istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

advance master to release-1.23

This commit is contained in:
John Howard 2024-05-13 15:30:59 -07:00
parent 78bc5c42da
commit 2a5104921a
40 changed files with 1170 additions and 1069 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.core.mk
View File

@ -27,7 +27,7 @@ export IN_BUILD_CONTAINER := $(IN_BUILD_CONTAINER)
# ISTIO_IMAGE_VERSION stores the prefix used by default for the Docker images for Istio.
# For example, a value of 1.6-alpha will assume a default TAG value of 1.6-dev.<SHA>
ISTIO_IMAGE_VERSION ?= 1.22-alpha
ISTIO_IMAGE_VERSION ?= 1.23-alpha
export ISTIO_IMAGE_VERSION
# Determine the SHA for the Istio dependency by parsing the go.mod file.
@ -77,7 +77,7 @@ baseurl := "$(URL)"
endif
# Which branch of the Istio source code do we fetch stuff from
export SOURCE_BRANCH_NAME ?= release-1.22
export SOURCE_BRANCH_NAME ?= master
site:
@scripts/gen_site.sh

4
content/en/boilerplates/snips/args.sh
View File

@ -25,9 +25,9 @@ v1.1.0
ENDSNIP
! IFS=$'\n' read -r -d '' bpsnip_args_istio_previous_version <<\ENDSNIP
1.21
1.22
ENDSNIP
! IFS=$'\n' read -r -d '' bpsnip_args_istio_full_version <<\ENDSNIP
1.22.0
1.23.0
ENDSNIP

6
content/en/boilerplates/snips/revision-tags-middle.sh
View File

@ -26,7 +26,7 @@ istioctl tag list
! IFS=$'\n' read -r -d '' bpsnip_revision_tags_middle__1_out <<\ENDSNIP
TAG REVISION NAMESPACES
default 1-21-1 ...
prod-canary 1-22-0 ...
prod-stable 1-21-1 ...
default 1-22-1 ...
prod-canary 1-23-0 ...
prod-stable 1-22-1 ...
ENDSNIP

16
content/en/docs/ambient/install/helm-installation/snips.sh
View File

@ -55,10 +55,10 @@ helm ls -n istio-system
! IFS=$'\n' read -r -d '' snip_show_components_out <<\ENDSNIP
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.22.0 1.22.0
istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-1.22.0 1.22.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.22.0 1.22.0
ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-1.22.0 1.22.0
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.23.0 1.23.0
istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-1.23.0 1.23.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.23.0 1.23.0
ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-1.23.0 1.23.0
ENDSNIP
snip_check_pods() {
@ -78,10 +78,10 @@ helm ls -n istio-system
! IFS=$'\n' read -r -d '' snip_uninstall_1_out <<\ENDSNIP
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.22.0 1.22.0
istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-1.22.0 1.22.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.22.0 1.22.0
ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-1.22.0 1.22.0
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.23.0 1.23.0
istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-1.23.0 1.23.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.23.0 1.23.0
ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-1.23.0 1.23.0
ENDSNIP
snip_delete_ingress() {

2
content/en/docs/examples/virtual-machines/snips.sh
View File

@ -39,7 +39,7 @@ sudo systemctl restart mysql
}
snip_running_mysql_on_the_vm_3() {
curl -LO https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/src/mysql/mysqldb-init.sql
curl -LO https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/src/mysql/mysqldb-init.sql
mysql -u root -ppassword < mysqldb-init.sql
}

4
content/en/docs/ops/diagnostic-tools/istioctl-analyze/snips.sh
View File

@ -48,7 +48,7 @@ istioctl analyze samples/bookinfo/networking/bookinfo-gateway.yaml samples/booki
Error [IST0101] (Gateway default/bookinfo-gateway samples/bookinfo/networking/bookinfo-gateway.yaml:9) Referenced selector not found: "istio=ingressgateway"
Error [IST0101] (VirtualService default/bookinfo samples/bookinfo/networking/bookinfo-gateway.yaml:41) Referenced host not found: "productpage"
Error: Analyzers found issues when analyzing namespace: default.
See https://istio.io/v1.22/docs/reference/config/analysis for more information about causes and resolutions.
See https://istio.io/v1.23/docs/reference/config/analysis for more information about causes and resolutions.
ENDSNIP
snip_analyze_networking_directory() {
@ -76,7 +76,7 @@ spec:
status:
observedGeneration: "1"
validationMessages:
- documentationUrl: https://istio.io/v1.22/docs/reference/config/analysis/ist0101/
- documentationUrl: https://istio.io/v1.23/docs/reference/config/analysis/ist0101/
level: ERROR
type:
code: IST0101

75
content/en/docs/reference/commands/install-cni/index.html
View File

@ -81,11 +81,11 @@ remove_toc_prefix: 'install-cni '
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -105,7 +105,7 @@ remove_toc_prefix: 'install-cni '
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -203,11 +203,11 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -227,7 +227,7 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -272,11 +272,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -296,7 +296,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -340,11 +340,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -364,7 +364,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -407,11 +407,11 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -431,7 +431,7 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -481,11 +481,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -505,7 +505,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -548,12 +548,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -578,7 +578,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -694,6 +694,12 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>If provided, StdoutStubDependencies will write the input from stdin to the given file.</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>
@ -820,12 +826,30 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
<td><code>GRPC_KEEPALIVE_INTERVAL</code></td>
<td>Time Duration</td>
<td><code>30s</code></td>
<td>gRPC Keepalive Interval</td>
</tr>
<tr>
<td><code>GRPC_KEEPALIVE_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>10s</code></td>
<td>gRPC Keepalive Timeout</td>
</tr>
<tr>
<td><code>HOST_PROBE_SNAT_IP</code></td>
<td>String</td>
<td><code>169.254.7.127</code></td>
<td></td>
</tr>
<tr>
<td><code>HOST_PROBE_SNAT_IPV6</code></td>
<td>String</td>
<td><code>fd16:9254:7127:1337:ffff:ffff:ffff:ffff</code></td>
<td></td>
</tr>
<tr>
<td><code>INBOUND_INTERCEPTION_MODE</code></td>
<td>String</td>
<td><code></code></td>
@ -1683,8 +1707,17 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>pilot_jwks_resolver_network_fetch_success_total</code></td><td><code>Sum</code></td><td>Total number of successfully network fetch by pilot jwks resolver</td></tr>
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
<tr><td><code>pilot_total_rejected_configs</code></td><td><code>Sum</code></td><td>Total number of configs that Pilot had to reject or ignore.</td></tr>
<tr><td><code>pilot_total_xds_internal_errors</code></td><td><code>Sum</code></td><td>Total number of internal XDS errors in pilot.</td></tr>
<tr><td><code>pilot_total_xds_rejects</code></td><td><code>Sum</code></td><td>Total number of XDS responses from pilot rejected by proxy.</td></tr>
<tr><td><code>pilot_virt_services</code></td><td><code>LastValue</code></td><td>Total virtual services known to pilot.</td></tr>
<tr><td><code>pilot_vservice_dup_domain</code></td><td><code>LastValue</code></td><td>Virtual services with dup domains.</td></tr>
<tr><td><code>pilot_xds_cds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected CDS configs.</td></tr>
<tr><td><code>pilot_xds_eds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected EDS.</td></tr>
<tr><td><code>pilot_xds_expired_nonce</code></td><td><code>Sum</code></td><td>Total number of XDS requests with an expired nonce.</td></tr>
<tr><td><code>pilot_xds_lds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected LDS.</td></tr>
<tr><td><code>pilot_xds_rds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected RDS.</td></tr>
<tr><td><code>pilot_xds_send_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to send generated configuration.</td></tr>
<tr><td><code>pilot_xds_write_timeout</code></td><td><code>Sum</code></td><td>Pilot XDS response write timeouts.</td></tr>
<tr><td><code>provider_lookup_cluster_failures</code></td><td><code>Sum</code></td><td>Number of times a cluster lookup failed</td></tr>
<tr><td><code>xds_cache_dependent_config_size</code></td><td><code>LastValue</code></td><td>Current size of dependent configs</td></tr>
<tr><td><code>xds_cache_evictions</code></td><td><code>Sum</code></td><td>Total number of xds cache evictions.</td></tr>

