Install and configure Istio CNI plugin on a node, detect and repair pod which is broken by race condition.
+install-cni [flags]
+| Flags | +Description | +
|---|---|
--chained-cni-plugin |
+Whether to install CNI plugin as a chained or standalone | +
--cni-conf-name <string> |
+Name of the CNI configuration file (default ``) | +
--cni-net-dir <string> |
+Directory on the host where CNI network plugins are installed (default `/etc/cni/net.d`) | +
--cni-network-config <string> |
+CNI configuration template as a string (default ``) | +
--cni-network-config-file <string> |
+CNI config template as a file (default ``) | +
--ctrlz_address <string> |
+The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
+The IP port to use for the ControlZ introspection facility (default `9876`) | +
--kube-ca-file <string> |
+CA file for kubeconfig. Defaults to the same as install-cni pod (default ``) | +
--kubecfg-file-name <string> |
+Name of the kubeconfig file which CNI plugin will use when interacting with API server (default `ZZZ-istio-cni-kubeconfig`) | +
--kubeconfig-mode <int> |
+File mode of the kubeconfig file (default `384`) | +
--log-level <string> |
+Fallback value for log level in CNI config file, if not specified in helm template (default `warn`) | +
--log-uds-address <string> |
+The UDS server address which CNI plugin will copy log ouptut to (default `/var/run/istio-cni/log.sock`) | +
--log_as_json |
+Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
+The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
+The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
+The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
+The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
+The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
--monitoring-port <int> |
+HTTP port to serve prometheus metrics (default `15014`) | +
--mounted-cni-net-dir <string> |
+Directory on the container where CNI networks are installed (default `/host/etc/cni/net.d`) | +
--repair-broken-pod-label-key <string> |
+The key portion of the label which will be set by the ace repair if label pods is true (default `cni.istio.io/uninitialized`) | +
--repair-broken-pod-label-value <string> |
+The value portion of the label which will be set by the race repair if label pods is true (default `true`) | +
--repair-delete-pods |
+Controller will delete pods when detecting pod broken by race condition | +
--repair-enabled |
+Whether to enable race condition repair or not | +
--repair-field-selectors <string> |
+A set of field selectors in label=value format that will be added to the pod list filters (default ``) | +
--repair-init-container-exit-code <int> |
+Expected exit code for the init container when crash-looping because of CNI misconfiguration (default `126`) | +
--repair-init-container-name <string> |
+The name of the istio init container (will crash-loop if CNI is not configured for the pod) (default `istio-validation`) | +
--repair-init-container-termination-message <string> |
+The expected termination message for the init container when crash-looping because of CNI misconfiguration (default ``) | +
--repair-label-pods |
+Controller will label pods when detecting pod broken by race condition | +
--repair-label-selectors <string> |
+A set of label selectors in label=value format that will be added to the pod list filters (default ``) | +
--repair-node-name <string> |
+The name of the managed node (will manage all nodes if unset) (default ``) | +
--repair-run-as-daemon |
+Controller will run in a loop | +
--repair-sidecar-annotation <string> |
+An annotation key that indicates this pod contains an istio sidecar. All pods without this annotation will be ignored.The value of the annotation is ignored. (default `sidecar.istio.io/status`) | +
--skip-cni-binaries <istio-cni> |
+Binaries that should not be installed. Currently Istio only installs one binary istio-cni (default `[]`) | +
--skip-tls-verify |
+Whether to use insecure TLS in kubeconfig file | +
--update-cni-binaries |
+Whether to refresh existing binaries when installing CNI | +
+Generate the autocompletion script for install-cni for the specified shell. +See each sub-command's help for details on how to use the generated script. +
+| Flags | +Description | +
|---|---|
--ctrlz_address <string> |
+The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
+The IP port to use for the ControlZ introspection facility (default `9876`) | +
--log_as_json |
+Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
+The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
+The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
+The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
+The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
+The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
+Generate the autocompletion script for the bash shell.
