diff --git a/calico-enterprise_versioned_docs/version-3.22-2/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.22-2/reference/installation/_api.mdx
index 221c4f4a5d..dce387aae5 100644
--- a/calico-enterprise_versioned_docs/version-3.22-2/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.22-2/reference/installation/_api.mdx
@@ -21,6 +21,7 @@ Resource Types
- [ImageSet](#imageset)
- [Installation](#installation)
- [IntrusionDetection](#intrusiondetection)
+- [Istio](#istio)
- [LogCollector](#logcollector)
- [LogStorage](#logstorage)
- [ManagementCluster](#managementcluster)
@@ -3798,6 +3799,170 @@ _Appears in:_
| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
+### Istio
+
+
+
+Istio is the Schema for the istios API
+
+| Field | Description |
+| --- | --- |
+| `apiVersion` _string_ | `operator.tigera.io/v1` |
+| `kind` _string_ | `Istio` |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |
+| `spec` _[IstioSpec](#istiospec)_ | |
+| `status` _[IstioStatus](#istiostatus)_ | |
+
+
+### IstioCNIDaemonset
+
+
+
+IstioCNIDaemonset defines customized settings for the Istio CNI plugin.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstioCNIDaemonsetSpec](#istiocnidaemonsetspec)_ | (Optional) Spec allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioCNIDaemonsetPodSpec
+
+
+
+IstioCNIDaemonsetPodSpec defines the pod spec for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonsetSpecTemplate](#istiocnidaemonsetspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### IstioCNIDaemonsetSpec
+
+
+
+IstioCNIDaemonsetSpec defines the spec for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonset](#istiocnidaemonset)
+
+| Field | Description |
+| --- | --- |
+| `template` _[IstioCNIDaemonsetSpecTemplate](#istiocnidaemonsetspectemplate)_ | (Optional) Template allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioCNIDaemonsetSpecTemplate
+
+
+
+IstioCNIDaemonsetSpecTemplate defines the template for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonsetSpec](#istiocnidaemonsetspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstioCNIDaemonsetPodSpec](#istiocnidaemonsetpodspec)_ | (Optional) Spec allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioSpec
+
+
+
+IstioSpec defines the desired state of Istio
+
+_Appears in:_
+- [Istio](#istio)
+
+| Field | Description |
+| --- | --- |
+| `istiod` _[IstiodDeployment](#istioddeployment)_ | (Optional) IstiodDeployment defines the resource requirements and node selector for the Istio deployment. |
+| `istioCNI` _[IstioCNIDaemonset](#istiocnidaemonset)_ | (Optional) IstioCNIDaemonset defines the resource requirements for the Istio CNI plugin. |
+| `ztunnel` _[ZTunnelDaemonset](#ztunneldaemonset)_ | (Optional) ZTunnelDaemonset defines the resource requirements for the ZTunnelDaemonset component. |
+| `dscpMark` _[DSCP](#dscp)_ | (Optional) DSCPMark define the value of the DSCP mark done by Felix and recognised by Istio CNI for Transparent NetworkPolicies. |
+
+
+### IstioStatus
+
+
+
+IstioStatus defines the observed state of Istio
+
+_Appears in:_
+- [Istio](#istio)
+
+| Field | Description |
+| --- | --- |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
+
+
+### IstiodDeployment
+
+
+
+IstiodDeployment defines customized settings for the Istio deployment.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstiodDeploymentSpec](#istioddeploymentspec)_ | (Optional) Spec allows users to specify custom fields for the Istiod Deployment. |
+
+
+### IstiodDeploymentPodSpec
+
+
+
+IstiodDeploymentPodSpec defines the pod spec for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeploymentSpecTemplate](#istioddeploymentspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### IstiodDeploymentSpec
+
+
+
+IstiodDeploymentSpec defines the spec for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeployment](#istioddeployment)