88
content/en/docs/reference/commands/istioctl/index.html
View File

@ -926,7 +926,7 @@ to enable it. You can execute the following once:</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--name &lt;string&gt;</code></td>
@ -3022,7 +3022,7 @@ Retrieves last sent and last acknowledged xDS sync from Istiod to each Envoy in
<tr>
<td><code>--for &lt;string&gt;</code></td>
<td></td>
<td>Specify the traffic type [all none service workload] for the waypoint (default `service`)</td>
<td>Specify the traffic type [all none service workload] for the waypoint (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
@ -3152,7 +3152,7 @@ Retrieves last sent and last acknowledged xDS sync from Istiod to each Envoy in
<tr>
<td><code>--for &lt;string&gt;</code></td>
<td></td>
<td>Specify the traffic type [all none service workload] for the waypoint (default `service`)</td>
<td>Specify the traffic type [all none service workload] for the waypoint (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
@ -3592,10 +3592,10 @@ The default output is serialized YAML, which can be piped into &#39;kubectl appl
</table>
<h3 id="istioctl-experimental-ztunnel-config Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about workload configuration
istioctl ztunnel-config workload
istioctl x ztunnel-config workload
# Retrieve summary about certificates
istioctl ztunnel-config certificates
istioctl x ztunnel-config certificates
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-all">istioctl experimental ztunnel-config all</h2>
<p>Retrieve information about all configuration for the Ztunnel instance.</p>
@ -3659,10 +3659,10 @@ The default output is serialized YAML, which can be piped into &#39;kubectl appl
</table>
<h3 id="istioctl-experimental-ztunnel-config-all Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about all configuration for a randomly chosen ztunnel.
istioctl ztunnel-config all
istioctl x ztunnel-config all
# Retrieve full configuration dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-certificate">istioctl experimental ztunnel-config certificate</h2>
@ -3732,10 +3732,10 @@ istioctl experimental ztunnel-config cert [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-certificate Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about workload configuration for a randomly chosen ztunnel.
istioctl ztunnel-config certificates
istioctl x ztunnel-config certificates
# Retrieve full certificate dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config certificates &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config certificates &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-log">istioctl experimental ztunnel-config log</h2>
@ -3777,7 +3777,7 @@ istioctl experimental ztunnel-config cert [flags]
<tr>
<td><code>--level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-logger level of messages to output, in the form of [&lt;logger&gt;:]&lt;level&gt;,[&lt;logger&gt;:]&lt;level&gt;,... or &lt;level&gt; to change all active loggers, where logger components can be listed by running &#34;istioctl ztunnel-config log &lt;pod-name[.namespace]&gt;&#34;, and level can be one of [trace, debug, info, warning, error, critical, off] (default ``)</td>
<td>Comma-separated minimum per-logger level of messages to output, in the form of [&lt;logger&gt;:]&lt;level&gt;,[&lt;logger&gt;:]&lt;level&gt;,... or &lt;level&gt; to change all active loggers, where logger components can be listed by running &#34;istioctl x ztunnel-config log &lt;pod-name[.namespace]&gt;&#34;, and level can be one of [trace, debug, info, warning, error, critical, off] (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -3813,16 +3813,16 @@ istioctl experimental ztunnel-config cert [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-log Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve information about logging levels from all Ztunnel pods
istioctl ztunnel-config log
istioctl x ztunnel-config log
# Update levels of the all loggers for a specific Ztunnel pod
istioctl ztunnel-config log &lt;pod-name[.namespace]&gt; --level off
istioctl x ztunnel-config log &lt;pod-name[.namespace]&gt; --level off
# Update levels of the specified loggers for all Ztunnl pods
istioctl ztunnel-config log --level access:debug,info
istioctl x ztunnel-config log --level access:debug,info
# Reset levels of all the loggers to default value (warning) for a specific Ztunnel pod.
istioctl ztunnel-config log &lt;pod-name[.namespace]&gt; -r
istioctl x ztunnel-config log &lt;pod-name[.namespace]&gt; -r
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-policy">istioctl experimental ztunnel-config policy</h2>
@ -3897,10 +3897,10 @@ istioctl experimental ztunnel-config pol [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-policy Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about policy configuration for a randomly chosen ztunnel.
istioctl ztunnel-config policies
istioctl x ztunnel-config policies
# Retrieve full policy dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-service">istioctl experimental ztunnel-config service</h2>
@ -3975,10 +3975,10 @@ istioctl experimental ztunnel-config svc [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-service Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about services configuration for a randomly chosen ztunnel.
istioctl ztunnel-config services
istioctl x ztunnel-config services
# Retrieve full certificate dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config services &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config services &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-workload">istioctl experimental ztunnel-config workload</h2>
@ -4067,20 +4067,20 @@ istioctl experimental ztunnel-config workloads [&lt;type&gt;/]&lt;name&gt;[.&lt;
</table>
<h3 id="istioctl-experimental-ztunnel-config-workload Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about workload configuration for a randomly chosen ztunnel.
istioctl ztunnel-config workload
istioctl x ztunnel-config workload
# Retrieve summary of workloads on node XXXX for a given Ztunnel instance.
istioctl ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --node ambient-worker
istioctl x ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --node ambient-worker
# Retrieve full workload dump of workloads with address XXXX for a given Ztunnel instance.
istioctl ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --address 0.0.0.0 -o json
istioctl x ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --address 0.0.0.0 -o json
# Retrieve Ztunnel config dump separately and inspect from file.
kubectl exec -it $ZTUNNEL -n istio-system -- curl localhost:15000/config_dump &gt; ztunnel-config.json
istioctl ztunnel-config workloads --file ztunnel-config.json
istioctl x ztunnel-config workloads --file ztunnel-config.json
# Retrieve workload summary for a specific namespace
istioctl ztunnel-config workloads &lt;ztunnel-name[.namespace]&gt; --workloads-namespace foo
istioctl x ztunnel-config workloads &lt;ztunnel-name[.namespace]&gt; --workloads-namespace foo
</code></pre>
<h2 id="istioctl-install">istioctl install</h2>
@ -4139,7 +4139,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4162,7 +4162,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -4535,7 +4535,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4558,7 +4558,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--vklog &lt;Level&gt;</code></td>
@ -4637,7 +4637,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4660,7 +4660,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -4785,7 +4785,7 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4884,7 +4884,7 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -5117,7 +5117,7 @@ istioctl install --set profile=demo # Use a profile from the list
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -5192,7 +5192,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -5254,7 +5254,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -6404,7 +6404,7 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -6601,7 +6601,7 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -6702,7 +6702,7 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -6725,7 +6725,7 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -6808,7 +6808,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -6831,7 +6831,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -6965,7 +6965,7 @@ istioctl experimental precheck.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -7112,6 +7112,12 @@ cryptograhic modules (please consult
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fips-140-2).</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>

