istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update reference docs. (#3172)

This commit is contained in:
Martin Taillefer 2019-01-30 08:27:01 -08:00 committed by GitHub
parent 9058bec3ce
commit 1226948007
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 437 additions and 471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
content/docs/reference/commands/galley/index.html
View File

@ -62,6 +62,10 @@ number_of_entries: 4
<td>Enable profiling for Galley </td>
</tr>
<tr>
<td><code>--excludedResourceKinds &lt;stringSlice&gt;</code></td>
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`)</td>
</tr>
<tr>
<td><code>--insecure</code></td>
<td>Use insecure gRPC communication </td>
</tr>
@ -83,11 +87,11 @@ number_of_entries: 4
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -107,7 +111,7 @@ number_of_entries: 4
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -234,6 +238,10 @@ number_of_entries: 4
<td>Enable profiling for Galley </td>
</tr>
<tr>
<td><code>--excludedResourceKinds &lt;stringSlice&gt;</code></td>
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`)</td>
</tr>
<tr>
<td><code>--insecure</code></td>
<td>Use insecure gRPC communication </td>
</tr>
@ -259,11 +267,11 @@ number_of_entries: 4
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -283,7 +291,7 @@ number_of_entries: 4
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -427,6 +435,11 @@ number_of_entries: 4
<td>Enable profiling for Galley </td>
</tr>
<tr>
<td><code>--excludedResourceKinds &lt;stringSlice&gt;</code></td>
<td></td>
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`)</td>
</tr>
<tr>
<td><code>--insecure</code></td>
<td></td>
<td>Use insecure gRPC communication </td>
@ -454,12 +467,12 @@ number_of_entries: 4
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -484,7 +497,7 @@ number_of_entries: 4
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, conversions, default, fs, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>

8
content/docs/reference/commands/istio_ca/index.html
View File

@ -126,6 +126,10 @@ number_of_entries: 4
<td>Interval of checking the liveness of the CA. (default `30s`)</td>
</tr>
<tr>
<td><code>--read-signing-cert-only</code></td>
<td>When set, Citadel only reads the self-signed signing key and cert from Kubernetes secret without generating one (if not exist). This flag avoids racing condition between multiple Citadels generating self-signed key and cert. Please make sure one and only one Citadel instance has this flag set to false. </td>
</tr>
<tr>
<td><code>--requested-ca-cert-ttl &lt;duration&gt;</code></td>
<td>The requested TTL for the workload (default `8760h0m0s`)</td>
</tr>
@ -142,6 +146,10 @@ number_of_entries: 4
<td>The TTL of self-signed CA root certificate (default `8760h0m0s`)</td>
</tr>
<tr>
<td><code>--server-only</code></td>
<td>When set, Citadel only serves as a server without writing the Kubernetes secrets. </td>
</tr>
<tr>
<td><code>--sign-ca-certs</code></td>
<td>Whether Citadel signs certificates for other CAs </td>
</tr>

8
content/docs/reference/commands/pilot-agent/index.html
View File

@ -84,6 +84,10 @@ number_of_entries: 5
<td>Control Plane Authentication Policy (default `NONE`)</td>
</tr>
<tr>
<td><code>--controlPlaneBootstrap</code></td>
<td>Process bootstrap provided via templateFile to be used by control plane components. </td>
</tr>
<tr>
<td><code>--customConfigFile &lt;string&gt;</code></td>
<td>Path to the custom configuration file (default ``)</td>
</tr>
@ -112,6 +116,10 @@ number_of_entries: 5
<td>Proxy IP address. If not provided uses ${INSTANCE_IP} environment variable. (default ``)</td>
</tr>
<tr>
<td><code>--kubeAppProberConfig &lt;string&gt;</code></td>
<td>The json encoded string to pass app HTTP probe information from injector(istioctl or webhook). For example, --kubeAppProberConfig=&#39;{&#34;/app-health/httpbin/livez&#34;:{&#34;path&#34;: &#34;/hello&#34;, &#34;port&#34;: 8080}&#39; indicates that httpbin container liveness prober port is 8080 and probing path is /hello. This flag should never be set manually. (default ``)</td>
</tr>
<tr>
<td><code>--lightstepAccessToken &lt;string&gt;</code></td>
<td>Access Token for LightStep Satellite pool (default ``)</td>
</tr>

