: 63 type: string x-kubernetes-validations: - message: wildcard is not supported in selector rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 type: object type: object required: - hosts type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types rule: '!((has(self.addresses) ? self.addresses : []).exists(k, k.contains("/")) && !((has(self.resolution) ? self.resolution : "NONE") in ["STATIC", "NONE"]))' - message: NONE mode cannot set endpoints rule: '((has(self.resolution) ? self.resolution : "NONE") == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints rule: '((has(self.resolution) ? self.resolution : "") == "DNS_ROUND_ROBIN") ? ((has(self.endpoints) ? self.endpoints : []).size() <= 1) : true' status: properties: conditions: description: Current service state of the resource. items: properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: description: Last time the condition transitioned from one status to another. format: date-time type: string message: description: Human-readable message indicating details about last transition. type: string observedGeneration: anyOf: - type: integer - type: string description: Resource Generation to which the Condition refers. x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. items: properties: documentationUrl: description: A url pointing to the Istio documentation for this specific error type. type: string level: description: |- Represents how severe a message is. Valid Options: UNKNOWN, ERROR, WARNING, INFO enum: - UNKNOWN - ERROR - WARNING - INFO type: string type: properties: code: description: A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type. type: string name: description: A human-readable name for the message type. type: string type: object type: object type: array type: object x-kubernetes-preserve-unknown-fields: true required: - spec type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - description: The hosts associated with the ServiceEntry jsonPath: .spec.hosts name: Hosts type: string - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) jsonPath: .spec.location name: Location type: string - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) jsonPath: .spec.resolution name: Resolution type: string - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' jsonPath: .metadata.creationTimestamp name: Age type: date name: v1beta1 schema: openAPIV3Schema: properties: spec: description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' properties: addresses: description: The virtual IP addresses associated with the service. items: maxLength: 64 type: string maxItems: 256 type: array endpoints: description: One or more endpoints associated with the service. items: properties: address: description: Address associated with the network endpoint without the port. maxLength: 256 type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string description: One or more labels associated with the endpoint. maxProperties: 256 type: object locality: description: The locality associated with the endpoint. maxLength: 2048 type: string network: description: Network enables Istio to group endpoints resident in the same L3 domain/network. maxLength: 2048 type: string ports: additionalProperties: maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 description: Set of ports associated with the endpoint. maxProperties: 128 type: object x-kubernetes-validations: - message: port name must be valid rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. maxLength: 253 type: string weight: description: The load balancing weight associated with the endpoint. maximum: 4294967295 minimum: 0 type: integer type: object x-kubernetes-validations: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports rule: '(has(self.address) ? self.address : "").startsWith("unix://") ? !has(self.ports) : true' maxItems: 4096 type: array exportTo: description: A list of namespaces to which this service is exported. items: type: string type: array hosts: description: The hosts associated with the ServiceEntry. items: type: string x-kubernetes-validations: - message: hostname cannot be wildcard rule: self != "*" maxItems: 256 minItems: 1 type: array location: description: |- Specify whether the service should be considered external to the mesh or part of the mesh. Valid Options: MESH_EXTERNAL, MESH_INTERNAL enum: - MESH_EXTERNAL - MESH_INTERNAL type: string ports: description: The ports associated with the external service. items: properties: name: description: Label assigned to the port. maxLength: 256 type: string number: description: A valid non-negative integer port number. maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 protocol: description: The protocol exposed on the port. maxLength: 256 type: string targetPort: description: The port number on the endpoint where the traffic will be received. maximum: 4294967295 minimum: 0 type: integer x-kubernetes-validations: - message: port must be between 1-65535 rule: 0 < self && self <= 65535 required: - number - name type: object maxItems: 256 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map x-kubernetes-validations: - message: port number cannot be duplicated rule: self.all(l1, self.exists_one(l2, l1.number == l2.number)) resolution: description: |- Service resolution mode for the hosts. Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN enum: - NONE - STATIC - DNS - DNS_ROUND_ROBIN type: string subjectAltNames: description: If specified, the proxy will verify that the server certificate's subject alternate name matches one of the specified values. items: type: string type: array workloadSelector: description: Applicable only for MESH_INTERNAL services. properties: labels: additionalProperties: maxLength: 63 type: string x-kubernetes-validations: - message: wildcard is not supported in selector rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 type: object type: object required: - hosts type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types rule: '!((has(self.addresses) ? self.addresses : []).exists(k, k.contains("/")) && !((has(self.resolution) ? self.resolution : "NONE") in ["STATIC", "NONE"]))' - message: NONE mode cannot set endpoints rule: '((has(self.resolution) ? self.resolution : "NONE") == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints rule: '((has(self.resolution) ? self.resolution : "") == "DNS_ROUND_ROBIN") ? ((has(self.endpoints) ? self.endpoints : []).size() <= 1) : true' status: properties: conditions: description: Current service state of the resource. items: properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: description: Last time the condition transitioned from one status to another. format: date-time type: string message: description: Human-readable message indicating details about last transition. type: string observedGeneration: anyOf: - type: integer - type: string description: Resource Generation to which the Condition refers. x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. type: string type: description: Type is the type of the condition. type: string type: object type: array observedGeneration: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. items: properties: documentationUrl: description: A url pointing to the Istio documentation for this specific error type. type: string level: description: |- Represents how severe a message is. Valid Options: UNKNOWN, ERROR, WARNING, INFO enum: - UNKNOWN - ERROR - WARNING - INFO type: string type: properties: code: description: A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type. type: string name: description: A human-readable name for the message type. type: string type: object type: object type: array type: object x-kubernetes-preserve-unknown-fields: true required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: categories: - istio-io - networking-istio-io kind: ServiceEntry listKind: ServiceEntryList plural: serviceentries shortNames: - se singular: serviceentry conditions: - lastTransitionTime: "2026-03-18T16:53:27Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2026-03-18T16:53:27Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1beta1