6
content/en/docs/reference/commands/operator/index.html
View File

@ -359,6 +359,12 @@ cryptograhic modules (please consult
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fips-140-2).</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>

122
content/en/docs/reference/commands/pilot-agent/index.html
View File

@ -23,11 +23,11 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -47,7 +47,7 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -77,11 +77,11 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -101,7 +101,7 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -142,11 +142,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -166,7 +166,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -206,11 +206,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -230,7 +230,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -269,11 +269,11 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -293,7 +293,7 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -339,11 +339,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -363,7 +363,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -420,12 +420,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -450,7 +450,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -605,12 +605,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -635,7 +635,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -715,11 +715,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -739,7 +739,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -809,11 +809,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -833,7 +833,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -866,12 +866,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -896,7 +896,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -938,11 +938,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -962,7 +962,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -1111,6 +1111,12 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>The type of ECC signature algorithm to use when generating private keys</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>
@ -1529,12 +1535,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>Kubernetes service host, set automatically when running in-cluster</td>
</tr>
<tr>
<td><code>K_REVISION</code></td>
<td>String</td>
<td><code></code></td>
<td>KNative revision, set if running in knative</td>
</tr>
<tr>
<td><code>LABEL_CANONICAL_SERVICES_FOR_MESH_EXTERNAL_SERVICE_ENTRIES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -2262,17 +2262,11 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><th>Metric Name</th><th>Type</th><th>Description</th></tr>
</thead>
<tbody>
<tr><td><code>auto_registration_deletes_total</code></td><td><code>Sum</code></td><td>Total number of auto registration cleaned up by periodic timer.</td></tr>
<tr><td><code>auto_registration_errors_total</code></td><td><code>Sum</code></td><td>Total number of auto registration errors.</td></tr>
<tr><td><code>auto_registration_success_total</code></td><td><code>Sum</code></td><td>Total number of successful auto registrations.</td></tr>
<tr><td><code>auto_registration_unregister_total</code></td><td><code>Sum</code></td><td>Total number of unregistrations.</td></tr>
<tr><td><code>auto_registration_updates_total</code></td><td><code>Sum</code></td><td>Total number of auto registration updates.</td></tr>
<tr><td><code>cert_expiry_seconds</code></td><td><code>LastValue</code></td><td>The time remaining, in seconds, before the certificate chain will expire. A negative value indicates the cert is expired.</td></tr>
<tr><td><code>dns_requests_total</code></td><td><code>Sum</code></td><td>Total number of DNS requests.</td></tr>
<tr><td><code>dns_upstream_failures_total</code></td><td><code>Sum</code></td><td>Total number of DNS failures.</td></tr>
<tr><td><code>dns_upstream_request_duration_seconds</code></td><td><code>Distribution</code></td><td>Total time in seconds Istio takes to get DNS response from upstream.</td></tr>
<tr><td><code>dns_upstream_requests_total</code></td><td><code>Sum</code></td><td>Total number of DNS requests forwarded to upstream.</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>envoy_connection_terminations</code></td><td><code>Sum</code></td><td>The total number of connection errors from envoy</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_connection_failures</code></td><td><code>Sum</code></td><td>The total number of connection failures to Istiod</td></tr>
@ -2283,46 +2277,18 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>num_outgoing_requests</code></td><td><code>Sum</code></td><td>Number of total outgoing requests (e.g. to a token exchange server, CA, etc.)</td></tr>
<tr><td><code>num_outgoing_retries</code></td><td><code>Sum</code></td><td>Number of outgoing retry requests (e.g. to a token exchange server, CA, etc.)</td></tr>
<tr><td><code>outgoing_latency</code></td><td><code>Sum</code></td><td>The latency of outgoing requests (e.g. to a token exchange server, CA, etc.) in milliseconds.</td></tr>
<tr><td><code>pilot_conflict_inbound_listener</code></td><td><code>LastValue</code></td><td>Number of conflicting inbound listeners.</td></tr>
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting tcp listeners with current tcp listener.</td></tr>
<tr><td><code>pilot_debounce_time</code></td><td><code>Distribution</code></td><td>Delay in seconds between the first config enters debouncing and the merged push request is pushed into the push queue.</td></tr>
<tr><td><code>pilot_destrule_subsets</code></td><td><code>LastValue</code></td><td>Duplicate subsets across destination rules for same host</td></tr>
<tr><td><code>pilot_dns_cluster_without_endpoints</code></td><td><code>LastValue</code></td><td>DNS clusters without endpoints caused by the endpoint field in STRICT_DNS type cluster is not set or the corresponding subset cannot select any endpoint</td></tr>
<tr><td><code>pilot_duplicate_envoy_clusters</code></td><td><code>LastValue</code></td><td>Duplicate envoy clusters caused by service entries with same hostname</td></tr>
<tr><td><code>pilot_eds_no_instances</code></td><td><code>LastValue</code></td><td>Number of clusters without instances.</td></tr>