18
content/docs/reference/commands/pilot-discovery/index.html
View File

@ -24,6 +24,10 @@ number_of_entries: 5
<td>The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`)</td>
</tr>
<tr>
<td><code>--keepaliveMaxServerConnectionAge &lt;duration&gt;</code></td>
<td>Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`)</td>
</tr>
<tr>
<td><code>--keepaliveTimeout &lt;duration&gt;</code></td>
<td>After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`)</td>
</tr>
@ -152,6 +156,11 @@ number_of_entries: 5
<td>The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`)</td>
</tr>
<tr>
<td><code>--keepaliveMaxServerConnectionAge &lt;duration&gt;</code></td>
<td></td>
<td>Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`)</td>
</tr>
<tr>
<td><code>--keepaliveTimeout &lt;duration&gt;</code></td>
<td></td>
<td>After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`)</td>
@ -291,6 +300,10 @@ number_of_entries: 5
<td>The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`)</td>
</tr>
<tr>
<td><code>--keepaliveMaxServerConnectionAge &lt;duration&gt;</code></td>
<td>Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`)</td>
</tr>
<tr>
<td><code>--keepaliveTimeout &lt;duration&gt;</code></td>
<td>After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`)</td>
</tr>
@ -359,6 +372,11 @@ number_of_entries: 5
<td>The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`)</td>
</tr>
<tr>
<td><code>--keepaliveMaxServerConnectionAge &lt;duration&gt;</code></td>
<td></td>
<td>Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`)</td>
</tr>
<tr>
<td><code>--keepaliveTimeout &lt;duration&gt;</code></td>
<td></td>
<td>After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`)</td>

