mirror of https://github.com/istio/istio.io.git
Update reference docs. (#4236)
This commit is contained in:
Martin Taillefer
GitHub
parent
6c9c952d1c
commit
1efa84d298
|
|
@ -1,7 +1,7 @@
|
|||
## Bug fixes and minor enhancements
|
||||
|
||||
- Configure Prometheus to monitor Citadel ([Issue 12175](https://github.com/istio/istio/pull/12175))
|
||||
- Improve output of [`istioctl experimental verify-install`](/docs/reference/commands/istioctl/#istioctl-experimental-verify-install) command ([Issue 12174](https://github.com/istio/istio/pull/12174))
|
||||
- Improve output of [`istioctl verify-install`](/docs/reference/commands/istioctl/#istioctl-verify-install) command ([Issue 12174](https://github.com/istio/istio/pull/12174))
|
||||
- Reduce log level for missing service account messages for a SPIFFE URI ([Issue 12108](https://github.com/istio/istio/issues/12108))
|
||||
- Fix broken path on the opt-in SDS feature's Unix domain socket ([Issue 12688](https://github.com/istio/istio/pull/12688))
|
||||
- Fix Envoy tracing that was preventing a child span from being created if the parent span was propagated with an empty string ([Envoy Issue 6263](https://github.com/envoyproxy/envoy/pull/6263))
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ concise list of things you should know before upgrading your deployment to Istio
|
|||
- **Validate Command**. Added the [`istioctl validate`](/docs/reference/commands/istioctl/#istioctl-validate)
|
||||
command for offline validation of Istio Kubernetes resources.
|
||||
|
||||
- **Verify-Install Command**. Added the [`istioctl experimental verify-install`](/docs/reference/commands/istioctl/#istioctl-experimental-verify-install)
|
||||
- **Verify-Install Command**. Added the [`istioctl verify-install`](/docs/reference/commands/istioctl/#istioctl-verify-install)
|
||||
command to verify the status of an Istio installation given a specified
|
||||
installation YAML file.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,44 +11,59 @@ number_of_entries: 5
|
|||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--config <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Config file containing args (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_as_json</code></td>
|
||||
<td></td>
|
||||
<td>Whether to format output as JSON or in plain console-friendly format </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
<td></td>
|
||||
<td>The path for the optional rotating log file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_age <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_backups <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_size <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
<td></td>
|
||||
<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
@ -61,52 +76,69 @@ number_of_entries: 5
|
|||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--config <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Config file containing args (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--interval <duration></code></td>
|
||||
<td></td>
|
||||
<td>Duration used for checking the target file's last modified time. (default `0s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_as_json</code></td>
|
||||
<td></td>
|
||||
<td>Whether to format output as JSON or in plain console-friendly format </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
<td></td>
|
||||
<td>The path for the optional rotating log file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_age <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_backups <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_size <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
<td></td>
|
||||
<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--probe-path <string></code></td>
|
||||
<td></td>
|
||||
<td>Path of the file for checking the availability. (default ``)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
@ -119,188 +151,270 @@ number_of_entries: 5
|
|||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--accessListFile <string></code></td>
|
||||
<td></td>
|
||||
<td>The access list yaml file that contains the allowd mTLS peer ids. (default `/etc/config/accesslist.yaml`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--caCertFile <string></code></td>
|
||||
<td></td>
|
||||
<td>File containing the caBundle that signed the cert/key specified by --tlsCertFile and --tlsKeyFile. (default `/etc/certs/root-cert.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--config <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Config file containing args (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--configPath <string></code></td>
|
||||
<td></td>
|
||||
<td>Istio config file path (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
<td></td>
|
||||
<td>The IP port to use for the ControlZ introspection facility (default `9876`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--deployment-name <string></code></td>
|
||||
<td></td>
|
||||
<td>Name of the deployment for the validation pod (default `istio-galley`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--deployment-namespace <string></code></td>
|
||||
<td></td>
|
||||
<td>Namespace of the deployment for the validation pod (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--disableResourceReadyCheck</code></td>
|
||||
<td></td>
|
||||
<td>Disable resource readiness checks. This allows Galley to start if not all resource types are supported </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--domain <string></code></td>
|
||||
<td></td>
|
||||
<td>DNS domain suffix (default `cluster.local`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enable-server</code></td>
|
||||
<td></td>
|
||||
<td>Run galley server mode </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enable-validation</code></td>
|
||||
<td></td>
|
||||
<td>Run galley validation mode </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enableProfiling</code></td>
|
||||
<td></td>
|
||||
<td>Enable profiling for Galley </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enableServiceDiscovery</code></td>
|
||||
<td></td>
|
||||
<td>Enable service discovery processing in Galley </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--excludedResourceKinds <stringSlice></code></td>
|
||||
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Node,Pod,Service]`)</td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Namespace,Node,Pod,Service]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--insecure</code></td>
|
||||
<td></td>
|
||||
<td>Use insecure gRPC communication </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td></td>
|
||||
<td>Use a Kubernetes configuration file instead of in-cluster configuration (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--livenessProbeInterval <duration></code></td>
|
||||
<td></td>
|
||||
<td>Interval of updating file for the Galley liveness probe. (default `2s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--livenessProbePath <string></code></td>
|
||||
<td></td>
|
||||
<td>Path to the file for the Galley liveness probe. (default `/healthLiveness`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_as_json</code></td>
|
||||
<td></td>
|
||||
<td>Whether to format output as JSON or in plain console-friendly format </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