<tr><td><code>pilot_endpoint_not_ready</code></td><td><code>LastValue</code></td><td>Endpoint found in unready state.</td></tr>
<tr><td><code>pilot_envoy_filter_status</code></td><td><code>LastValue</code></td><td>Status of Envoy filters whether it was applied or errored.</td></tr>
<tr><td><code>pilot_inbound_updates</code></td><td><code>Sum</code></td><td>Total number of updates received by pilot.</td></tr>
<tr><td><code>pilot_jwks_resolver_network_fetch_fail_total</code></td><td><code>Sum</code></td><td>Total number of failed network fetch by pilot jwks resolver</td></tr>
<tr><td><code>pilot_jwks_resolver_network_fetch_success_total</code></td><td><code>Sum</code></td><td>Total number of successfully network fetch by pilot jwks resolver</td></tr>
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
<tr><td><code>pilot_proxy_convergence_time</code></td><td><code>Distribution</code></td><td>Delay in seconds between config change and a proxy receiving all required configuration.</td></tr>
<tr><td><code>pilot_proxy_queue_time</code></td><td><code>Distribution</code></td><td>Time in seconds, a proxy is in the push queue before being dequeued.</td></tr>
<tr><td><code>pilot_push_triggers</code></td><td><code>Sum</code></td><td>Total number of times a push was triggered, labeled by reason for the push.</td></tr>
<tr><td><code>pilot_pushcontext_init_seconds</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to init pushContext.</td></tr>
<tr><td><code>pilot_sds_certificate_errors_total</code></td><td><code>Sum</code></td><td>Total number of failures to fetch SDS key and certificate.</td></tr>
<tr><td><code>pilot_services</code></td><td><code>LastValue</code></td><td>Total services known to pilot.</td></tr>
<tr><td><code>pilot_total_rejected_configs</code></td><td><code>Sum</code></td><td>Total number of configs that Pilot had to reject or ignore.</td></tr>
<tr><td><code>pilot_total_xds_internal_errors</code></td><td><code>Sum</code></td><td>Total number of internal XDS errors in pilot.</td></tr>
<tr><td><code>pilot_total_xds_rejects</code></td><td><code>Sum</code></td><td>Total number of XDS responses from pilot rejected by proxy.</td></tr>
<tr><td><code>pilot_virt_services</code></td><td><code>LastValue</code></td><td>Total virtual services known to pilot.</td></tr>
<tr><td><code>pilot_vservice_dup_domain</code></td><td><code>LastValue</code></td><td>Virtual services with dup domains.</td></tr>
<tr><td><code>pilot_worker_queue_depth</code></td><td><code>LastValue</code></td><td>Depth of the controller queues</td></tr>
<tr><td><code>pilot_worker_queue_duration</code></td><td><code>Distribution</code></td><td>Time taken to process an item</td></tr>
<tr><td><code>pilot_worker_queue_latency</code></td><td><code>Distribution</code></td><td>Latency before the item is processed</td></tr>
<tr><td><code>pilot_xds</code></td><td><code>LastValue</code></td><td>Number of endpoints connected to this pilot using XDS.</td></tr>
<tr><td><code>pilot_xds_cds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected CDS configs.</td></tr>
<tr><td><code>pilot_xds_config_size_bytes</code></td><td><code>Distribution</code></td><td>Distribution of configuration sizes pushed to clients</td></tr>
<tr><td><code>pilot_xds_eds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected EDS.</td></tr>
<tr><td><code>pilot_xds_expired_nonce</code></td><td><code>Sum</code></td><td>Total number of XDS requests with an expired nonce.</td></tr>
<tr><td><code>pilot_xds_lds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected LDS.</td></tr>
<tr><td><code>pilot_xds_push_context_errors</code></td><td><code>Sum</code></td><td>Number of errors (timeouts) initiating push context.</td></tr>
<tr><td><code>pilot_xds_push_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to push lds, rds, cds and eds.</td></tr>
<tr><td><code>pilot_xds_pushes</code></td><td><code>Sum</code></td><td>Pilot build and send errors for lds, rds, cds and eds.</td></tr>
<tr><td><code>pilot_xds_rds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected RDS.</td></tr>
<tr><td><code>pilot_xds_send_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to send generated configuration.</td></tr>
<tr><td><code>pilot_xds_write_timeout</code></td><td><code>Sum</code></td><td>Pilot XDS response write timeouts.</td></tr>
<tr><td><code>provider_lookup_cluster_failures</code></td><td><code>Sum</code></td><td>Number of times a cluster lookup failed</td></tr>
<tr><td><code>scrape_failures_total</code></td><td><code>Sum</code></td><td>The total number of failed scrapes.</td></tr>
<tr><td><code>scrapes_total</code></td><td><code>Sum</code></td><td>The total number of scrapes.</td></tr>
<tr><td><code>startup_duration_seconds</code></td><td><code>LastValue</code></td><td>The time from the process starting to being marked ready.</td></tr>
@ -2331,10 +2297,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>wasm_config_conversion_count</code></td><td><code>Sum</code></td><td>number of Wasm config conversion count and results, including success, no remote load, marshal failure, remote fetch failure, miss remote fetch hint.</td></tr>
<tr><td><code>wasm_config_conversion_duration</code></td><td><code>Distribution</code></td><td>Total time in milliseconds istio-agent spends on converting remote load in Wasm config.</td></tr>
<tr><td><code>wasm_remote_fetch_count</code></td><td><code>Sum</code></td><td>number of Wasm remote fetches and results, including success, download failure, and checksum mismatch.</td></tr>
<tr><td><code>xds_cache_dependent_config_size</code></td><td><code>LastValue</code></td><td>Current size of dependent configs</td></tr>
<tr><td><code>xds_cache_evictions</code></td><td><code>Sum</code></td><td>Total number of xds cache evictions.</td></tr>
<tr><td><code>xds_cache_reads</code></td><td><code>Sum</code></td><td>Total number of xds cache xdsCacheReads.</td></tr>
<tr><td><code>xds_cache_size</code></td><td><code>LastValue</code></td><td>Current size of xds cache</td></tr>
<tr><td><code>xds_proxy_requests</code></td><td><code>Sum</code></td><td>The total number of Xds Proxy Requests</td></tr>
<tr><td><code>xds_proxy_responses</code></td><td><code>Sum</code></td><td>The total number of Xds Proxy Responses</td></tr>
</tbody>