+
+| Field | Description |
+| --- | --- |
+| `template` _[IstiodDeploymentSpecTemplate](#istioddeploymentspectemplate)_ | (Optional) Template allows users to specify custom fields for the Istiod Deployment. |
+
+
+### IstiodDeploymentSpecTemplate
+
+
+
+IstiodDeploymentSpecTemplate defines the template for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeploymentSpec](#istioddeploymentspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstiodDeploymentPodSpec](#istioddeploymentpodspec)_ | (Optional) Spec allows users to specify custom fields for the Istiod Deployment. |
+
+
### Kibana
@@ -6040,3 +6205,62 @@ _Appears in:_
| `vxlanMACPrefix` _string_ | (Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs |
| `vxlanAdapter` _string_ | (Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC |
+
+### ZTunnelDaemonset
+
+
+
+ZTunnelDaemonset defines customized settings for the ZTunnelDaemonset component.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[ZTunnelDaemonsetSpec](#ztunneldaemonsetspec)_ | (Optional) Spec allows users to specify custom fields for the ZTunnel Daemonset. |
+
+
+### ZTunnelDaemonsetPodSpec
+
+
+
+ZTunnelDaemonsetPodSpec defines the pod spec for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonsetSpecTemplate](#ztunneldaemonsetspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### ZTunnelDaemonsetSpec
+
+
+
+ZTunnelDaemonsetSpec defines the spec for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonset](#ztunneldaemonset)
+
+| Field | Description |
+| --- | --- |
+| `template` _[ZTunnelDaemonsetSpecTemplate](#ztunneldaemonsetspectemplate)_ | (Optional) Template allows users to specify custom fields for the ZTunnel Daemonset. |
+
+
+### ZTunnelDaemonsetSpecTemplate
+
+
+
+ZTunnelDaemonsetSpecTemplate defines the template for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonsetSpec](#ztunneldaemonsetspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[ZTunnelDaemonsetPodSpec](#ztunneldaemonsetpodspec)_ | (Optional) Spec allows users to specify custom fields for the ZTunnel Daemonset. |
+
diff --git a/calico-enterprise_versioned_docs/version-3.23-1/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.23-1/reference/installation/_api.mdx
index aacb837f46..dce387aae5 100644
--- a/calico-enterprise_versioned_docs/version-3.23-1/reference/installation/_api.mdx
+++ b/calico-enterprise_versioned_docs/version-3.23-1/reference/installation/_api.mdx
@@ -21,6 +21,7 @@ Resource Types
- [ImageSet](#imageset)
- [Installation](#installation)
- [IntrusionDetection](#intrusiondetection)
+- [Istio](#istio)
- [LogCollector](#logcollector)
- [LogStorage](#logstorage)
- [ManagementCluster](#managementcluster)
@@ -3798,6 +3799,170 @@ _Appears in:_
| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
+### Istio
+
+
+
+Istio is the Schema for the istios API
+
+| Field | Description |
+| --- | --- |
+| `apiVersion` _string_ | `operator.tigera.io/v1` |
+| `kind` _string_ | `Istio` |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |
+| `spec` _[IstioSpec](#istiospec)_ | |
+| `status` _[IstioStatus](#istiostatus)_ | |
+
+
+### IstioCNIDaemonset
+
+
+
+IstioCNIDaemonset defines customized settings for the Istio CNI plugin.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstioCNIDaemonsetSpec](#istiocnidaemonsetspec)_ | (Optional) Spec allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioCNIDaemonsetPodSpec
+
+
+
+IstioCNIDaemonsetPodSpec defines the pod spec for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonsetSpecTemplate](#istiocnidaemonsetspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### IstioCNIDaemonsetSpec
+
+
+
+IstioCNIDaemonsetSpec defines the spec for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonset](#istiocnidaemonset)
+
+| Field | Description |
