api/annotation/annotations.yaml

# Copyright 2019 Istio Authors
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

annotations:
  - name: prometheus.istio.io/merge-metrics
    featureStatus: Alpha
    variableName: PrometheusMergeMetrics
    description: Specifies if application Prometheus metric will be merged with Envoy metrics
      for this workload.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: alpha.istio.io/kubernetes-serviceaccounts
    featureStatus: Alpha
    variableName: AlphaKubernetesServiceAccounts
    description: Specifies the Kubernetes service accounts that are allowed to run this
      service on the VMs.
    deprecated: true
    hidden: true
    resources:
      - Service

  - name: alpha.istio.io/canonical-serviceaccounts
    featureStatus: Alpha
    variableName: AlphaCanonicalServiceAccounts
    description: Specifies the non-Kubernetes service accounts that are allowed to
      run this service.
    deprecated: true
    hidden: true
    resources:
      - Service

  - name: alpha.istio.io/identity
    featureStatus: Alpha
    description: Identity for the workload.
    deprecated: true
    hidden: true
    resources:
      - Pod

  - name: networking.istio.io/exportTo
    featureStatus: Alpha
    description: Specifies the namespaces to which this service should be exported to.
      A value of '*' indicates it is reachable within the mesh '.' indicates it is
      reachable within its namespace.
    deprecated: false
    hidden: false
    resources:
      - Service

  - name: sidecar.istio.io/inject
    featureStatus: Beta
    description: Specifies whether or not an Envoy sidecar should be automatically
      injected into the workload. Deprecated in favor of `sidecar.istio.io/inject` label.
    deprecated: true
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/status
    featureStatus: Alpha
    description: Generated by Envoy sidecar injection that indicates the status of
      the operation. Includes a version hash of the executed template, as well as names of
      injected resources.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/rewriteAppHTTPProbers
    featureStatus: Alpha
    description: Rewrite HTTP readiness and liveness probes to be redirected to
      the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/controlPlaneAuthPolicy
    description: Specifies the auth policy used by the Istio control plane. If NONE,
      traffic will not be encrypted. If MUTUAL_TLS, traffic between Envoy sidecar
      will be wrapped into mutual TLS connections.
    deprecated: true
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/discoveryAddress
    featureStatus: Alpha
    description: Specifies the XDS discovery address to be used by the Envoy
      sidecar.
    deprecated: true
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/proxyImage
    featureStatus: Alpha
    description: Specifies the Docker image to be used by the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/proxyImageType
    featureStatus: Alpha
    description: Specifies the Docker image type to be used by the Envoy sidecar. Istio publishes debug
      and distroless image types for every release tag.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/proxyCPU
    featureStatus: Alpha
    description: Specifies the requested CPU setting for the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/proxyCPULimit
    featureStatus: Alpha
    description: Specifies the CPU limit for the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/proxyMemory
    featureStatus: Alpha
    description: Specifies the requested memory setting for the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/proxyMemoryLimit
    description: Specifies the memory limit for the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/interceptionMode
    featureStatus: Alpha
    description: Specifies the mode used to redirect inbound connections to Envoy
      (REDIRECT or TPROXY).
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/bootstrapOverride
    featureStatus: Alpha
    description: Specifies an alternative Envoy bootstrap configuration file.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/statsInclusionPrefixes
    featureStatus: Alpha
    description: Specifies the comma separated list of prefixes of the stats to be
      emitted by Envoy.
    deprecated: true
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/statsInclusionSuffixes
    featureStatus: Alpha
    description: Specifies the comma separated list of suffixes of the stats to be
      emitted by Envoy.
    deprecated: true
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/statsInclusionRegexps
    featureStatus: Alpha
    description: Specifies the comma separated list of regexes the stats should match
      to be emitted by Envoy.
    deprecated: true
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/userVolume
    featureStatus: Alpha
    description: Specifies one or more user volumes (as a JSON array) to be added to
      the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/userVolumeMount
    description: Specifies one or more user volume mounts (as a JSON array) to be added
      to the Envoy sidecar.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/enableCoreDump
    featureStatus: Alpha
    description: Specifies whether or not an Envoy sidecar should enable core dump.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: status.sidecar.istio.io/port
    featureStatus: Alpha
    description: Specifies the HTTP status Port for the Envoy sidecar. If zero, the
      sidecar will not provide status.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/logLevel
    featureStatus: Alpha
    description: Specifies the log level for Envoy.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/componentLogLevel
    featureStatus: Alpha
    description: Specifies the component log level for Envoy.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/agentLogLevel
    featureStatus: Alpha
    description: Specifies the log output level for pilot-agent.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: readiness.status.sidecar.istio.io/initialDelaySeconds
    featureStatus: Alpha
    description: Specifies the initial delay (in seconds) for the Envoy sidecar readiness
      probe.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: readiness.status.sidecar.istio.io/periodSeconds
    featureStatus: Alpha
    description: Specifies the period (in seconds) for the Envoy sidecar readiness probe.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: readiness.status.sidecar.istio.io/failureThreshold
    featureStatus: Alpha
    description: Specifies the failure threshold for the Envoy sidecar readiness probe.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: readiness.status.sidecar.istio.io/applicationPorts
    featureStatus: Alpha
    description: Specifies the list of ports exposed by the application container. Used
      by the Envoy sidecar readiness probe to determine that Envoy is configured and ready
      to receive traffic.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.istio.io/nodeSelector
    featureStatus: Stable
    description: This annotation is a set of node-labels (key1=value,key2=value). If the
      annotated Service is of type NodePort and is a multi-network gateway (see
      topology.istio.io/network), the addresses for selected nodes will be used for
      cross-network communication.
    deprecated: false
    hidden: false
    resources:
      - Service