173
content/docs/reference/config/istio.networking.v1alpha3/index.html
View File

@ -6,7 +6,7 @@ layout: protoc-gen-docs
generator: protoc-gen-docs
aliases:
- /docs/reference/config/istio.routing.v1alpha1/
number_of_entries: 62
number_of_entries: 60
---
<p>Configuration affecting traffic routing. Here are a few terms useful to define
in the context of traffic routing.</p>
@ -73,40 +73,6 @@ domain socket. When used in ingress listener, care needs to be taken
to ensure that the listener port is not in use by other processes on
the host.</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="ConfigScope">ConfigScope</h2>
<section>
<p>ConfigScope defines the visibility of an Istio configuration artifact in
a namespace when the namespace is imported. By default all
configuration artifacts are public. Configurations with private scope
will not be imported when the namespace containing the configuration is
imported in a Sidecar.</p>
<table class="enum-values">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="ConfigScope-PUBLIC">
<td><code>PUBLIC</code></td>
<td>
<p>Config with this scope are visible to all workloads in the mesh</p>
</td>
</tr>
<tr id="ConfigScope-PRIVATE">
<td><code>PRIVATE</code></td>
<td>
<p>Configs with this scope are visible to only workloads in the same
namespace as the configuration resource.</p>
</td>
</tr>
</tbody>
@ -703,17 +669,6 @@ sizes, outlier detection).</p>
<p>One or more named sets that represent individual versions of a
service. Traffic policies can be overridden at subset level.</p>
</td>
</tr>
<tr id="DestinationRule-config_scope">
<td><code>configScope</code></td>
<td><code><a href="#ConfigScope">ConfigScope</a></code></td>
<td>
<p>The visibility setting associated with this DestinationRule. Set to
PRIVATE if this destination rule should not be exported, i.e. restrict
the applicability of this destination rule to only workloads in the same
namespace as the destination rule.</p>
</td>
</tr>
</tbody>
@ -2417,31 +2372,6 @@ the User cookie as the hash key.</p>
ttl: 0s
</code></pre>
<p>The following example sets up locality weight for the ratings service
Assume ratings service resides in &ldquo;region1/zone1/<em>&rdquo; and &ldquo;region1/zone2/</em>&rdquo;,
and originating clusters also reside in &ldquo;region1/zone1/<em>&rdquo; and &ldquo;region1/zone2/</em>&rdquo;.
This example specifies when clusters from &ldquo;region1/zone1/<em>&rdquo; accessing ratings service, 80% of the traffic
is shipped to &ldquo;region1/zone1/</em>&rdquo; ratings service endpoints, and the rest 20% to &ldquo;region1/zone2/*&rdquo;.</p>
<pre><code class="language-yaml"> apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: bookinfo-ratings
spec:
host: ratings.prod.svc.cluster.local
trafficPolicy:
loadBalancer:
localityWeightSettings:
- from: region1/zone1/*
to:
&quot;region1/zone1/*&quot;: 80
&quot;region1/zone2/*&quot;: 20
- from: region1/zone2/*
to:
&quot;region1/zone1/*&quot;: 20
&quot;region1/zone2/*&quot;: 80
</code></pre>
<table class="message-fields">
<thead>
<tr>
@ -2461,17 +2391,6 @@ is shipped to &ldquo;region1/zone1/</em>&rdquo; ratings service endpoints, and t
<td><code>consistentHash</code></td>
<td><code><a href="#LoadBalancerSettings-ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB (oneof)</a></code></td>
<td>
</td>
</tr>
<tr id="LoadBalancerSettings-locality_weight_settings">
<td><code>localityWeightSettings</code></td>
<td><code><a href="#LoadBalancerSettings-LocalityWeightSetting">LoadBalancerSettings.LocalityWeightSetting[]</a></code></td>
<td>
<p>Explicitly assign loadbalancing weight across different zones and geographical locations.
Refer to <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html?highlight=load_balancing_weight#locality-weighted-load-balancing">Locality weighted load balancing</a>
If empty, the locality weight is set according to the endpoints number within it.
If duplicated settings are present, then the first one will take effect.</p>
</td>
</tr>
</tbody>
@ -2571,42 +2490,6 @@ be generated.</p>
<td>
<p>REQUIRED. Lifetime of the cookie.</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="LoadBalancerSettings-LocalityWeightSetting">LoadBalancerSettings.LocalityWeightSetting</h2>
<section>