8
content/en/docs/reference/commands/pilot-discovery/index.html
View File

@ -520,6 +520,12 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>The default TTL of issued workload certificates. Applied when the client sets a non-positive TTL in the CSR.</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>
@ -839,7 +845,7 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td><code>K8S_INGRESS_NS</code></td>
<td>String</td>
<td><code>istio-system</code></td>
<td></td>
<td>The namespace where ingress controller runs, by default it is istio-system</td>
</tr>
<tr>
<td><code>K8S_SIGNER</code></td>

4
content/en/docs/reference/config/networking/destination-rule/index.html
View File

@ -1396,7 +1396,9 @@ No
<td>
<p>The table size for Maglev hashing. This helps in controlling the
disruption when the backend hosts change.
Increasing the table size reduces the amount of disruption.</p>
Increasing the table size reduces the amount of disruption.
The table size must be prime number less than 5000011.
If it is not specified, the default is 65537.</p>
</td>
<td>

55
content/en/docs/reference/config/networking/virtual-service/index.html
View File

@ -8,7 +8,7 @@ layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.networking.v1alpha3.VirtualService
aliases: [/docs/reference/config/networking/v1alpha3/virtual-service]
number_of_entries: 29
number_of_entries: 30
---
<p>Configuration affecting traffic routing. Here are a few terms useful to define
in the context of traffic routing.</p>
@ -241,7 +241,7 @@ services), as well as services declared through the
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. &ldquo;reviews&rdquo;
instead of &ldquo;reviews.default.svc.cluster.local&rdquo;), Istio will interpret
the short name based on the namespace of the rule, not the service. A
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews will be
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews&rdquo; will be
interpreted as &ldquo;reviews.default.svc.cluster.local&rdquo;, irrespective of the
actual namespace associated with the reviews service. <em>To avoid potential
misconfigurations, it is recommended to always use fully qualified
@ -368,7 +368,7 @@ destinations that are not found in either of the two, will be dropped.</p>
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. &ldquo;reviews&rdquo;
instead of &ldquo;reviews.default.svc.cluster.local&rdquo;), Istio will interpret
the short name based on the namespace of the rule, not the service. A
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews will be
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews&rdquo; will be
interpreted as &ldquo;reviews.default.svc.cluster.local&rdquo;, irrespective of
the actual namespace associated with the reviews service. To avoid
potential misconfiguration, it is recommended to always use fully
@ -2200,6 +2200,19 @@ No
(not the preflight) using credentials. Translates to
<code>Access-Control-Allow-Credentials</code> header.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-unmatched_preflights">
<td><code>unmatchedPreflights</code></td>
<td><code><a href="#CorsPolicy-UnmatchedPreflights">UnmatchedPreflights</a></code></td>
<td>
<p>Indicates whether preflight requests not matching the configured
allowed origin shouldn&rsquo;t be forwarded to the upstream.
Default is forward to upstream.</p>
</td>
<td>
No
@ -2618,3 +2631,39 @@ No
</tbody>
</table>
</section>
<h2 id="CorsPolicy-UnmatchedPreflights">CorsPolicy.UnmatchedPreflights</h2>
<section>
<table class="enum-values">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="CorsPolicy-UnmatchedPreflights-UNSPECIFIED">
<td><code>UNSPECIFIED</code></td>
<td>
<p>Default to FORWARD</p>
</td>
</tr>
<tr id="CorsPolicy-UnmatchedPreflights-FORWARD">
<td><code>FORWARD</code></td>
<td>
<p>Preflight requests not matching the configured allowed origin
will be forwarded to the upstream.</p>
</td>
</tr>
<tr id="CorsPolicy-UnmatchedPreflights-IGNORE">
<td><code>IGNORE</code></td>
<td>
<p>Preflight requests not matching the configured allowed origin
will not be forwarded to the upstream.</p>
</td>
</tr>
</tbody>
</table>
</section>

308
content/en/docs/reference/config/security/jwt/index.html
View File

@ -1,308 +0,0 @@
---
WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/api' REPO
source_repo: https://github.com/istio/api
title: JWTRule
description: Configuration to validate JWT.
location: https://istio.io/docs/reference/config/security/jwt.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1beta1.JWTRule
aliases: [/docs/reference/config/security/v1beta1/jwt]
number_of_entries: 3
---
<h2 id="JWTRule">JWTRule</h2>
<section>
<p>JSON Web Token (JWT) token format for authentication as defined by
<a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a>. See <a href="https://tools.ietf.org/html/rfc6749">OAuth 2.0</a> and
<a href="http://openid.net/connect">OIDC 1.0</a> for how this is used in the whole
authentication flow.</p>
<p>Examples:</p>
<p>Spec for a JWT that is issued by <code>https://example.com</code>, with the audience claims must be either
<code>bookstore_android.apps.example.com</code> or <code>bookstore_web.apps.example.com</code>.
The token should be presented at the <code>Authorization</code> header (default). The JSON Web Key Set (JWKS)
will be discovered following OpenID Connect protocol.</p>
<pre><code class="language-yaml">issuer: https://example.com
audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
<p>This example specifies a token in a non-default location (<code>x-goog-iap-jwt-assertion</code> header). It also
defines the URI to fetch JWKS explicitly.</p>
<pre><code class="language-yaml">issuer: https://example.com
jwksUri: https://example.com/.secret/jwks.json
fromHeaders:
- &quot;x-goog-iap-jwt-assertion&quot;
</code></pre>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTRule-issuer">
<td><code>issuer</code></td>
<td><code>string</code></td>
<td>
<p>Identifies the issuer that issued the JWT. See
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.1">issuer</a>
A JWT with different <code>iss</code> claim will be rejected.</p>
<p>Example: <code>https://foobar.auth0.com</code>
Example: <code>1234567-compute@developer.gserviceaccount.com</code></p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTRule-audiences">
<td><code>audiences</code></td>
<td><code>string[]</code></td>
<td>
<p>The list of JWT
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.3">audiences</a>
that are allowed to access. A JWT containing any of these
audiences will be accepted.</p>
<p>The service name will be accepted if audiences is empty.</p>
<p>Example:</p>
<pre><code class="language-yaml">audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks_uri">
<td><code>jwksUri</code></td>
<td><code>string</code></td>
<td>
<p>URL of the provider&rsquo;s public key set to validate signature of the
JWT. See <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata">OpenID Discovery</a>.</p>
<p>Optional if the key set document can either (a) be retrieved from
<a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID
Discovery</a> of
the issuer or (b) inferred from the email domain of the issuer (e.g. a
Google service account).</p>
<p>Example: <code>https://www.googleapis.com/oauth2/v1/certs</code></p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks">
<td><code>jwks</code></td>
<td><code>string</code></td>
<td>
<p>JSON Web Key Set of public keys to validate signature of the JWT.
See <a href="https://auth0.com/docs/jwks">https://auth0.com/docs/jwks</a>.</p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_headers">
<td><code>fromHeaders</code></td>
<td><code><a href="#JWTHeader">JWTHeader[]</a></code></td>
<td>
<p>List of header locations from which JWT is expected. For example, below is the location spec
if JWT is expected to be found in <code>x-jwt-assertion</code> header, and have <code>Bearer</code> prefix:</p>
<pre><code class="language-yaml"> fromHeaders:
- name: x-jwt-assertion
prefix: &quot;Bearer &quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_params">
<td><code>fromParams</code></td>
<td><code>string[]</code></td>
<td>
<p>List of query parameters from which JWT is expected. For example, if JWT is provided via query
parameter <code>my_token</code> (e.g <code>/path?my_token=&lt;JWT&gt;</code>), the config is:</p>
<pre><code class="language-yaml"> fromParams:
- &quot;my_token&quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_payload_to_header">
<td><code>outputPayloadToHeader</code></td>
<td><code>string</code></td>
<td>
<p>This field specifies the header name to output a successfully verified JWT payload to the
backend. The forwarded data is <code>base64_encoded(jwt_payload_in_JSON)</code>. If it is not specified,
the payload will not be emitted.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_cookies">
<td><code>fromCookies</code></td>
<td><code>string[]</code></td>
<td>
<p>List of cookie names from which JWT is expected. //
For example, if config is:</p>
<pre><code class="language-yaml"> from_cookies:
- auth-token
</code></pre>
<p>Then JWT will be extracted from <code>auth-token</code> cookie in the request.</p>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-forward_original_token">
<td><code>forwardOriginalToken</code></td>
<td><code>bool</code></td>
<td>
<p>If set to true, the original token will be kept for the upstream request. Default is false.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_claim_to_headers">
<td><code>outputClaimToHeaders</code></td>
<td><code><a href="#ClaimToHeader">ClaimToHeader[]</a></code></td>
<td>
<p>This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.
This differs from the <code>output_payload_to_header</code> by allowing outputting individual claims instead of the whole payload.
The header specified in each operation in the list must be unique. Nested claims of type string/int/bool is supported as well.</p>
<pre><code> outputClaimToHeaders:
- header: x-my-company-jwt-group
claim: my-group
- header: x-test-environment-flag
claim: test-flag
- header: x-jwt-claim-group
claim: nested.key.group
</code></pre>
<p>[Experimental] This feature is a experimental feature.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-timeout">
<td><code>timeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable,
will spend waiting for the JWKS to be fetched. Default is 5s.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="JWTHeader">JWTHeader</h2>
<section>
<p>This message specifies a header location to extract JWT token.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTHeader-name">
<td><code>name</code></td>
<td><code>string</code></td>
<td>
<p>The HTTP header name.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTHeader-prefix">
<td><code>prefix</code></td>
<td><code>string</code></td>
<td>
<p>The prefix that should be stripped before decoding the token.
For example, for <code>Authorization: Bearer &lt;token&gt;</code>, prefix=<code>Bearer</code> with a space at the end.
If the header doesn&rsquo;t have this exact prefix, it is considered invalid.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="ClaimToHeader">ClaimToHeader</h2>
<section>
<p>This message specifies the detail for copying claim to header.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="ClaimToHeader-header">
<td><code>header</code></td>
<td><code>string</code></td>
<td>
<p>The name of the header to be created. The header will be overridden if it already exists in the request.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ClaimToHeader-claim">
<td><code>claim</code></td>
<td><code>string</code></td>
<td>
<p>The name of the claim to be copied from. Only claim of type string/int/bool is supported.
The header will not be there if the claim does not exist or the type of the claim is not supported.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>