<td></td>
|
||||
<td>The path for the optional rotating log file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_age <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_backups <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate_max_size <int></code></td>
|
||||
<td></td>
|
||||
<td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, runtime, server, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
<td></td>
|
||||
<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--meshConfigFile <string></code></td>
|
||||
<td></td>
|
||||
<td>Path to the mesh config file (default `/etc/mesh-config/mesh`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--monitoringPort <uint></code></td>
|
||||
<td></td>
|
||||
<td>Port to use for exposing self-monitoring information (default `15014`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--pprofPort <uint></code></td>
|
||||
<td></td>
|
||||
<td>Port to use for exposing profiling (default `9094`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--readinessProbeInterval <duration></code></td>
|
||||
<td></td>
|
||||
<td>Interval of updating file for the Galley readiness probe. (default `2s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--readinessProbePath <string></code></td>
|
||||
<td></td>
|
||||
<td>Path to the file for the Galley readiness probe. (default `/healthReadiness`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--resyncPeriod <duration></code></td>
|
||||
<td></td>
|
||||
<td>Resync period for rescanning Kubernetes resources (default `0s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--server-address <string></code></td>
|
||||
<td>Address to use for Galley's gRPC API, e.g. tcp://127.0.0.1:9092 or unix:///path/to/file (default `tcp://0.0.0.0:9901`)</td>
|
||||
<td></td>
|
||||
<td>Address to use for Galley's gRPC API, e.g. tcp://localhost:9092 or unix:///path/to/file (default `tcp://0.0.0.0:9901`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--server-maxConcurrentStreams <uint></code></td>
|
||||
<td></td>
|
||||
<td>Maximum number of outstanding RPCs per connection (default `1024`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--server-maxReceivedMessageSize <uint></code></td>
|
||||
<td></td>
|
||||
<td>Maximum size of individual gRPC messages (default `1048576`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--service-name <string></code></td>
|
||||
<td></td>
|
||||
<td>Name of the validation service running in the same namespace as the deployment (default `istio-galley`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--sinkAddress <string></code></td>
|
||||
<td></td>
|
||||
<td>Address of MCP Resource Sink server for Galley to connect to. Ex: 'foo.com:1234' (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--sinkAuthMode <string></code></td>
|
||||
<td></td>
|
||||
<td>Name of authentication plugin to use for connection to sink server. (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--sinkMeta <stringSlice></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of key=values to attach as metadata to outgoing sink connections. Ex: 'key=value,key2=value2' (default `[]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsCertFile <string></code></td>
|
||||
<td></td>
|
||||
<td>File containing the x509 Certificate for HTTPS. (default `/etc/certs/cert-chain.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsKeyFile <string></code></td>
|
||||
<td></td>
|
||||
<td>File containing the x509 private key matching --tlsCertFile. (default `/etc/certs/key.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--validation-port <uint></code></td>
|
||||
<td></td>
|
||||
<td>HTTPS port of the validation service. Must be 443 if service has more than one port (default `443`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--validation-webhook-config-file <string></code></td>
|
||||
<td></td>
|
||||
<td>File that contains k8s validatingwebhookconfiguration yaml. Validation is disabled if file is not specified (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--webhook-name <string></code></td>
|
||||
<td></td>
|
||||
<td>Name of the k8s validatingwebhookconfiguration (default `istio-galley`)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<p/>Accepts deep config files, like:
|
||||
<pre class="language-yaml"><code>general:
|
||||
introspection:
|
||||
address: --ctrlz_address
|
||||
port: --ctrlz_port
|
||||
kubeconfig: --kubeconfig
|
||||
processing:
|
||||
domainsuffix: --domain
|
||||
server:
|
||||
address: --server-address
|
||||
auth:
|
||||
insecure: --insecure
|
||||
enable: --enable-server
|
||||
validation:
|
||||
deploymentname: --deployment-name
|
||||
deploymentnamespace: --deployment-namespace
|
||||
enable: --enable-validation
|
||||
servicename: --service-name
|
||||
tls:
|
||||
caCertificates: --validation.tls.caCertificates
|
||||
clientCertificate: --validation.tls.clientCertificate
|
||||
privateKey: --validation.tls.privateKey
|
||||
webhookconfigfile: --validation-webhook-config-file
|
||||
webhookname: --webhook-name
|
||||
webhookport: --validation-port
|
||||
|
||||
</code></pre>
|
||||
<h2 id="galley-version">galley version</h2>
|
||||
<p>Prints out build version information</p>
|
||||
<pre class="language-bash"><code>galley version [flags]
|
||||
|
|
@ -315,6 +429,11 @@ number_of_entries: 5
|
|||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--config <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Config file containing args (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_as_json</code></td>
|
||||
<td></td>
|
||||
<td>Whether to format output as JSON or in plain console-friendly format </td>
|
||||
|
|
@ -414,12 +533,6 @@ These environment variables affect the behavior of the <code>galley</code> comma
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>KUBECONFIG</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_CERT_DIR</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -456,15 +569,9 @@ These environment variables affect the behavior of the <code>galley</code> comma
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -474,6 +581,12 @@ These environment variables affect the behavior of the <code>galley</code> comma
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -504,12 +617,6 @@ These environment variables affect the behavior of the <code>galley</code> comma
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>POD_NAMESPACE</code></td>
|
||||
<td>String</td>
|
||||
<td><code>istio-system</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>TERMINATION_DRAIN_DURATION_SECONDS</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -209,7 +209,7 @@ number_of_entries: 4
|
|||
<tbody>
|
||||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -277,7 +277,7 @@ number_of_entries: 4
|
|||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -402,15 +402,9 @@ These environment variables affect the behavior of the <code>istio_ca</code> com
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -420,6 +414,12 @@ These environment variables affect the behavior of the <code>istio_ca</code> com
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ source_repo: https://github.com/istio/istio
|
|||
title: istioctl
|
||||
description: Istio control interface.
