Galley provides configuration management services for Istio.
galley [flags]
| Flags | Description |
|---|---|
--accessListFile <string> |
The access list yaml file that contains the allowd mTLS peer ids. (default `/etc/config/accesslist.yaml`) |
--caCertFile <string> |
File containing the caBundle that signed the cert/key specified by --tlsCertFile and --tlsKeyFile. (default `/etc/certs/root-cert.pem`) |
--configPath <string> |
Istio config file path (default ``) |
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--deployment-name <string> |
Name of the deployment for the validation pod (default `istio-galley`) |
--deployment-namespace <string> |
Namespace of the deployment for the validation pod (default `istio-system`) |
--disableResourceReadyCheck |
Disable resource readiness checks. This allows Galley to start if not all resource types are supported |
--domain <string> |
DNS domain suffix (default `cluster.local`) |
--enable-server |
Run galley server mode |
--enable-validation |
Run galley validation mode |
--enableProfiling |
Enable profiling for Galley |
--excludedResourceKinds <stringSlice> |
Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`) |
--insecure |
Use insecure gRPC communication |
--kubeconfig <string> |
Use a Kubernetes configuration file instead of in-cluster configuration (default ``) |
--livenessProbeInterval <duration> |
Interval of updating file for the Galley liveness probe. (default `2s`) |
--livenessProbePath <string> |
Path to the file for the Galley liveness probe. (default `/healthLiveness`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--meshConfigFile <string> |
Path to the mesh config file (default `/etc/mesh-config/mesh`) |
--monitoringPort <uint> |
Port to use for exposing self-monitoring information (default `15014`) |
--pprofPort <uint> |
Port to use for exposing profiling (default `9094`) |
--readinessProbeInterval <duration> |
Interval of updating file for the Galley readiness probe. (default `2s`) |
--readinessProbePath <string> |
Path to the file for the Galley readiness probe. (default `/healthReadiness`) |
--resyncPeriod <duration> |
Resync period for rescanning Kubernetes resources (default `0s`) |
--server-address <string> |
Address to use for Galley's gRPC API, e.g. tcp://127.0.0.1:9092 or unix:///path/to/file (default `tcp://0.0.0.0:9901`) |
--server-maxConcurrentStreams <uint> |
Maximum number of outstanding RPCs per connection (default `1024`) |
--server-maxReceivedMessageSize <uint> |
Maximum size of individual gRPC messages (default `1048576`) |
--service-name <string> |
Name of the validation service running in the same namespace as the deployment (default `istio-galley`) |
--sinkAddress <string> |
Address of MCP Resource Sink server for Galley to connect to. Ex: 'foo.com:1234' (default ``) |
--sinkAuthMode <string> |
Name of authentication plugin to use for connection to sink server. (default ``) |
--sinkMeta <stringSlice> |
Comma-separated list of key=values to attach as metadata to outgoing sink connections. Ex: 'key=value,key2=value2' (default `[]`) |
--tlsCertFile <string> |
File containing the x509 Certificate for HTTPS. (default `/etc/certs/cert-chain.pem`) |
--tlsKeyFile <string> |
File containing the x509 private key matching --tlsCertFile. (default `/etc/certs/key.pem`) |
--validation-port <uint> |
HTTPS port of the validation service. Must be 443 if service has more than one port (default `443`) |
--validation-webhook-config-file <string> |
File that contains k8s validatingwebhookconfiguration yaml. Validation is disabled if file is not specified (default ``) |
--webhook-name <string> |
Name of the k8s validatingwebhookconfiguration (default `istio-galley`) |
Check the liveness or readiness of a locally-running server
galley probe [flags]
| Flags | Description |
|---|---|
--accessListFile <string> |
The access list yaml file that contains the allowd mTLS peer ids. (default `/etc/config/accesslist.yaml`) |
--caCertFile <string> |
File containing the caBundle that signed the cert/key specified by --tlsCertFile and --tlsKeyFile. (default `/etc/certs/root-cert.pem`) |
--configPath <string> |
Istio config file path (default ``) |
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--deployment-name <string> |
Name of the deployment for the validation pod (default `istio-galley`) |
--deployment-namespace <string> |
Namespace of the deployment for the validation pod (default `istio-system`) |
--disableResourceReadyCheck |
Disable resource readiness checks. This allows Galley to start if not all resource types are supported |
--domain <string> |
DNS domain suffix (default `cluster.local`) |
--enable-server |
Run galley server mode |
--enable-validation |
Run galley validation mode |
--enableProfiling |
Enable profiling for Galley |
--excludedResourceKinds <stringSlice> |
Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`) |
--insecure |
Use insecure gRPC communication |
--interval <duration> |
Duration used for checking the target file's last modified time. (default `0s`) |
--kubeconfig <string> |
Use a Kubernetes configuration file instead of in-cluster configuration (default ``) |
--livenessProbeInterval <duration> |
Interval of updating file for the Galley liveness probe. (default `2s`) |
--livenessProbePath <string> |
Path to the file for the Galley liveness probe. (default `/healthLiveness`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--meshConfigFile <string> |
Path to the mesh config file (default `/etc/mesh-config/mesh`) |
--monitoringPort <uint> |
Port to use for exposing self-monitoring information (default `15014`) |
--pprofPort <uint> |
Port to use for exposing profiling (default `9094`) |
--probe-path <string> |
Path of the file for checking the availability. (default ``) |
--readinessProbeInterval <duration> |
Interval of updating file for the Galley readiness probe. (default `2s`) |
--readinessProbePath <string> |