+| --- | --- |
+| `template` _[IstioCNIDaemonsetSpecTemplate](#istiocnidaemonsetspectemplate)_ | (Optional) Template allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioCNIDaemonsetSpecTemplate
+
+
+
+IstioCNIDaemonsetSpecTemplate defines the template for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonsetSpec](#istiocnidaemonsetspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstioCNIDaemonsetPodSpec](#istiocnidaemonsetpodspec)_ | (Optional) Spec allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioSpec
+
+
+
+IstioSpec defines the desired state of Istio
+
+_Appears in:_
+- [Istio](#istio)
+
+| Field | Description |
+| --- | --- |
+| `istiod` _[IstiodDeployment](#istioddeployment)_ | (Optional) IstiodDeployment defines the resource requirements and node selector for the Istio deployment. |
+| `istioCNI` _[IstioCNIDaemonset](#istiocnidaemonset)_ | (Optional) IstioCNIDaemonset defines the resource requirements for the Istio CNI plugin. |
+| `ztunnel` _[ZTunnelDaemonset](#ztunneldaemonset)_ | (Optional) ZTunnelDaemonset defines the resource requirements for the ZTunnelDaemonset component. |
+| `dscpMark` _[DSCP](#dscp)_ | (Optional) DSCPMark define the value of the DSCP mark done by Felix and recognised by Istio CNI for Transparent NetworkPolicies. |
+
+
+### IstioStatus
+
+
+
+IstioStatus defines the observed state of Istio
+
+_Appears in:_
+- [Istio](#istio)
+
+| Field | Description |
+| --- | --- |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
+
+
+### IstiodDeployment
+
+
+
+IstiodDeployment defines customized settings for the Istio deployment.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstiodDeploymentSpec](#istioddeploymentspec)_ | (Optional) Spec allows users to specify custom fields for the Istiod Deployment. |
+
+
+### IstiodDeploymentPodSpec
+
+
+
+IstiodDeploymentPodSpec defines the pod spec for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeploymentSpecTemplate](#istioddeploymentspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### IstiodDeploymentSpec
+
+
+
+IstiodDeploymentSpec defines the spec for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeployment](#istioddeployment)
+
+| Field | Description |
+| --- | --- |
+| `template` _[IstiodDeploymentSpecTemplate](#istioddeploymentspectemplate)_ | (Optional) Template allows users to specify custom fields for the Istiod Deployment. |
+
+
+### IstiodDeploymentSpecTemplate
+
+
+
+IstiodDeploymentSpecTemplate defines the template for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeploymentSpec](#istioddeploymentspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstiodDeploymentPodSpec](#istioddeploymentpodspec)_ | (Optional) Spec allows users to specify custom fields for the Istiod Deployment. |
+
+
### Kibana
@@ -4478,7 +4643,7 @@ _Appears in:_
| Field | Description |
| --- | --- |
-| `name` _string_ | Name is an enum which identifies the Manager Deployment container by name.
Supported values are: calico-voltron, calico-manager, calico-ui-apis |
+| `name` _string_ | Name is an enum which identifies the Manager Deployment container by name.
Supported values are: tigera-voltron, tigera-manager, tigera-ui-apis, and tigera-es-proxy (deprecated). |
| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Manager Deployment container's resources. If omitted, the Manager Deployment will use its default value for this container's resources. |
@@ -4493,7 +4658,7 @@ _Appears in:_
| Field | Description |
| --- | --- |
-| `name` _string_ | Name is an enum which identifies the Manager Deployment init container by name.
Supported values are: manager-tls-key-cert-provisioner, internal-manager-tls-key-cert-provisioner, calico-voltron-linseed-tls-key-cert-provisioner |
+| `name` _string_ | Name is an enum which identifies the Manager Deployment init container by name.