|
||||
generator: pkg-collateral-docs
|
||||
number_of_entries: 36
|
||||
number_of_entries: 37
|
||||
---
|
||||
<p>Istio configuration command line utility for service operators to
|
||||
debug and diagnose their Istio mesh.
|
||||
|
|
@ -36,7 +36,7 @@ debug and diagnose their Istio mesh.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -77,7 +77,7 @@ A group of commands used to interact with Istio authentication policies.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -124,7 +124,7 @@ and check if TLS settings are compatible between them.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -136,11 +136,11 @@ and check if TLS settings are compatible between them.
|
|||
<h3 id="istioctl-authn-tls-check Examples">Examples</h3>
|
||||
<pre class="language-bash"><code>
|
||||
# Check settings for pod "foo-656bd7df7c-5zp4s" in namespace default:
|
||||
istioctl authn tls-check 656bd7df7c-5zp4s.default
|
||||
istioctl authn tls-check foo-656bd7df7c-5zp4s.default
|
||||
|
||||
# Check settings for pod "foo-656bd7df7c-5zp4s" in namespace default, filtered on destintation
|
||||
service "bar" :
|
||||
istioctl authn tls-check 656bd7df7c-5zp4s.default bar
|
||||
istioctl authn tls-check foo-656bd7df7c-5zp4s.default bar
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-deregister">istioctl deregister</h2>
|
||||
|
|
@ -174,7 +174,7 @@ istioctl authn tls-check 656bd7df7c-5zp4s.default bar
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -216,7 +216,7 @@ istioctl deregister my-svc 172.17.0.2
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -225,6 +225,182 @@ istioctl deregister my-svc 172.17.0.2
|
|||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h2 id="istioctl-experimental-auth">istioctl experimental auth</h2>
|
||||
<p>Commands to inspect and interact with the authentication (TLS, JWT) and authorization (RBAC) policies in the mesh
|
||||
check - check the TLS/JWT/RBAC settings based on the Envoy config
|
||||
upgrade - upgrade the authorization policy from version v1 to v2
|
||||
</p>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-auth Examples">Examples</h3>
|
||||
<pre class="language-bash"><code> # Check the TLS/JWT/RBAC settings for pod httpbin-88ddbcfdd-nt5jb:
|
||||
istioctl experimental auth check httpbin-88ddbcfdd-nt5jb
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-auth-check">istioctl experimental auth check</h2>
|
||||
<p>Check analyzes the TLS/JWT/RBAC settings directly based on the Envoy config. The Envoy config could
|
||||
be provided either by pod name or from a config dump file (the whole output of http://localhost:15000/config_dump
|
||||
of an Envoy instance).</p>
|
||||
<p>Currently only the listeners with node IP and clusters on outbound direction are analyzed:
|
||||
- listeners with node IP generally tell how should other pods talk to the Envoy instance which include
|
||||
the server side TLS/JWT/RBAC settings.</p>
|
||||
<p>- clusters on outbound direction generally tell how should the Envoy instance talk to other pods which
|
||||
include the client side TLS settings.</p>
|
||||
<p>To check the TLS setting, you could run 'check' on both of the client and server pods and compare
|
||||
the cluster results of the client pod and the listener results of the server pod.</p>
|
||||
<p>To check the JWT/RBAC setting, you could run 'check' only on your server pods and check the listener results.</p>
|
||||
<p>THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
||||
</p>
|
||||
<pre class="language-bash"><code>istioctl experimental auth check <pod-name>[.<pod-namespace>] [flags]
|
||||
</code></pre>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--all</code></td>
|
||||
<td><code>-a</code></td>
|
||||
<td>Show additional information (e.g. SNI and ALPN) </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--file <string></code></td>
|
||||
<td><code>-f</code></td>
|
||||
<td>Check the TLS/JWT/RBAC setting from the config dump file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-auth-check Examples">Examples</h3>
|
||||
<pre class="language-bash"><code> # Check the TLS/JWT/RBAC policy status for pod httpbin-88ddbcfdd-nt5jb in namespace foo:
|
||||
istioctl experimental auth check httpbin-88ddbcfdd-nt5jb.foo
|
||||
|
||||
# Check the TLS/JWT/RBAC policy status from a config dump file:
|
||||
istioctl experimental auth check -f httpbin_config_dump.txt
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-auth-upgrade">istioctl experimental auth upgrade</h2>
|
||||
<p>Upgrade converts Istio authorization policy from version v1 to v2. It requires access to Kubernetes
|
||||
service definition in order to translate the service name specified in the ServiceRole to the corresponding
|
||||
workload labels in the AuthorizationPolicy. The service definition could be provided either from the current
|
||||
Kubernetes cluster or from a yaml file specified from command line.</p>
|
||||
<p>THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
||||
</p>
|
||||
<pre class="language-bash"><code>istioctl experimental auth upgrade -f <yaml-file> [flags]
|
||||
</code></pre>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--file <string></code></td>
|
||||
<td><code>-f</code></td>
|
||||
<td>Authorization policy file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--service <stringSlice></code></td>
|
||||
<td><code>-s</code></td>
|
||||