302
content/en/docs/reference/config/security/request_authentication/index.html
View File

@ -7,8 +7,8 @@ location: https://istio.io/docs/reference/config/security/request_authentication
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1beta1.RequestAuthentication
aliases: [/docs/reference/config/security/v1beta1/request_authentication]
number_of_entries: 1
aliases: [/docs/reference/config/security/v1beta1/request_authentication, /docs/reference/config/security/v1beta1/jwt, /docs/reference/config/security/v1beta1/jwt.html]
number_of_entries: 4
---
<h2 id="RequestAuthentication">RequestAuthentication</h2>
<section>
@ -256,7 +256,7 @@ No
</tr>
<tr id="RequestAuthentication-jwt_rules">
<td><code>jwtRules</code></td>
<td><code><a href="/docs/reference/config/security/jwt/#JWTRule">JWTRule[]</a></code></td>
<td><code><a href="#JWTRule">JWTRule[]</a></code></td>
<td>
<p>Define the list of JWTs that can be validated at the selected workloads&rsquo; proxy. A valid token
will be used to extract the authenticated identity.
@ -274,3 +274,299 @@ No
</tbody>
</table>
</section>
<h2 id="JWTRule">JWTRule</h2>
<section>
<p>JSON Web Token (JWT) token format for authentication as defined by
<a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a>. See <a href="https://tools.ietf.org/html/rfc6749">OAuth 2.0</a> and
<a href="http://openid.net/connect">OIDC 1.0</a> for how this is used in the whole
authentication flow.</p>
<p>Examples:</p>
<p>Spec for a JWT that is issued by <code>https://example.com</code>, with the audience claims must be either
<code>bookstore_android.apps.example.com</code> or <code>bookstore_web.apps.example.com</code>.
The token should be presented at the <code>Authorization</code> header (default). The JSON Web Key Set (JWKS)
will be discovered following OpenID Connect protocol.</p>
<pre><code class="language-yaml">issuer: https://example.com
audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
<p>This example specifies a token in a non-default location (<code>x-goog-iap-jwt-assertion</code> header). It also
defines the URI to fetch JWKS explicitly.</p>
<pre><code class="language-yaml">issuer: https://example.com
jwksUri: https://example.com/.secret/jwks.json
fromHeaders:
- &quot;x-goog-iap-jwt-assertion&quot;
</code></pre>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTRule-issuer">
<td><code>issuer</code></td>
<td><code>string</code></td>
<td>
<p>Identifies the issuer that issued the JWT. See
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.1">issuer</a>
A JWT with different <code>iss</code> claim will be rejected.</p>
<p>Example: <code>https://foobar.auth0.com</code>
Example: <code>1234567-compute@developer.gserviceaccount.com</code></p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTRule-audiences">
<td><code>audiences</code></td>
<td><code>string[]</code></td>
<td>
<p>The list of JWT
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.3">audiences</a>
that are allowed to access. A JWT containing any of these
audiences will be accepted.</p>
<p>The service name will be accepted if audiences is empty.</p>
<p>Example:</p>
<pre><code class="language-yaml">audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks_uri">
<td><code>jwksUri</code></td>
<td><code>string</code></td>
<td>
<p>URL of the provider&rsquo;s public key set to validate signature of the
JWT. See <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata">OpenID Discovery</a>.</p>
<p>Optional if the key set document can either (a) be retrieved from
<a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID
Discovery</a> of
the issuer or (b) inferred from the email domain of the issuer (e.g. a
Google service account).</p>
<p>Example: <code>https://www.googleapis.com/oauth2/v1/certs</code></p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks">
<td><code>jwks</code></td>
<td><code>string</code></td>
<td>
<p>JSON Web Key Set of public keys to validate signature of the JWT.
See <a href="https://auth0.com/docs/jwks">https://auth0.com/docs/jwks</a>.</p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_headers">
<td><code>fromHeaders</code></td>
<td><code><a href="#JWTHeader">JWTHeader[]</a></code></td>
<td>
<p>List of header locations from which JWT is expected. For example, below is the location spec
if JWT is expected to be found in <code>x-jwt-assertion</code> header, and have <code>Bearer</code> prefix:</p>
<pre><code class="language-yaml"> fromHeaders:
- name: x-jwt-assertion
prefix: &quot;Bearer &quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_params">
<td><code>fromParams</code></td>
<td><code>string[]</code></td>
<td>
<p>List of query parameters from which JWT is expected. For example, if JWT is provided via query
parameter <code>my_token</code> (e.g <code>/path?my_token=&lt;JWT&gt;</code>), the config is:</p>
<pre><code class="language-yaml"> fromParams:
- &quot;my_token&quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_payload_to_header">
<td><code>outputPayloadToHeader</code></td>
<td><code>string</code></td>
<td>
<p>This field specifies the header name to output a successfully verified JWT payload to the
backend. The forwarded data is <code>base64_encoded(jwt_payload_in_JSON)</code>. If it is not specified,
the payload will not be emitted.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_cookies">
<td><code>fromCookies</code></td>
<td><code>string[]</code></td>
<td>
<p>List of cookie names from which JWT is expected. //
For example, if config is:</p>
<pre><code class="language-yaml"> from_cookies:
- auth-token
</code></pre>
<p>Then JWT will be extracted from <code>auth-token</code> cookie in the request.</p>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-forward_original_token">
<td><code>forwardOriginalToken</code></td>
<td><code>bool</code></td>
<td>
<p>If set to true, the original token will be kept for the upstream request. Default is false.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_claim_to_headers">
<td><code>outputClaimToHeaders</code></td>
<td><code><a href="#ClaimToHeader">ClaimToHeader[]</a></code></td>
<td>
<p>This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.
This differs from the <code>output_payload_to_header</code> by allowing outputting individual claims instead of the whole payload.
The header specified in each operation in the list must be unique. Nested claims of type string/int/bool is supported as well.</p>
<pre><code> outputClaimToHeaders:
- header: x-my-company-jwt-group
claim: my-group
- header: x-test-environment-flag
claim: test-flag
- header: x-jwt-claim-group
claim: nested.key.group
</code></pre>
<p>[Experimental] This feature is a experimental feature.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-timeout">
<td><code>timeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable,
will spend waiting for the JWKS to be fetched. Default is 5s.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="JWTHeader">JWTHeader</h2>
<section>
<p>This message specifies a header location to extract JWT token.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTHeader-name">
<td><code>name</code></td>
<td><code>string</code></td>
<td>
<p>The HTTP header name.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTHeader-prefix">
<td><code>prefix</code></td>
<td><code>string</code></td>
<td>
<p>The prefix that should be stripped before decoding the token.
For example, for <code>Authorization: Bearer &lt;token&gt;</code>, prefix=<code>Bearer</code> with a space at the end.
If the header doesn&rsquo;t have this exact prefix, it is considered invalid.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="ClaimToHeader">ClaimToHeader</h2>
<section>
<p>This message specifies the detail for copying claim to header.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="ClaimToHeader-header">
<td><code>header</code></td>
<td><code>string</code></td>
<td>
<p>The name of the header to be created. The header will be overridden if it already exists in the request.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ClaimToHeader-claim">
<td><code>claim</code></td>
<td><code>string</code></td>
<td>
<p>The name of the claim to be copied from. Only claim of type string/int/bool is supported.
The header will not be there if the claim does not exist or the type of the claim is not supported.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>