  - name: traffic.sidecar.istio.io/includeOutboundIPRanges
    featureStatus: Alpha
    description: A comma separated list of IP ranges in CIDR form to redirect to Envoy
      (optional). The wildcard character '*' can be used to redirect all outbound traffic.
      An empty list will disable all outbound redirection.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/excludeOutboundIPRanges
    featureStatus: Alpha
    description: A comma separated list of IP ranges in CIDR form to be excluded from
      redirection. Only applies when all outbound traffic (i.e. '*') is being redirected.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/includeInboundPorts
    description: A comma separated list of inbound ports for which traffic is to be
      redirected to Envoy. The wildcard character '*' can be used to configure redirection
      for all ports. An empty list will disable all inbound redirection.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/excludeInboundPorts
    featureStatus: Alpha
    description: A comma separated list of inbound ports to be excluded from redirection
      to Envoy. Only applies when all inbound traffic (i.e. '*') is being redirected.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/excludeInterfaces
    featureStatus: Alpha
    description: A comma separated list of interfaces to be excluded from Istio traffic capture
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/includeOutboundPorts
    featureStatus: Alpha
    description: A comma separated list of outbound ports for which traffic is to be
      redirected to Envoy, regardless of the destination IP.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/excludeOutboundPorts
    featureStatus: Alpha
    description: A comma separated list of outbound ports to be excluded from redirection
      to Envoy.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: traffic.sidecar.istio.io/kubevirtInterfaces
    featureStatus: Alpha
    description: A comma separated list of virtual interfaces whose inbound traffic
      (from VM) will be treated as outbound.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: kubernetes.io/ingress.class
    featureStatus: Stable
    description: Annotation on an Ingress resources denoting the class of controllers responsible for it.
    deprecated: false
    hidden: false
    resources:
      - Ingress

  - name: install.operator.istio.io/chart-owner
    featureStatus: Alpha
    description: Represents the name of the chart used to create this resource.
    deprecated: false
    hidden: false
    resources:
      - Any

  - name: install.operator.istio.io/owner-generation
    featureStatus: Alpha
    description: Represents the generation to which the resource was last reconciled.
    deprecated: false
    hidden: false
    resources:
      - Any

  - name: install.operator.istio.io/version
    featureStatus: Alpha
    description: Represents the Istio version associated with the resource
    deprecated: false
    hidden: false
    resources:
      - Any

  - name: galley.istio.io/analyze-suppress
    featureStatus: Alpha
    description: A comma separated list of configuration analysis message codes
      to suppress when Istio analyzers are run. For example, to suppress
      reporting of IST0103 (PodMissingProxy) and IST0108 (UnknownAnnotation) on
      a resource, apply the annotation
      'galley.istio.io/analyze-suppress=IST0108,IST0103'. If the value is '*',
      then all configuration analysis messages are suppressed.
    deprecated: false
    hidden: false
    resources:
      - Any

  - name: proxy.istio.io/config
    featureStatus: Beta
    description: Overrides for the proxy configuration for this specific proxy. Available options
      can be found at https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: istio.io/dry-run
    featureStatus: Alpha
    description: Specifies whether or not the given resource is in dry-run mode. See
      https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/ for more information.
    deprecated: false
    hidden: false
    resources:
      - AuthorizationPolicy

  - name: proxy.istio.io/overrides
    featureStatus: Alpha
    description: Used internally to indicate user-specified overrides in the proxy container of the pod during injection.
    deprecated: false
    hidden: true
    resources:
      - Pod

  - name: inject.istio.io/templates
    featureStatus: Alpha
    description: The name of the inject template(s) to use, as a comma separate list. See
      https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental for more information.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: sidecar.istio.io/extraStatTags
    featureStatus: Alpha
    description: An additional list of tags to extract from the in-proxy Istio telemetry. each additional tag needs to be present in this list.
    deprecated: false
    hidden: false
    resources:
      - Pod

  - name: istio.io/autoRegistrationGroup
    featureStatus: Alpha
    description: On a WorkloadEntry stores the associated WorkloadGroup.
    deprecated: false
    hidden: true
    resources:
      - WorkloadEntry

  - name: istio.io/workloadController
    featureStatus: Alpha
    description: On a WorkloadEntry should store the current/last pilot instance connected to the workload for XDS.
    deprecated: false
    hidden: true
    resources:
      - WorkloadEntry

  - name: istio.io/connectedAt
    featureStatus: Alpha
    description: On a WorkloadEntry stores the time in nanoseconds when the associated workload connected to a Pilot instance.
    deprecated: false
    hidden: true
    resources:
      - WorkloadEntry

  - name: istio.io/disconnectedAt
    featureStatus: Alpha
    description: On a WorkloadEntry stores the time in nanoseconds when the associated workload disconnected from a Pilot instance.
    deprecated: false
    hidden: true
    resources:
      - WorkloadEntry

  - name: topology.istio.io/controlPlaneClusters
    featureStatus: Alpha
    description: A comma-separated list of clusters (or * for any) running istiod that should attempt leader election
      for a remote cluster thats system namespace includes this annotation. Istiod will not attempt to lead unannotated
      remote clusters.
    deprecated: false
    hidden: false
    resources:
      - Namespace

  - name: gateway.istio.io/controller-version
    featureStatus: Alpha
    description: A version added to the Gateway by the controller specifying the "controller version".
    deprecated: false
    hidden: true
    resources:
      - Any