<td>Kubernetes Service resource that provides the mapping relationship between service name and pod labels (default `[]`)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-auth-upgrade Examples">Examples</h3>
|
||||
<pre class="language-bash"><code> # Upgrade the Istio authorization policy with service definition from the current k8s cluster:
|
||||
istioctl experimental auth upgrade -f istio-authz-v1-policy.yaml
|
||||
|
||||
# Upgrade the Istio authorization policy with service definition from 2 yaml files specified in the command line:
|
||||
istioctl experimental auth upgrade -f istio-authz-v1-policy.yaml --service svc-a.yaml,svc-b.yaml
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-convert-ingress">istioctl experimental convert-ingress</h2>
|
||||
<p>Converts Ingresses into VirtualService configuration on a best effort basis. The output should be considered a starting point for your Istio configuration and probably require some minor modification. Warnings will be generated where configs cannot be converted perfectly. The input must be a Kubernetes Ingress. The conversion of v1alpha1 Istio rules has been removed from istioctl.</p>
|
||||
<pre class="language-bash"><code>istioctl experimental convert-ingress [flags]
|
||||
|
|
@ -261,7 +437,7 @@ istioctl deregister my-svc 172.17.0.2
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -313,7 +489,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -358,7 +534,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -401,7 +577,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -444,7 +620,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -487,7 +663,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -530,7 +706,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -573,7 +749,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -616,7 +792,7 @@ istioctl experimental d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -673,7 +849,7 @@ calculated over a time interval of 1 minute.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -690,192 +866,6 @@ istioctl experimental metrics productpage-v1
|
|||
# Retrieve workload metrics for various services in the different namespaces
|
||||
istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-rbac">istioctl experimental rbac</h2>
|
||||
<p>
|
||||
A group of commands used to interact with Istio RBAC policies. For example, Query whether a specific
|
||||
request is allowed or denied under the current Istio RBAC policies.</p>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-rbac Examples">Examples</h3>
|
||||
<pre class="language-bash"><code># Query if user test is allowed to GET /v1/health of service rating.
|
||||
istioctl experimental rbac can -u test GET rating /v1/health
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-rbac-can">istioctl experimental rbac can</h2>
|
||||
<p>
|
||||
This command lets you query whether a specific request will be allowed or denied under current Istio
|
||||
RBAC policies. It constructs a fake request with the custom subject and action specified in the command
|
||||
line to check if your Istio RBAC policies are working as expected. Note the fake request is only used
|
||||
locally to evaluate the effect of the Istio RBAC policies, no actual request will be issued.</p>
|
||||
<p>METHOD is the HTTP method being taken, like GET, POST, etc. SERVICE is the short service name the action
|
||||
is being taken on. PATH is the HTTP path within the service.</p>
|
||||
<pre class="language-bash"><code>istioctl experimental rbac can METHOD SERVICE PATH [flags]
|
||||
</code></pre>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--action-properties <stringArray></code></td>
|
||||
<td><code>-a</code></td>
|
||||
<td>[Action] Additional data about the action. Specified as name1=value1,name2=value2,... (default `[]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--subject-properties <stringArray></code></td>
|
||||
<td><code>-s</code></td>
|
||||
<td>[Subject] Additional data about the subject. Specified as name1=value1,name2=value2,... (default `[]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--user <string></code></td>
|
||||
<td><code>-u</code></td>
|
||||
<td>[Subject] User name/ID that the subject represents. (default ``)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-rbac-can Examples">Examples</h3>
|
||||
<pre class="language-bash"><code># Query if user "cluster.local/ns/default/sa/productpage" is allowed to GET /v1/health of service rating.
|
||||
istioctl experimental rbac can -u cluster.local/ns/default/sa/productpage GET rating /v1/health
|
||||
|
||||
# Query if namespace foo is allowed to POST to /data of service rating with label version=dev.
|
||||
istioctl experimental rbac can -s source.namespace=foo POST rating /data -a destination.labels[version]=dev
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-verify-install">istioctl experimental verify-install</h2>
|
||||
<p>
|
||||
verify-install verifies Istio installation status against the installation file
|
||||
you specified when you installed Istio. It loops through all the installation
|
||||
resources defined in your installation file and reports whether all of them are
|
||||
in ready status. It will report failure when any of them are not ready.</p>
|
||||
<p> If you do not specify installation file it will perform pre-check for your cluster
|
||||
and report whether the cluster is ready for Istio installation.