2
content/en/docs/setup/additional-setup/getting-started/snips.sh
View File

@ -31,7 +31,7 @@ curl -L https://istio.io/downloadIstio | sh -
}
snip_download_istio_2() {
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.0 TARGET_ARCH=x86_64 sh -
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.0 TARGET_ARCH=x86_64 sh -
}
snip_download_istio_4() {

2
content/en/docs/setup/getting-started/snips.sh
View File

@ -26,7 +26,7 @@ curl -L https://istio.io/downloadIstio | sh -
}
snip_download_istio_2() {
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.0 TARGET_ARCH=x86_64 sh -
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.0 TARGET_ARCH=x86_64 sh -
}
snip_download_istio_4() {

12
content/en/docs/setup/install/helm/snips.sh
View File

@ -35,7 +35,7 @@ helm ls -n istio-system
! IFS=$'\n' read -r -d '' snip_installation_steps_4_out <<\ENDSNIP
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.22.0 1.22.0
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.23.0 1.23.0
ENDSNIP
snip_install_discovery() {
@ -48,8 +48,8 @@ helm ls -n istio-system
! IFS=$'\n' read -r -d '' snip_installation_steps_6_out <<\ENDSNIP
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.22.0 1.22.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.22.0 1.22.0
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.23.0 1.23.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.23.0 1.23.0
ENDSNIP
snip_installation_steps_7() {
@ -93,7 +93,7 @@ kubectl get deployments -n istio-system --output wide
! IFS=$'\n' read -r -d '' snip_installation_steps_8_out <<\ENDSNIP
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
istiod 1/1 1 1 10m discovery docker.io/istio/pilot:1.22.0 istio=pilot
istiod 1/1 1 1 10m discovery docker.io/istio/pilot:1.23.0 istio=pilot
ENDSNIP
snip_install_ingressgateway() {
@ -107,8 +107,8 @@ helm ls -n istio-system
! IFS=$'\n' read -r -d '' snip_helm_ls_out <<\ENDSNIP
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.22.0 1.22.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.22.0 1.22.0
istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.23.0 1.23.0
istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.23.0 1.23.0
ENDSNIP
snip_delete_delete_gateway_charts() {

20
content/en/docs/setup/install/operator/snips.sh
View File

@ -124,11 +124,11 @@ kubectl get pods --namespace istio-system \
}
snip_download_istio_previous_version() {
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.21.0 sh -
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.0 sh -
}
snip_deploy_operator_previous_version() {
istio-1.21.0/bin/istioctl operator init
istio-1.22.0/bin/istioctl operator init
}
snip_install_istio_previous_version() {
@ -137,7 +137,7 @@ apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane-1-21-0
name: example-istiocontrolplane-1-22-0
spec:
profile: default
EOF
@ -149,15 +149,15 @@ kubectl get iop --all-namespaces
! IFS=$'\n' read -r -d '' snip_verify_operator_cr_out <<\ENDSNIP
NAMESPACE NAME REVISION STATUS AGE
istio-system example-istiocontrolplane1-21-0 HEALTHY 11m
istio-system example-istiocontrolplane1-22-0 HEALTHY 11m
ENDSNIP
snip_canary_upgrade_init() {
istio-1.22.0/bin/istioctl operator init --revision 1-22-0
istio-1.23.0/bin/istioctl operator init --revision 1-23-0
}
snip_cat_operator_yaml() {
cat example-istiocontrolplane-1-22-0.yaml
cat example-istiocontrolplane-1-23-0.yaml
}
! IFS=$'\n' read -r -d '' snip_cat_operator_yaml_out <<\ENDSNIP
@ -165,9 +165,9 @@ apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane-1-22-0
name: example-istiocontrolplane-1-23-0
spec:
revision: 1-22-0
revision: 1-23-0
profile: default
ENDSNIP
@ -177,7 +177,7 @@ kubectl get pod -n istio-system -l app=istiod
! IFS=$'\n' read -r -d '' snip_get_pods_istio_system_out <<\ENDSNIP
NAME READY STATUS RESTARTS AGE
istiod-1-22-0-597475f4f6-bgtcz 1/1 Running 0 64s
istiod-1-23-0-597475f4f6-bgtcz 1/1 Running 0 64s
istiod-6ffcc65b96-bxzv5 1/1 Running 0 2m11s
ENDSNIP
@ -188,7 +188,7 @@ kubectl get services -n istio-system -l app=istiod
! IFS=$'\n' read -r -d '' snip_get_svc_istio_system_out <<\ENDSNIP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istiod ClusterIP 10.104.129.150 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 2m35s
istiod-1-22-0 ClusterIP 10.111.17.49 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 88s
istiod-1-23-0 ClusterIP 10.111.17.49 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 88s
ENDSNIP
snip_delete_example_istiocontrolplane() {