+This script depends on the 'bash-completion' package. +If it is not installed already, you can install it via your OS's package manager.
+To load completions in your current shell session: +$ source <(install-cni completion bash)
+To load completions for every new session, execute once: +Linux: + $ install-cni completion bash > /etc/bash_completion.d/install-cni +MacOS: + $ install-cni completion bash > /usr/local/etc/bash_completion.d/install-cni
+You will need to start a new shell for this setup to take effect. +
+install-cni completion bash
+| Flags | +Description | +
|---|---|
--ctrlz_address <string> |
+The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
+The IP port to use for the ControlZ introspection facility (default `9876`) | +
--log_as_json |
+Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
+The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
+The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
+The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
+The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
+The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
--no-descriptions |
+disable completion descriptions | +
+Generate the autocompletion script for the fish shell.
+To load completions in your current shell session: +$ install-cni completion fish | source
+To load completions for every new session, execute once: +$ install-cni completion fish > ~/.config/fish/completions/install-cni.fish
+You will need to start a new shell for this setup to take effect. +
+install-cni completion fish [flags]
+| Flags | +Description | +
|---|---|
--ctrlz_address <string> |
+The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
+The IP port to use for the ControlZ introspection facility (default `9876`) | +
--log_as_json |
+Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
+The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
+The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
+The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
+The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
+The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
--no-descriptions |
+disable completion descriptions | +
+Generate the autocompletion script for powershell.
+To load completions in your current shell session: +PS C:\> install-cni completion powershell | Out-String | Invoke-Expression
+To load completions for every new session, add the output of the above command +to your powershell profile. +
+install-cni completion powershell [flags]
+| Flags | +Description | +
|---|---|
--ctrlz_address <string> |
+The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
+The IP port to use for the ControlZ introspection facility (default `9876`) | +
--log_as_json |
+Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
+The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
+The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
+The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
+The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
+The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
--no-descriptions |
+disable completion descriptions | +
+Generate the autocompletion script for the zsh shell.
+If shell completion is not already enabled in your environment you will need +to enable it. You can execute the following once:
+$ echo "autoload -U compinit; compinit" >> ~/.zshrc
+To load completions for every new session, execute once: +# Linux: +$ install-cni completion zsh > "${fpath[1]}/_install-cni" +# macOS: +$ install-cni completion zsh > /usr/local/share/zsh/site-functions/_install-cni
+You will need to start a new shell for this setup to take effect. +
+install-cni completion zsh [flags]
+| Flags | +Description | +
|---|---|
--ctrlz_address <string> |
+The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
+The IP port to use for the ControlZ introspection facility (default `9876`) | +
--log_as_json |
+Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
+The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
+The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
+The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
+The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
+The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
--no-descriptions |
+disable completion descriptions | +
Prints out build version information
+install-cni version [flags]
+| Flags | +Shorthand | +Description | +
|---|---|---|
--ctrlz_address <string> |
++ | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | +
--ctrlz_port <uint16> |
++ | The IP port to use for the ControlZ introspection facility (default `9876`) | +
--log_as_json |
++ | Whether to format output as JSON or in plain console-friendly format | +
--log_caller <string> |
++ | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | +
--log_output_level <string> |
++ | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | +
--log_rotate <string> |
++ | The path for the optional rotating log file (default ``) | +
--log_rotate_max_age <int> |
++ | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | +
--log_rotate_max_backups <int> |
++ | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | +
--log_rotate_max_size <int> |
++ | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | +
--log_stacktrace_level <string> |
++ | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | +
--log_target <stringArray> |
++ | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | +
--output <string> |
+-o |
+One of 'yaml' or 'json'. (default ``) | +
--short |
+-s |
+Use --short=false to generate full version information | +
install-cni command. Please use with caution as these environment variables are experimental and can change anytime.