<p>Originating -&gt; upstream cluster locality weight set, support wildcard matching &lsquo;<em>&rsquo;
&lsquo;</em>&rsquo; matches all localities
&lsquo;region1/*&rsquo; matches all zones in region1</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="LoadBalancerSettings-LocalityWeightSetting-from">
<td><code>from</code></td>
<td><code>string</code></td>
<td>
<p>Originating locality, &lsquo;/&rsquo; separated, e.g. &lsquo;region/zone/sub_zone&rsquo;.</p>
</td>
</tr>
<tr id="LoadBalancerSettings-LocalityWeightSetting-to">
<td><code>to</code></td>
<td><code>map&lt;string,&nbsp;uint32&gt;</code></td>
<td>
<p>Upstream locality to loadbalancing weight map. The sum of all weights should be == 100.
Should assign loadbalancing weight for all localities, otherwise the traffic are not routed
following the percentage of weight.</p>
</td>
</tr>
</tbody>
@ -3105,6 +2988,18 @@ certificate presented by the client.</p>
<p>Optional: If specified, only support the specified cipher list.
Otherwise default to the default cipher list supported by Envoy.</p>
</td>
</tr>
<tr id="Server-TLSOptions-sds_name">
<td><code>sdsName</code></td>
<td><code>string</code></td>
<td>
<p>Optional: If specified, the gateway controllers (with SDS enabled)
use the specified name as the SDS secret config name to call the SDS
server, to retrieve the key and certificates. Otherwise, the gateway
controllers (with SDS enabled) use the first value in the hosts as
the SDS secret config name to call the SDS server.</p>
</td>
</tr>
</tbody>
@ -3326,15 +3221,23 @@ spec:
</code></pre>
<p>The following example demonstrates the use of a dedicated egress gateway
through which all external service traffic is forwarded.</p>
through which all external service traffic is forwarded.
The &lsquo;export_to&rsquo; field allows for control over the visibility of a service
declaration to other namespaces in the mesh. By default a service is exported
to all namespaces. The following example restricts the visibility to the
current namespace, represented by &ldquo;.&rdquo;, so that it cannot be used by other
namespaces.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc-httpbin
namespace : egress
spec:
hosts:
- httpbin.com
export_to:
- .
location: MESH_EXTERNAL
ports:
- number: 80
@ -3349,6 +3252,7 @@ spec:
kind: Gateway
metadata:
name: istio-egressgateway
namespace: egress
spec:
selector:
istio: egressgateway
@ -3363,15 +3267,21 @@ spec:
<p>And the associated VirtualService to route from the sidecar to the
gateway service (istio-egressgateway.istio-system.svc.cluster.local), as
well as route from the gateway to the external service.</p>
well as route from the gateway to the external service. Note that the
virtual service is exported to all namespaces enabling them to route traffic
through the gateway to the external service. Forcing traffic to go through
a managed middle proxy like this is a common practice.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: gateway-routing
namespace: egress
spec:
hosts:
- httpbin.com
export_to:
- *
gateways:
- mesh
- istio-egressgateway
@ -3550,18 +3460,6 @@ said port will be allowed (i.e. 0.0.0.0:<port>).</p>
<td>
<p>One or more endpoints associated with the service.</p>
</td>
</tr>
<tr id="ServiceEntry-config_scope">
<td><code>configScope</code></td>
<td><code><a href="#ConfigScope">ConfigScope</a></code></td>
<td>
<p>The visibility setting associated with this service entry. Set to
PRIVATE if this service should not be visible outside the namespace
where the service entry was added. The default scope is public,
i.e. the service added by the service entry will be visible to
workloads in the entire mesh.</p>
</td>
</tr>
</tbody>
@ -4627,17 +4525,6 @@ traffic.</p>
be applied to any port that is not a HTTP or TLS port. The first rule
matching an incoming request is used.</p>
</td>
</tr>
<tr id="VirtualService-config_scope">
<td><code>configScope</code></td>
<td><code><a href="#ConfigScope">ConfigScope</a></code></td>
<td>
<p>The visibility setting associated with this VirtualService. Set to
PRIVATE if this virtual service should not be exported, i.e. restrict
the applicability of this virtual service to only workloads in the same
namespace as the virtual service.</p>
</td>
</tr>
</tbody>