|
||||
</p>
|
||||
<pre class="language-bash"><code>istioctl experimental verify-install [flags]
|
||||
</code></pre>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enableVerbose</code></td>
|
||||
<td></td>
|
||||
<td>Enable verbose output </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--filename <stringSlice></code></td>
|
||||
<td><code>-f</code></td>
|
||||
<td>Istio YAML installation file. (default `[]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--recursive</code></td>
|
||||
<td><code>-R</code></td>
|
||||
<td>Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. </td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-verify-install Examples">Examples</h3>
|
||||
<pre class="language-bash"><code>
|
||||
# Verify that Istio can be freshly installed
|
||||
istioctl experimental verify-install
|
||||
|
||||
# Verify that the deployment matches the istio-demo profile
|
||||
istioctl experimental verify-install -f istio-demo.yaml
|
||||
|
||||
# Verify the deployment matches a custom Istio deployment configuration
|
||||
istioctl experimental verify-install -f $HOME/istio.yaml
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-kube-inject">istioctl kube-inject</h2>
|
||||
<p></p>
|
||||
|
|
@ -940,7 +930,7 @@ file/configmap created with a new Istio release.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--meshConfigFile <string></code></td>
|
||||
|
|
@ -1015,7 +1005,7 @@ istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConf
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1067,7 +1057,7 @@ istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConf
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1131,7 +1121,7 @@ istioctl proxy-config c <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1211,7 +1201,7 @@ istioctl proxy-config ep <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1291,7 +1281,7 @@ istioctl proxy-config l <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1361,7 +1351,7 @@ istioctl proxy-config r <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--name <string></code></td>
|
||||
|
|
@ -1427,7 +1417,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1485,7 +1475,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1520,7 +1510,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--filename <stringSlice></code></td>
|
||||
<td><code>-f</code></td>
|
||||
<td> (default `[]`)</td>
|
||||
<td>Names of files to validate (default `[]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
|
|
@ -1535,7 +1525,72 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--referential</code></td>
|
||||
<td><code>-x</code></td>
|
||||
<td>Enable structural validation for policy and telemetry </td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-validate Examples">Examples</h3>
|
||||
<pre class="language-bash"><code>istioctl validate -f bookinfo-gateway.yaml
|
||||
</code></pre>
|
||||
<h2 id="istioctl-verify-install">istioctl verify-install</h2>
|
||||
<p>
|
||||
verify-install verifies Istio installation status against the installation file
|
||||
you specified when you installed Istio. It loops through all the installation
|
||||
resources defined in your installation file and reports whether all of them are
|
||||
in ready status. It will report failure when any of them are not ready.</p>
|
||||
<p> If you do not specify installation file it will perform pre-check for your cluster
|
||||
and report whether the cluster is ready for Istio installation.
|
||||
</p>
|
||||
<pre class="language-bash"><code>istioctl verify-install [flags]
|
||||
</code></pre>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enableVerbose</code></td>
|
||||
<td></td>
|
||||
<td>Enable verbose output </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--filename <stringSlice></code></td>
|
||||
<td><code>-f</code></td>
|
||||
<td>Istio YAML installation file. (default `[]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1549,8 +1604,17 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-validate Examples">Examples</h3>
|
||||
<pre class="language-bash"><code>istioctl validate -f bookinfo-gateway.yaml
|
||||
<h3 id="istioctl-verify-install Examples">Examples</h3>
|
||||
<pre class="language-bash"><code>
|
||||
# Verify that Istio can be freshly installed
|
||||
istioctl experimental verify-install
|
||||
|
||||
# Verify that the deployment matches the istio-demo profile
|
||||
istioctl experimental verify-install -f istio-demo.yaml
|
||||
|
||||
# Verify the deployment matches a custom Istio deployment configuration
|
||||
istioctl experimental verify-install -f $HOME/istio.yaml
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-version">istioctl version</h2>
|
||||
<p>Prints out build version information</p>
|
||||
|
|
@ -1583,7 +1647,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1620,12 +1684,24 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>BYPASS_OOP_MTLS_SAN_VERIFICATION</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_GPRC_MAXSTREAMS</code></td>
|
||||
<td>Integer</td>
|
||||
<td><code>100000</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_LANG</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>K8S_INGRESS_NS</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -1668,15 +1744,9 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -1686,6 +1756,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -1722,6 +1798,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ProxyInboundListenPort</code></td>
|
||||
<td>Integer</td>
|
||||
<td><code>15006</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>TERMINATION_DRAIN_DURATION_SECONDS</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -1762,6 +1844,10 @@ These resource annotations are used by the <code>istioctl</code> command.
|
|||
<td>The maximum number of retries on transport errors to Mixer. If not set, this will be 0, indicating no retries.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>policy.istio.io/lang</code></td>
|
||||
<td>Select a language runtime</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>readiness.status.sidecar.istio.io/applicationPorts</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
|
|
@ -1810,6 +1896,10 @@ These resource annotations are used by the <code>istioctl</code> command.