Path to the file for the Galley readiness probe. (default `/healthReadiness`) |
--resyncPeriod <duration> |
Resync period for rescanning Kubernetes resources (default `0s`) |
--server-address <string> |
Address to use for Galley's gRPC API, e.g. tcp://127.0.0.1:9092 or unix:///path/to/file (default `tcp://0.0.0.0:9901`) |
--server-maxConcurrentStreams <uint> |
Maximum number of outstanding RPCs per connection (default `1024`) |
--server-maxReceivedMessageSize <uint> |
Maximum size of individual gRPC messages (default `1048576`) |
--service-name <string> |
Name of the validation service running in the same namespace as the deployment (default `istio-galley`) |
--sinkAddress <string> |
Address of MCP Resource Sink server for Galley to connect to. Ex: 'foo.com:1234' (default ``) |
--sinkAuthMode <string> |
Name of authentication plugin to use for connection to sink server. (default ``) |
--sinkMeta <stringSlice> |
Comma-separated list of key=values to attach as metadata to outgoing sink connections. Ex: 'key=value,key2=value2' (default `[]`) |
--tlsCertFile <string> |
File containing the x509 Certificate for HTTPS. (default `/etc/certs/cert-chain.pem`) |
--tlsKeyFile <string> |
File containing the x509 private key matching --tlsCertFile. (default `/etc/certs/key.pem`) |
--validation-port <uint> |
HTTPS port of the validation service. Must be 443 if service has more than one port (default `443`) |
--validation-webhook-config-file <string> |
File that contains k8s validatingwebhookconfiguration yaml. Validation is disabled if file is not specified (default ``) |
--webhook-name <string> |
Name of the k8s validatingwebhookconfiguration (default `istio-galley`) |
Prints out build version information
galley version [flags]
| Flags | Shorthand | Description |
|---|---|---|
--accessListFile <string> |
The access list yaml file that contains the allowd mTLS peer ids. (default `/etc/config/accesslist.yaml`) | |
--caCertFile <string> |
File containing the caBundle that signed the cert/key specified by --tlsCertFile and --tlsKeyFile. (default `/etc/certs/root-cert.pem`) | |
--configPath <string> |
Istio config file path (default ``) | |
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`) | |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) | |
--deployment-name <string> |
Name of the deployment for the validation pod (default `istio-galley`) | |
--deployment-namespace <string> |
Namespace of the deployment for the validation pod (default `istio-system`) | |
--disableResourceReadyCheck |
Disable resource readiness checks. This allows Galley to start if not all resource types are supported | |
--domain <string> |
DNS domain suffix (default `cluster.local`) | |
--enable-server |
Run galley server mode | |
--enable-validation |
Run galley validation mode | |
--enableProfiling |
Enable profiling for Galley | |
--excludedResourceKinds <stringSlice> |
Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`) | |
--insecure |
Use insecure gRPC communication | |
--kubeconfig <string> |
Use a Kubernetes configuration file instead of in-cluster configuration (default ``) | |
--livenessProbeInterval <duration> |
Interval of updating file for the Galley liveness probe. (default `2s`) | |
--livenessProbePath <string> |
Path to the file for the Galley liveness probe. (default `/healthLiveness`) | |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format | |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``) | |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | |
--log_rotate <string> |
The path for the optional rotating log file (default ``) | |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | |
--meshConfigFile <string> |
Path to the mesh config file (default `/etc/mesh-config/mesh`) | |
--monitoringPort <uint> |
Port to use for exposing self-monitoring information (default `15014`) | |
--output <string> |
-o |
One of 'yaml' or 'json'. (default ``) |
--pprofPort <uint> |
Port to use for exposing profiling (default `9094`) | |
--readinessProbeInterval <duration> |
Interval of updating file for the Galley readiness probe. (default `2s`) | |
--readinessProbePath <string> |
Path to the file for the Galley readiness probe. (default `/healthReadiness`) | |
--resyncPeriod <duration> |
Resync period for rescanning Kubernetes resources (default `0s`) | |
--server-address <string> |
Address to use for Galley's gRPC API, e.g. tcp://127.0.0.1:9092 or unix:///path/to/file (default `tcp://0.0.0.0:9901`) | |
--server-maxConcurrentStreams <uint> |
Maximum number of outstanding RPCs per connection (default `1024`) | |
--server-maxReceivedMessageSize <uint> |
Maximum size of individual gRPC messages (default `1048576`) | |
--service-name <string> |
Name of the validation service running in the same namespace as the deployment (default `istio-galley`) | |
--short |
-s |
Displays a short form of the version information |
--sinkAddress <string> |
Address of MCP Resource Sink server for Galley to connect to. Ex: 'foo.com:1234' (default ``) | |
--sinkAuthMode <string> |
Name of authentication plugin to use for connection to sink server. (default ``) | |
--sinkMeta <stringSlice> |
Comma-separated list of key=values to attach as metadata to outgoing sink connections. Ex: 'key=value,key2=value2' (default `[]`) | |
--tlsCertFile <string> |
File containing the x509 Certificate for HTTPS. (default `/etc/certs/cert-chain.pem`) | |
--tlsKeyFile <string> |
File containing the x509 private key matching --tlsCertFile. (default `/etc/certs/key.pem`) | |
--validation-port <uint> |
HTTPS port of the validation service. Must be 443 if service has more than one port (default `443`) | |
--validation-webhook-config-file <string> |
File that contains k8s validatingwebhookconfiguration yaml. Validation is disabled if file is not specified (default ``) | |
--webhook-name <string> |
Name of the k8s validatingwebhookconfiguration (default `istio-galley`) |