181
content/docs/reference/config/policy-and-telemetry/adapters/servicecontrol/index.html
View File

@ -1,181 +0,0 @@
---
title: Service Control
description: Adapter that delivers logs and metrics to Google Service Control.
location: https://istio.io/docs/reference/config/policy-and-telemetry/adapters/servicecontrol.html
layout: protoc-gen-docs
generator: protoc-gen-docs
supported_templates: servicecontrolreport,quota,apikey
aliases:
- /docs/reference/config/adapters/servicecontrol.html
number_of_entries: 4
---
<p>The <code>servicecontrol</code> adapter delivers logs and metrics to
<a href="https://cloud.google.com/service-control">Google Service Control</a>.</p>
<p>This adapter supports the <a href="/docs/reference/config/policy-and-telemetry/templates/servicecontrolreport/">servicecontrolreport template</a>,
the <a href="/docs/reference/config/policy-and-telemetry/templates/quota/">quota template</a>,
and the <a href="/docs/reference/config/policy-and-telemetry/templates/apikey/">apikey template</a>.</p>
<h2 id="GcpServiceSetting">GcpServiceSetting</h2>
<section>
<p>Adapter setting for a managed GCP service.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="GcpServiceSetting-mesh_service_name">
<td><code>meshServiceName</code></td>
<td><code>string</code></td>
<td>
<p>Local service name on the mesh, which matches destination.service attribute.</p>
</td>
</tr>
<tr id="GcpServiceSetting-google_service_name">
<td><code>googleServiceName</code></td>
<td><code>string</code></td>
<td>
<p>Fully qualified GCP service name.</p>
</td>
</tr>
<tr id="GcpServiceSetting-quotas">
<td><code>quotas</code></td>
<td><code><a href="#Quota">Quota[]</a></code></td>
<td>
<p>Quota configs</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="Params">Params</h2>
<section>
<p>Configuration format for the <code>servicecontrol</code> adapter.</p>
<p>Sample adapter config:</p>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: servicecontrol
metadata:
name: testhandler
namespace: istio-system
spec:
runtime_config:
check_cache_size: 200
check_result_expiration: 60s
credential_path: &quot;/path/to/token.json&quot;
service_configs:
- mesh_service_name: &quot;echo.local.svc&quot;
google_service_name: &quot;echo.endpoints.cloud.goog&quot;
quotas:
- name: ratelimit.quota.istio-system
google_quota_metric_name: read-requests
expiration: 1m
</code></pre>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="Params-runtime_config">
<td><code>runtimeConfig</code></td>
<td><code><a href="#RuntimeConfig">RuntimeConfig</a></code></td>
<td>
</td>
</tr>
<tr id="Params-credential_path">
<td><code>credentialPath</code></td>
<td><code>string</code></td>
<td>
<p>A path to JSON token file, usually mounted as Kubernetes secret on pod.</p>
</td>
</tr>
<tr id="Params-service_configs">
<td><code>serviceConfigs</code></td>
<td><code><a href="#GcpServiceSetting">GcpServiceSetting[]</a></code></td>
<td>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="Quota">Quota</h2>
<section>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="Quota-name">
<td><code>name</code></td>
<td><code>string</code></td>
<td>
<p>Istio quota name.</p>
</td>
</tr>
<tr id="Quota-google_quota_metric_name">
<td><code>googleQuotaMetricName</code></td>
<td><code>string</code></td>
<td>
<p>The corresponding Google quota metric name.</p>
</td>
</tr>
<tr id="Quota-expiration">
<td><code>expiration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td>
<p>Quota token expiration time period.</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="RuntimeConfig">RuntimeConfig</h2>
<section>
<p>Adapter runtime config parameters.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="RuntimeConfig-check_cache_size">
<td><code>checkCacheSize</code></td>
<td><code>int32</code></td>
<td>
</td>
</tr>
<tr id="RuntimeConfig-check_result_expiration">
<td><code>checkResultExpiration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td>
</td>
</tr>
</tbody>
</table>
</section>