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>traffic.sidecar.istio.io/excludeOutboundPorts</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>traffic.sidecar.istio.io/includeInboundPorts</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ nexus for policy evaluation and telemetry reporting.</p>
|
|||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -394,15 +394,9 @@ These environment variables affect the behavior of the <code>mixs</code> command
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -412,6 +406,12 @@ These environment variables affect the behavior of the <code>mixs</code> command
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
|
|||
|
|
@ -110,6 +110,10 @@ number_of_entries: 5
|
|||
<td>Address of the discovery service exposing xDS (e.g. istio-pilot:8080) (default `istio-pilot:15010`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--dnsRefreshRate <string></code></td>
|
||||
<td>The dns_refresh_rate for bootstrap STRICT_DNS clusters (default `300s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--domain <string></code></td>
|
||||
<td>DNS domain suffix. If not provided uses ${POD_NAMESPACE}.svc.cluster.local (default ``)</td>
|
||||
</tr>
|
||||
|
|
@ -198,6 +202,10 @@ number_of_entries: 5
|
|||
<td>Port on which Envoy should listen for administrative commands (default `15000`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--proxyComponentLogLevel <string></code></td>
|
||||
<td>The component log level used to start the Envoy proxy (default `misc:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--proxyLogLevel <string></code></td>
|
||||
<td>The log level used to start the Envoy proxy (choose from {trace, debug, info, warning, error, critical, off}) (default `warning`)</td>
|
||||
</tr>
|
||||
|
|
@ -222,30 +230,6 @@ number_of_entries: 5
|
|||
<td>Go template bootstrap config (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsClientCertChain <string></code></td>
|
||||
<td>Absolute path to client cert-chain file used for istio mTLS (default `/etc/certs/cert-chain.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsClientRootCert <string></code></td>
|
||||
<td>Absolute path to client root cert file used for istio mTLS (default `/etc/certs/root-cert.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsSClientKey <string></code></td>
|
||||
<td>Absolute path to client key file used for istio mTLS (default `/etc/certs/key.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsServerCertChain <string></code></td>
|
||||
<td>Absolute path to server cert-chain file used for istio mTLS (default `/etc/certs/cert-chain.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsServerKey <string></code></td>
|
||||
<td>Absolute path to server private key file used for istio mTLS (default `/etc/certs/key.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsServerRootCert <string></code></td>
|
||||
<td>Absolute path to server root cert file used for istio mTLS (default `/etc/certs/root-cert.pem`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--trust-domain <string></code></td>
|
||||
<td>The domain to use for identities (default ``)</td>
|
||||
</tr>
|
||||
|
|
@ -418,6 +402,42 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_META_TLS_CLIENT_CERT_CHAIN</code></td>
|
||||
<td>String</td>
|
||||
<td><code>/etc/certs/cert-chain.pem</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_META_TLS_CLIENT_KEY</code></td>
|
||||
<td>String</td>
|
||||
<td><code>/etc/certs/key.pem</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_META_TLS_CLIENT_ROOT_CERT</code></td>
|
||||
<td>String</td>
|
||||
<td><code>/etc/certs/root-cert.pem</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_META_TLS_SERVER_CERT_CHAIN</code></td>
|
||||
<td>String</td>
|
||||
<td><code>/etc/certs/cert-chain.pem</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_META_TLS_SERVER_KEY</code></td>
|
||||
<td>String</td>
|
||||
<td><code>/etc/certs/key.pem</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_META_TLS_SERVER_ROOT_CERT</code></td>
|
||||
<td>String</td>
|
||||
<td><code>/etc/certs/root-cert.pem</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ISTIO_NAMESPACE</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -460,15 +480,9 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -478,6 +492,12 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -561,7 +581,15 @@ These resource annotations are used by the <code>pilot-agent</code> command.
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>sidecar.istio.io/statsInclusionPrefixes</code></td>
|
||||
<td>Control over Envoy stats collection.</td>
|
||||
<td>Specifies the comma separated list of prefixes of the stats to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>sidecar.istio.io/statsInclusionRegexps</code></td>
|
||||
<td>Specifies the comma separated list of regexes the stats should match to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>sidecar.istio.io/statsInclusionSuffixes</code></td>
|
||||
<td>Specifies the comma separated list of suffixes of the stats to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ number_of_entries: 5
|
|||
<tbody>
|
||||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -114,7 +114,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -212,6 +212,16 @@ number_of_entries: 5
|
|||
<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--mcpInitialConnWindowSize <int></code></td>
|
||||
<td></td>
|
||||
<td>Max message size received by MCP's grpc client (default `1048576`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--mcpInitialWindowSize <int></code></td>
|
||||
<td></td>
|
||||
<td>Max message size received by MCP's grpc client (default `1048576`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--mcpMaxMsgSize <int></code></td>
|
||||
<td></td>
|
||||
<td>Max message size received by MCP's grpc client (default `4194304`)</td>
|
||||
|
|
@ -282,7 +292,7 @@ number_of_entries: 5
|
|||
<tbody>
|
||||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -354,7 +364,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--ctrlz_address <string></code></td>
|
||||
<td></td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `127.0.0.1`)</td>
|
||||
<td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ctrlz_port <uint16></code></td>
|
||||
|
|
@ -506,15 +516,9 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -524,6 +528,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -566,6 +576,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ProxyInboundListenPort</code></td>
|
||||
<td>Integer</td>
|
||||
<td><code>15006</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>TERMINATION_DRAIN_DURATION_SECONDS</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -607,7 +623,15 @@ These resource annotations are used by the <code>pilot-discovery</code> command.