Supported values are: manager-tls-key-cert-provisioner, internal-manager-tls-key-cert-provisioner, tigera-voltron-linseed-tls-key-cert-provisioner |
| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Manager Deployment init container's resources. If omitted, the Manager Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
@@ -5510,7 +5675,7 @@ _Appears in:_
| Field | Description |
| --- | --- |
-| `secretName` _string_ | (Optional) SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. When set to calico-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. This cert bundle must be a publicly signed cert created by the user. Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, and use of that cert will result in Guardian being unable to verify Voltron's identity. If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltron's identity. To reconnect existing managed clusters, change the tls.ca of the managed clusters' ManagementClusterConnection resource. One of: calico-management-cluster-connection, manager-tls
Default: calico-management-cluster-connection |
+| `secretName` _string_ | (Optional) SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. When set to tigera-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. This cert bundle must be a publicly signed cert created by the user. Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, and use of that cert will result in Guardian being unable to verify Voltron's identity. If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltron's identity. To reconnect existing managed clusters, change the tls.ca of the managed clusters' ManagementClusterConnection resource. One of: tigera-management-cluster-connection, manager-tls
Default: tigera-management-cluster-connection |
### TLSCipher
@@ -6040,3 +6205,62 @@ _Appears in:_
| `vxlanMACPrefix` _string_ | (Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs |
| `vxlanAdapter` _string_ | (Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC |
+
+### ZTunnelDaemonset
+
+
+
+ZTunnelDaemonset defines customized settings for the ZTunnelDaemonset component.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[ZTunnelDaemonsetSpec](#ztunneldaemonsetspec)_ | (Optional) Spec allows users to specify custom fields for the ZTunnel Daemonset. |
+
+
+### ZTunnelDaemonsetPodSpec
+
+
+
+ZTunnelDaemonsetPodSpec defines the pod spec for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonsetSpecTemplate](#ztunneldaemonsetspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### ZTunnelDaemonsetSpec
+
+
+
+ZTunnelDaemonsetSpec defines the spec for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonset](#ztunneldaemonset)
+
+| Field | Description |
+| --- | --- |
+| `template` _[ZTunnelDaemonsetSpecTemplate](#ztunneldaemonsetspectemplate)_ | (Optional) Template allows users to specify custom fields for the ZTunnel Daemonset. |
+
+
+### ZTunnelDaemonsetSpecTemplate
+
+
+
+ZTunnelDaemonsetSpecTemplate defines the template for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonsetSpec](#ztunneldaemonsetspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[ZTunnelDaemonsetPodSpec](#ztunneldaemonsetpodspec)_ | (Optional) Spec allows users to specify custom fields for the ZTunnel Daemonset. |
+
diff --git a/calico_versioned_docs/version-3.31/reference/installation/_api.mdx b/calico_versioned_docs/version-3.31/reference/installation/_api.mdx
index 8c577cae9a..8300a32026 100644
--- a/calico_versioned_docs/version-3.31/reference/installation/_api.mdx
+++ b/calico_versioned_docs/version-3.31/reference/installation/_api.mdx
@@ -16,6 +16,7 @@ Resource Types
- [Goldmane](#goldmane)
- [ImageSet](#imageset)
- [Installation](#installation)
+- [Istio](#istio)
- [TigeraStatus](#tigerastatus)
- [Whisker](#whisker)
@@ -1733,6 +1734,170 @@ _Appears in:_
| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
+### Istio
+
+
+
+Istio is the Schema for the istios API
+
+| Field | Description |
+| --- | --- |
+| `apiVersion` _string_ | `operator.tigera.io/v1` |
+| `kind` _string_ | `Istio` |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |
+| `spec` _[IstioSpec](#istiospec)_ | |
+| `status` _[IstioStatus](#istiostatus)_ | |
+
+
+### IstioCNIDaemonset
+
+
+
+IstioCNIDaemonset defines customized settings for the Istio CNI plugin.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstioCNIDaemonsetSpec](#istiocnidaemonsetspec)_ | (Optional) Spec allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioCNIDaemonsetPodSpec
+
+
+
+IstioCNIDaemonsetPodSpec defines the pod spec for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonsetSpecTemplate](#istiocnidaemonsetspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### IstioCNIDaemonsetSpec
+
+
+
+IstioCNIDaemonsetSpec defines the spec for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonset](#istiocnidaemonset)
+
+| Field | Description |
+| --- | --- |
+| `template` _[IstioCNIDaemonsetSpecTemplate](#istiocnidaemonsetspectemplate)_ | (Optional) Template allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioCNIDaemonsetSpecTemplate
+
+
+
+IstioCNIDaemonsetSpecTemplate defines the template for customizing the Istio CNI Daemonset.