+| Variable Name | +Type | +Default Value | +Description | +
|---|---|---|---|
CHAINED_CNI_PLUGIN |
+Boolean | +true |
+Whether to install CNI plugin as a chained or standalone | +
CNI_CONF_NAME |
+String | + |
+Name of the CNI configuration file | +
CNI_NETWORK_CONFIG |
+String | + |
+CNI configuration template as a string | +
CNI_NETWORK_CONFIG_FILE |
+String | + |
+CNI config template as a file | +
CNI_NET_DIR |
+String | +/etc/cni/net.d |
+Directory on the host where CNI network plugins are installed | +
KUBECFG_FILE_NAME |
+String | +ZZZ-istio-cni-kubeconfig |
+Name of the kubeconfig file which CNI plugin will use when interacting with API server | +
KUBECONFIG_MODE |
+Integer | +384 |
+File mode of the kubeconfig file | +
KUBE_CA_FILE |
+String | + |
+CA file for kubeconfig. Defaults to the same as install-cni pod | +
LOG_LEVEL |
+String | +warn |
+Fallback value for log level in CNI config file, if not specified in helm template | +
LOG_UDS_ADDRESS |
+String | +/var/run/istio-cni/log.sock |
+The UDS server address which CNI plugin will copy log ouptut to | +
MONITORING_PORT |
+Integer | +15014 |
+HTTP port to serve prometheus metrics | +
MOUNTED_CNI_NET_DIR |
+String | +/host/etc/cni/net.d |
+Directory on the container where CNI networks are installed | +
REPAIR_BROKEN_POD_LABEL_KEY |
+String | +cni.istio.io/uninitialized |
+The key portion of the label which will be set by the ace repair if label pods is true | +
REPAIR_BROKEN_POD_LABEL_VALUE |
+String | +true |
+The value portion of the label which will be set by the race repair if label pods is true | +
REPAIR_DELETE_PODS |
+Boolean | +false |
+Controller will delete pods when detecting pod broken by race condition | +
REPAIR_ENABLED |
+Boolean | +true |
+Whether to enable race condition repair or not | +
REPAIR_FIELD_SELECTORS |
+String | + |
+A set of field selectors in label=value format that will be added to the pod list filters | +
REPAIR_INIT_CONTAINER_EXIT_CODE |
+Integer | +126 |
+Expected exit code for the init container when crash-looping because of CNI misconfiguration | +
REPAIR_INIT_CONTAINER_NAME |
+String | +istio-validation |
+The name of the istio init container (will crash-loop if CNI is not configured for the pod) | +
REPAIR_INIT_CONTAINER_TERMINATION_MESSAGE |
+String | + |
+The expected termination message for the init container when crash-looping because of CNI misconfiguration | +
REPAIR_LABEL_PODS |
+Boolean | +false |
+Controller will label pods when detecting pod broken by race condition | +
REPAIR_LABEL_SELECTORS |
+String | + |
+A set of label selectors in label=value format that will be added to the pod list filters | +
REPAIR_NODE_NAME |
+String | + |
+The name of the managed node (will manage all nodes if unset) | +
REPAIR_RUN_AS_DAEMON |
+Boolean | +false |
+Controller will run in a loop | +
REPAIR_SIDECAR_ANNOTATION |
+String | +sidecar.istio.io/status |
+An annotation key that indicates this pod contains an istio sidecar. All pods without this annotation will be ignored.The value of the annotation is ignored. | +
SKIP_CNI_BINARIES |
+String | + |
+Binaries that should not be installed. Currently Istio only installs one binary `istio-cni` | +
SKIP_TLS_VERIFY |
+Boolean | +false |
+Whether to use insecure TLS in kubeconfig file | +
UPDATE_CNI_BINARIES |
+Boolean | +true |
+Whether to refresh existing binaries when installing CNI | +
| Metric Name | Type | Description |
|---|---|---|
istio_build | LastValue | Istio component build info |
istio_cni_install_ready | LastValue | Whether the CNI plugin installation is ready or not |
istio_cni_installs_total | Sum | Total number of CNI plugins installed by the Istio CNI installer |
istio_cni_repair_pods_repaired_total | Sum | Total number of pods repaired by repair controller |