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>sidecar.istio.io/statsInclusionPrefixes</code></td>
|
||||
<td>Control over Envoy stats collection.</td>
|
||||
<td>Specifies the comma separated list of prefixes of the stats to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>sidecar.istio.io/statsInclusionRegexps</code></td>
|
||||
<td>Specifies the comma separated list of regexes the stats should match to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>sidecar.istio.io/statsInclusionSuffixes</code></td>
|
||||
<td>Specifies the comma separated list of suffixes of the stats to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -394,15 +394,9 @@ These environment variables affect the behavior of the <code>sidecar-injector</c
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_CDS_PRECOMPUTATION</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -412,6 +406,12 @@ These environment variables affect the behavior of the <code>sidecar-injector</c
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>false</code></td>
|
||||
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -530,6 +530,10 @@ These resource annotations are used by the <code>sidecar-injector</code> command
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>traffic.sidecar.istio.io/excludeOutboundPorts</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>traffic.sidecar.istio.io/includeInboundPorts</code></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -174,7 +174,7 @@ parameter to 1 disables keep alive.</p>
|
|||
<td><code>int32</code></td>
|
||||
<td>
|
||||
<p>Maximum number of retries that can be outstanding to all hosts in a
|
||||
cluster at a given time. Defaults to 3.</p>
|
||||
cluster at a given time. Defaults to 1024.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
@ -208,7 +208,7 @@ Note that request based timeouts mean that HTTP/2 PINGs will not keep the connec
|
|||
<td><code>maxConnections</code></td>
|
||||
<td><code>int32</code></td>
|
||||
<td>
|
||||
<p>Maximum number of HTTP1 /TCP connections to a destination host.</p>
|
||||
<p>Maximum number of HTTP1 /TCP connections to a destination host. Default 1024.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -1679,9 +1679,13 @@ platform, short-names can also be used instead of a FQDN (i.e. has no
|
|||
dots in the name). In such a scenario, the FQDN of the host would be
|
||||
derived based on the underlying platform.</p>
|
||||
|
||||
<p><strong>A host name can be defined by only one VirtualService</strong>. A single
|
||||
VirtualService can be used to describe traffic properties for multiple
|
||||
HTTP and TCP ports.</p>
|
||||
<p>A single VirtualService can be used to describe all the traffic
|
||||
properties of the corresponding hosts, including those for multiple
|
||||
HTTP and TCP ports. Alternatively, the traffic properties of a host
|
||||
can be defined using more than one VirtualService, with certain
|
||||
caveats. Refer to the
|
||||
<a href="/docs/ops/traffic-management/deploy-guidelines/#multiple-virtual-services-and-destination-rules-for-the-same-host">Operations Guide</a>
|
||||
for details.</p>
|
||||
|
||||
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
||||
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
||||
|
|
|
|||
|
|
@ -1,3 +1,16 @@
|
|||
<!-- Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License. -->
|
||||
|
||||
---
|
||||
WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE https://github.com/apache/incubator-skywalking-data-collect-protocol REPO
|
||||
source_repo: https://github.com/apache/incubator-skywalking-data-collect-protocol
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ support_link: https://apigee.com/about/support/portal
|
|||
source_link: https://github.com/apigee/istio-mixer-adapter
|
||||
latest_release_link: https://github.com/apigee/istio-mixer-adapter/releases
|
||||
helm_chart_link:
|
||||
istio_versions: "1.0.0, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6"
|
||||
istio_versions: "1.0.x, 1.1.x"
|
||||
supported_templates: authorization, analytics
|
||||
number_of_entries: 3
|
||||
---
|
||||
|
|
@ -49,6 +49,7 @@ spec:
|
|||
legacy_endpoint: false
|
||||
file_limit: 1024
|
||||
api_key_claim:
|
||||
allowUnverifiedSSLCert: false
|
||||
</code></pre>
|
||||
|
||||
<h2 id="Params">Params</h2>
|
||||
|
|
@ -147,6 +148,15 @@ Optional. Default: “30s” (30 seconds).</p>
|
|||
<p>The name of a JWT claim from which to look for an api_key.