+
+_Appears in:_
+- [IstioCNIDaemonsetSpec](#istiocnidaemonsetspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstioCNIDaemonsetPodSpec](#istiocnidaemonsetpodspec)_ | (Optional) Spec allows users to specify custom fields for the Istio CNI Daemonset. |
+
+
+### IstioSpec
+
+
+
+IstioSpec defines the desired state of Istio
+
+_Appears in:_
+- [Istio](#istio)
+
+| Field | Description |
+| --- | --- |
+| `istiod` _[IstiodDeployment](#istioddeployment)_ | (Optional) IstiodDeployment defines the resource requirements and node selector for the Istio deployment. |
+| `istioCNI` _[IstioCNIDaemonset](#istiocnidaemonset)_ | (Optional) IstioCNIDaemonset defines the resource requirements for the Istio CNI plugin. |
+| `ztunnel` _[ZTunnelDaemonset](#ztunneldaemonset)_ | (Optional) ZTunnelDaemonset defines the resource requirements for the ZTunnelDaemonset component. |
+| `dscpMark` _[DSCP](#dscp)_ | (Optional) DSCPMark define the value of the DSCP mark done by Felix and recognised by Istio CNI for Transparent NetworkPolicies. |
+
+
+### IstioStatus
+
+
+
+IstioStatus defines the observed state of Istio
+
+_Appears in:_
+- [Istio](#istio)
+
+| Field | Description |
+| --- | --- |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#condition-v1-meta) array_ | Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
+
+
+### IstiodDeployment
+
+
+
+IstiodDeployment defines customized settings for the Istio deployment.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstiodDeploymentSpec](#istioddeploymentspec)_ | (Optional) Spec allows users to specify custom fields for the Istiod Deployment. |
+
+
+### IstiodDeploymentPodSpec
+
+
+
+IstiodDeploymentPodSpec defines the pod spec for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeploymentSpecTemplate](#istioddeploymentspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### IstiodDeploymentSpec
+
+
+
+IstiodDeploymentSpec defines the spec for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeployment](#istioddeployment)
+
+| Field | Description |
+| --- | --- |
+| `template` _[IstiodDeploymentSpecTemplate](#istioddeploymentspectemplate)_ | (Optional) Template allows users to specify custom fields for the Istiod Deployment. |
+
+
+### IstiodDeploymentSpecTemplate
+
+
+
+IstiodDeploymentSpecTemplate defines the template for customizing the Istiod Deployment.
+
+_Appears in:_
+- [IstiodDeploymentSpec](#istioddeploymentspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[IstiodDeploymentPodSpec](#istioddeploymentpodspec)_ | (Optional) Spec allows users to specify custom fields for the Istiod Deployment. |
+
+
### KubeProxyManagementType
_Underlying type:_ _string_
@@ -2551,3 +2716,62 @@ _Appears in:_
| `vxlanMACPrefix` _string_ | (Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs |
| `vxlanAdapter` _string_ | (Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC |
+
+### ZTunnelDaemonset
+
+
+
+ZTunnelDaemonset defines customized settings for the ZTunnelDaemonset component.
+
+_Appears in:_
+- [IstioSpec](#istiospec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[ZTunnelDaemonsetSpec](#ztunneldaemonsetspec)_ | (Optional) Spec allows users to specify custom fields for the ZTunnel Daemonset. |
+
+
+### ZTunnelDaemonsetPodSpec
+
+
+
+ZTunnelDaemonsetPodSpec defines the pod spec for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonsetSpecTemplate](#ztunneldaemonsetspectemplate)
+
+| Field | Description |
+| --- | --- |
+| `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#affinity-v1-core)_ | (Optional) Affinity specifies the affinity for the deployment. |
+| `nodeSelector` _object (keys:string, values:string)_ | (Optional) NodeSelector specifies the node affinity for the deployment. |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | (Optional) Resources specifies the compute resources required for the deployment. |
+| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#toleration-v1-core) array_ | (Optional) Tolerations specifies the tolerations for the deployment. |
+
+
+### ZTunnelDaemonsetSpec
+
+
+
+ZTunnelDaemonsetSpec defines the spec for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonset](#ztunneldaemonset)
+
+| Field | Description |
+| --- | --- |
+| `template` _[ZTunnelDaemonsetSpecTemplate](#ztunneldaemonsetspectemplate)_ | (Optional) Template allows users to specify custom fields for the ZTunnel Daemonset. |
+
+
+### ZTunnelDaemonsetSpecTemplate
+
+
+
+ZTunnelDaemonsetSpecTemplate defines the template for customizing the ZTunnel Daemonset.
+
+_Appears in:_
+- [ZTunnelDaemonsetSpec](#ztunneldaemonsetspec)
+
+| Field | Description |
+| --- | --- |
+| `spec` _[ZTunnelDaemonsetPodSpec](#ztunneldaemonsetpodspec)_ | (Optional) Spec allows users to specify custom fields for the ZTunnel Daemonset. |
+