357
content/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html
View File

@ -4,7 +4,7 @@ description: Describes the rules used to configure Mixer's policy and telemetry
location: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html
layout: protoc-gen-docs
generator: protoc-gen-docs
number_of_entries: 23
number_of_entries: 25
---
<p>Describes the rules used to configure Mixer&rsquo;s policy and telemetry features.</p>
@ -288,6 +288,47 @@ type DNSName</p>
<td>
<p>DNSName encoded as string.</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="DirectHttpResponse">DirectHttpResponse</h2>
<section>
<p>Direct HTTP response for a client-facing error message which can be attached
to an RPC error.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="DirectHttpResponse-code">
<td><code>code</code></td>
<td><code><a href="#HttpStatusCode">HttpStatusCode</a></code></td>
<td>
<p>Optional HTTP status code. If not set, RPC error code is used.</p>
</td>
</tr>
<tr id="DirectHttpResponse-body">
<td><code>body</code></td>
<td><code>string</code></td>
<td>
<p>HTTP response body.</p>
</td>
</tr>
<tr id="DirectHttpResponse-headers">
<td><code>headers</code></td>
<td><code>map&lt;string,&nbsp;string&gt;</code></td>
<td>
<p>Optional HTTP response headers.</p>
</td>
</tr>
</tbody>
@ -493,6 +534,310 @@ proto defined by the adapter implementation; this varies depending on the value
<p>Optional. Information on how to connect to the out-of-process adapter.
This is used if the adapter is not compiled into Mixer binary and is running as a separate process.</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="HttpStatusCode">HttpStatusCode</h2>
<section>
<p>HTTP response codes.
For more details: http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml</p>
<table class="enum-values">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="HttpStatusCode-Empty">
<td><code>Empty</code></td>
<td>
<p>Empty - This code not part of the HTTP status code specification, but it is needed for proto
<code>enum</code> type.</p>
</td>
</tr>
<tr id="HttpStatusCode-Continue">
<td><code>Continue</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-OK">
<td><code>OK</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Created">
<td><code>Created</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Accepted">
<td><code>Accepted</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NonAuthoritativeInformation">
<td><code>NonAuthoritativeInformation</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NoContent">
<td><code>NoContent</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-ResetContent">
<td><code>ResetContent</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-PartialContent">
<td><code>PartialContent</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-MultiStatus">
<td><code>MultiStatus</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-AlreadyReported">
<td><code>AlreadyReported</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-IMUsed">
<td><code>IMUsed</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-MultipleChoices">
<td><code>MultipleChoices</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-MovedPermanently">
<td><code>MovedPermanently</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Found">
<td><code>Found</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-SeeOther">
<td><code>SeeOther</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NotModified">
<td><code>NotModified</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-UseProxy">
<td><code>UseProxy</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-TemporaryRedirect">
<td><code>TemporaryRedirect</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-PermanentRedirect">
<td><code>PermanentRedirect</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-BadRequest">
<td><code>BadRequest</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Unauthorized">
<td><code>Unauthorized</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-PaymentRequired">
<td><code>PaymentRequired</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Forbidden">
<td><code>Forbidden</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NotFound">
<td><code>NotFound</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-MethodNotAllowed">
<td><code>MethodNotAllowed</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NotAcceptable">
<td><code>NotAcceptable</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-ProxyAuthenticationRequired">
<td><code>ProxyAuthenticationRequired</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-RequestTimeout">
<td><code>RequestTimeout</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Conflict">
<td><code>Conflict</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Gone">
<td><code>Gone</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-LengthRequired">
<td><code>LengthRequired</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-PreconditionFailed">
<td><code>PreconditionFailed</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-PayloadTooLarge">
<td><code>PayloadTooLarge</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-URITooLong">
<td><code>URITooLong</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-UnsupportedMediaType">
<td><code>UnsupportedMediaType</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-RangeNotSatisfiable">
<td><code>RangeNotSatisfiable</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-ExpectationFailed">
<td><code>ExpectationFailed</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-MisdirectedRequest">
<td><code>MisdirectedRequest</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-UnprocessableEntity">
<td><code>UnprocessableEntity</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-Locked">
<td><code>Locked</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-FailedDependency">
<td><code>FailedDependency</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-UpgradeRequired">
<td><code>UpgradeRequired</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-PreconditionRequired">
<td><code>PreconditionRequired</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-TooManyRequests">
<td><code>TooManyRequests</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-RequestHeaderFieldsTooLarge">
<td><code>RequestHeaderFieldsTooLarge</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-InternalServerError">
<td><code>InternalServerError</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NotImplemented">
<td><code>NotImplemented</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-BadGateway">
<td><code>BadGateway</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-ServiceUnavailable">
<td><code>ServiceUnavailable</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-GatewayTimeout">
<td><code>GatewayTimeout</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-HTTPVersionNotSupported">
<td><code>HTTPVersionNotSupported</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-VariantAlsoNegotiates">
<td><code>VariantAlsoNegotiates</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-InsufficientStorage">
<td><code>InsufficientStorage</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-LoopDetected">
<td><code>LoopDetected</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NotExtended">
<td><code>NotExtended</code></td>
<td>
</td>
</tr>
<tr id="HttpStatusCode-NetworkAuthenticationRequired">
<td><code>NetworkAuthenticationRequired</code></td>
<td>
</td>
</tr>
</tbody>
@ -544,7 +889,7 @@ Instances produced with this instance can be referenced by <a href="#Action">Act
params:
value: 1
dimensions:
source: source.service
source: source.name
destination_ip: destination.ip
</code></pre>
@ -731,7 +1076,7 @@ selector is <code>true</code></p>
<p>The following example instructs Mixer to invoke &lsquo;prometheus-handler&rsquo; handler for all services and pass it the
instance constructed using the &lsquo;RequestCountByService&rsquo; instance.</p>
<pre><code class="language-yaml">- match: destination.service == &quot;*&quot;
<pre><code class="language-yaml">- match: match(destination.service.host, &quot;*&quot;)
actions:
- handler: prometheus-handler
instances:
@ -760,7 +1105,7 @@ if the match evaluates to true.</p>
<ul>
<li>an empty match evaluates to <code>true</code></li>
<li><code>true</code>, a boolean literal; a rule with this match will always be executed</li>
<li><code>destination.service == ratings*</code> selects any request targeting a service whose
<li><code>match(destination.service.host, &quot;ratings.*)</code> selects any request targeting a service whose
name starts with &ldquo;ratings&rdquo;</li>
<li><code>attr1 == &quot;20&quot; &amp;&amp; attr2 == &quot;30&quot;</code> logical AND, OR, and NOT are also available</li>
</ul>
@ -780,7 +1125,7 @@ name starts with &ldquo;ratings&rdquo;</li>
<td><code><a href="#Rule-HeaderOperationTemplate">Rule.HeaderOperationTemplate[]</a></code></td>
<td>
<p>Optional. Templatized operations on the request headers using values produced by the
rule actions.</p>
rule actions. Require the check action result to be OK.</p>
</td>
</tr>
@ -789,7 +1134,7 @@ rule actions.</p>
<td><code><a href="#Rule-HeaderOperationTemplate">Rule.HeaderOperationTemplate[]</a></code></td>
<td>
<p>Optional. Templatized operations on the response headers using values produced by the
rule actions.</p>
rule actions. Require the check action result to be OK.</p>
</td>
</tr>