|
||||
Optional. Default: none.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="Params-allowUnverifiedSSLCert">
|
||||
<td><code>allowUnverifiedSSLCert</code></td>
|
||||
<td><code>bool</code></td>
|
||||
<td>
|
||||
<p>Set to true to allow an unknown server SSL Certificate (eg. self-signed)
|
||||
Optional. Default: false.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="Params-products">
|
||||
|
|
|
|||
|
|
@ -1035,6 +1035,28 @@ Istio Grafana dashboards to be reconfigured to use the new name.</p>
|
|||
includes the “source.ip” and “source.uid” attributes. These
|
||||
attributes are consumed by the proxy in front of mixer.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="TransportConfig-report_batch_max_entries">
|
||||
<td><code>reportBatchMaxEntries</code></td>
|
||||
<td><code>uint32</code></td>
|
||||
<td>
|
||||
<p>When disable<em>report</em>batch is false, this value specifies the maximum number
|
||||
of requests that are batched in report. If left unspecified, the default value
|
||||
of report<em>batch</em>max_entries == 0 will use the hardcoded defaults of
|
||||
istio::mixerclient::ReportOptions.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="TransportConfig-report_batch_max_time">
|
||||
<td><code>reportBatchMaxTime</code></td>
|
||||
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
||||
<td>
|
||||
<p>When disable<em>report</em>batch is false, this value specifies the maximum elapsed
|
||||
time a batched report will be sent after a user request is processed. If left
|
||||
unspecified, the default report<em>batch</em>max_time == 0 will use the hardcoded
|
||||
defaults of istio::mixerclient::ReportOptions.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
## 问题修复以及小幅改进
|
||||
|
||||
- 使用 Prometheus 监控 Citadel([Issue 12175](https://github.com/istio/istio/pull/12175))。
|
||||
- 改善 [`istioctl experimental verify-install`](/docs/reference/commands/istioctl/#istioctl-experimental-verify-install) 命令的输出([Issue 12174](https://github.com/istio/istio/pull/12174))。
|
||||
- 改善 [`istioctl verify-install`](/docs/reference/commands/istioctl/#istioctl-verify-install) 命令的输出([Issue 12174](https://github.com/istio/istio/pull/12174))。
|
||||
- 降低 SPIFFE URI 缺失 Service account 时产生的日志级别(([Issue 12108](https://github.com/istio/istio/issues/12108)))。
|
||||
- 修正 SDS 功能中的 Unix socket 路径([Issue 12688](https://github.com/istio/istio/pull/12688))。
|
||||
- 修正了 Envoy 的跟踪问题:如果父级 Span 传播了一个空字符串出去,则无法创建子 Span ([Envoy Issue 6263](https://github.com/envoyproxy/envoy/pull/6263))。
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
- 为 Istio Kubernetes 资源的离线校验增加 [`istioctl validate`](/docs/reference/commands/istioctl/#istioctl-validate)。其目的是代替已经弃用的 `istioctl create` 命令。
|
||||
|
||||
- 增加 [`istioctl experimental verify-install`](/docs/reference/commands/istioctl/#istioctl-experimental-verify-install)。这个实验命令验证给的 Istio 安装 YAML 文件的安装状态。
|
||||
- 增加 [`istioctl verify-install`](/docs/reference/commands/istioctl/#istioctl-verify-install)。这个实验命令验证给的 Istio 安装 YAML 文件的安装状态。
|
||||
|
||||
## 配置
|
||||
|
||||
|
|
@ -121,7 +121,7 @@
|
|||
|
||||
- **Validate 命令**:[`istioctl validate`](/docs/reference/commands/istioctl/#istioctl-validate) 命令可以用离线方式校验 Istio 的 Kubernetes 资源。
|
||||
|
||||
- **Verify-Install 命令**:新增 [`istioctl experimental verify-install`](/docs/reference/commands/istioctl/#istioctl-experimental-verify-install) 命令,根据一个指定的 YAML 文件来检查 Istio 的状态。
|
||||
- **Verify-Install 命令**:新增 [`istioctl verify-install`](/docs/reference/commands/istioctl/#istioctl-verify-install) 命令,根据一个指定的 YAML 文件来检查 Istio 的状态。
|
||||
|
||||
- **过期命令**:`istioctl create`、`istioctl replace`、`istioctl get` 和 `istioctl delete` 命令都已过期,改用 [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl) 命令执行相关任务。`istioctl gen-deploy` 命令也同样过期,使用 [`helm template`](/zh/docs/setup/kubernetes/install/helm/#方案-1-使用-helm-template-进行安装) 命令来替代。1.12 版本中会移除这些命令。
|
||||
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@
|
|||
|
||||
# The repos to mine for docs, just add new entries here to pull in more repos.
|
||||
REPOS=(
|
||||
https://github.com/istio/istio.git@master
|
||||
https://github.com/istio/api.git@master
|
||||
https://github.com/istio/istio.git@release-1.2
|
||||
https://github.com/istio/api.git@release-1.2
|
||||
https://github.com/apigee/istio-mixer-adapter.git@master
|
||||
https://github.com/osswangxining/alicloud-istio-grpcadapter.git@master
|
||||
https://github.com/vmware/wavefront-adapter-for-istio.git@master
|
||||
|
|
@ -20,7 +20,7 @@ REPOS=(
|
|||
)
|
||||
|
||||
# The components from istio/istio to build and extract usage docs from.
|
||||
COMPONENT_REPO=https://github.com/istio/istio.git@master
|
||||
COMPONENT_REPO=https://github.com/istio/istio.git@release-1.2
|
||||
COMPONENTS=(
|
||||
mixer/cmd/mixc:mixc
|
||||
mixer/cmd/mixs:mixs
|
||||
|
|
|
|||
Loading…
Reference in New Issue