132
content/docs/reference/config/policy-and-telemetry/templates/servicecontrolreport/index.html
View File

@ -1,132 +0,0 @@
---
title: Service Control Report
description: A template used by the Google Service Control adapter.
location: https://istio.io/docs/reference/config/policy-and-telemetry/templates/servicecontrolreport.html
layout: protoc-gen-docs
generator: protoc-gen-docs
aliases:
- /docs/reference/config/adapters/servicecontrolreport.html
number_of_entries: 1
---
<p>The <code>servicecontrolreport</code> template is used by the <a href="/docs/reference/config/policy-and-telemetry/adapters/servicecontrol/">Google Service Control</a>
adapter.</p>
<p>Example config:</p>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: servicecontrolreport
metadata:
name: report
namespace: istio-system
spec:
api_version : api.version | &quot;&quot;
api_operation : api.operation | &quot;&quot;
api_protocol : api.protocol | &quot;&quot;
api_service : api.service | &quot;&quot;
api_key : api.key | &quot;&quot;
request_time : request.time
request_method : request.method
request_path : request.path
request_bytes: request.size
response_time : response.time
response_code : response.code | 520
response_bytes : response.size | 0
response_latency : response.duration | &quot;0ms&quot;
</code></pre>
<h2 id="Template">Template</h2>
<section>
<p>A template used by Google Service Control (servicecontrol) adapter. The adapter
generates metrics and logentry for each request based on the data point
defined by this template.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="Template-api_version">
<td><code>apiVersion</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-api_operation">
<td><code>apiOperation</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-api_protocol">
<td><code>apiProtocol</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-api_service">
<td><code>apiService</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-api_key">
<td><code>apiKey</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-request_time">
<td><code>requestTime</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td>
</td>
</tr>
<tr id="Template-request_method">
<td><code>requestMethod</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-request_path">
<td><code>requestPath</code></td>
<td><code>string</code></td>
<td>
</td>
</tr>
<tr id="Template-request_bytes">
<td><code>requestBytes</code></td>
<td><code>int64</code></td>
<td>
</td>
</tr>
<tr id="Template-response_time">
<td><code>responseTime</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td>
</td>
</tr>
<tr id="Template-response_code">
<td><code>responseCode</code></td>
<td><code>int64</code></td>
<td>
</td>
</tr>
<tr id="Template-response_bytes">
<td><code>responseBytes</code></td>
<td><code>int64</code></td>
<td>
</td>
</tr>
<tr id="Template-response_latency">
<td><code>responseLatency</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Duration">istio.policy.v1beta1.Duration</a></code></td>
<td>
</td>
</tr>
</tbody>
</table>
</section>