32
content/en/docs/setup/upgrade/canary/snips.sh
View File

@ -41,7 +41,7 @@ kubectl get pods -n istio-system -l app=istiod
! IFS=$'\n' read -r -d '' snip_control_plane_2_out <<\ENDSNIP
NAME READY STATUS RESTARTS AGE
istiod-1-21-1-bdf5948d5-htddg 1/1 Running 0 47s
istiod-1-22-1-bdf5948d5-htddg 1/1 Running 0 47s
istiod-canary-84c8d4dcfb-skcfv 1/1 Running 0 25s
ENDSNIP
@ -51,7 +51,7 @@ kubectl get svc -n istio-system -l app=istiod
! IFS=$'\n' read -r -d '' snip_control_plane_3_out <<\ENDSNIP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istiod-1-21-1 ClusterIP 10.96.93.151 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 109s
istiod-1-22-1 ClusterIP 10.96.93.151 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 109s
istiod-canary ClusterIP 10.104.186.250 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 87s
ENDSNIP
@ -61,7 +61,7 @@ kubectl get mutatingwebhookconfigurations
! IFS=$'\n' read -r -d '' snip_control_plane_4_out <<\ENDSNIP
NAME WEBHOOKS AGE
istio-sidecar-injector-1-21-1 2 2m16s
istio-sidecar-injector-1-22-1 2 2m16s
istio-sidecar-injector-canary 2 114s
ENDSNIP
@ -98,13 +98,13 @@ istioctl proxy-status | grep "\.test-ns "
}
snip_usage_1() {
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --revision=1-21-1 --set profile=minimal --skip-confirmation
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --revision=1-22-0 --set profile=minimal --skip-confirmation
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --revision=1-22-1 --set profile=minimal --skip-confirmation
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --revision=1-23-0 --set profile=minimal --skip-confirmation
}
snip_usage_2() {
istioctl tag set prod-stable --revision 1-21-1
istioctl tag set prod-canary --revision 1-22-0
istioctl tag set prod-stable --revision 1-22-1
istioctl tag set prod-canary --revision 1-23-0
}
snip_usage_3() {
@ -128,13 +128,13 @@ istioctl ps
! IFS=$'\n' read -r -d '' snip_usage_5_out <<\ENDSNIP
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION
sleep-78ff5975c6-62pzf.app-ns-3 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-22-0-7f6fc6cfd6-s8zfg 1.22.0
sleep-78ff5975c6-8kxpl.app-ns-1 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-21-1-bdf5948d5-n72r2 1.21.1
sleep-78ff5975c6-8q7m6.app-ns-2 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-21-1-bdf5948d5-n72r2 1-21.1
sleep-78ff5975c6-62pzf.app-ns-3 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-23-0-7f6fc6cfd6-s8zfg 1.23.0
sleep-78ff5975c6-8kxpl.app-ns-1 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-22-1-bdf5948d5-n72r2 1.22.1
sleep-78ff5975c6-8q7m6.app-ns-2 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-22-1-bdf5948d5-n72r2 1-22.1
ENDSNIP
snip_usage_6() {
istioctl tag set prod-stable --revision 1-22-0 --overwrite
istioctl tag set prod-stable --revision 1-23-0 --overwrite
}
snip_usage_7() {
@ -148,17 +148,17 @@ istioctl ps
! IFS=$'\n' read -r -d '' snip_usage_8_out <<\ENDSNIP
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION
sleep-5984f48bc7-kmj6x.app-ns-1 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-22-0-7f6fc6cfd6-jsktb 1.22.0
sleep-78ff5975c6-jldk4.app-ns-3 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-22-0-7f6fc6cfd6-jsktb 1.22.0
sleep-7cdd8dccb9-5bq5n.app-ns-2 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-22-0-7f6fc6cfd6-jsktb 1.22.0
sleep-5984f48bc7-kmj6x.app-ns-1 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-23-0-7f6fc6cfd6-jsktb 1.23.0
sleep-78ff5975c6-jldk4.app-ns-3 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-23-0-7f6fc6cfd6-jsktb 1.23.0
sleep-7cdd8dccb9-5bq5n.app-ns-2 Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-1-23-0-7f6fc6cfd6-jsktb 1.23.0
ENDSNIP
snip_default_tag_1() {
istioctl tag set default --revision 1-22-0
istioctl tag set default --revision 1-23-0
}
snip_uninstall_old_control_plane_1() {
istioctl uninstall --revision 1-21-1 -y
istioctl uninstall --revision 1-22-1 -y
}
snip_uninstall_old_control_plane_2() {

8
content/en/docs/setup/upgrade/helm/snips.sh
View File

@ -77,16 +77,16 @@ helm upgrade istio-base istio/base --set defaultRevision=canary -n istio-system
}
snip_usage_1() {
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{prod-stable}" --set revision=1-21-1 -n istio-system | kubectl apply -f -
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{prod-canary}" --set revision=1-22-0 -n istio-system | kubectl apply -f -
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{prod-stable}" --set revision=1-22-1 -n istio-system | kubectl apply -f -
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{prod-canary}" --set revision=1-23-0 -n istio-system | kubectl apply -f -
}
snip_usage_2() {
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{prod-stable}" --set revision=1-22-0 -n istio-system | kubectl apply -f -
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{prod-stable}" --set revision=1-23-0 -n istio-system | kubectl apply -f -
}
snip_default_tag_1() {
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{default}" --set revision=1-22-0 -n istio-system | kubectl apply -f -
helm template istiod istio/istiod -s templates/revision-tags.yaml --set revisionTags="{default}" --set revision=1-23-0 -n istio-system | kubectl apply -f -
}
snip_in_place_upgrade_1() {

2
content/en/docs/tasks/observability/distributed-tracing/opencensusagent/snips.sh
View File

@ -173,7 +173,7 @@ killall istioctl
}
snip_cleanup_2() {
kubectl delete -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/jaeger.yaml
kubectl delete -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/jaeger.yaml
}
snip_cleanup_3() {

10
content/en/docs/tasks/security/authentication/authn-policy/snips.sh
View File

@ -298,7 +298,7 @@ spec:
istio: ingressgateway
jwtRules:
- issuer: "testing@secure.istio.io"
jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/jwks.json"
jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json"
EOF
}
@ -316,7 +316,7 @@ spec:
name: httpbin-gateway
jwtRules:
- issuer: "testing@secure.istio.io"
jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/jwks.json"
jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json"
EOF
}
@ -337,7 +337,7 @@ curl --header "Authorization: Bearer deadbeef" "$INGRESS_HOST:$INGRESS_PORT/head
ENDSNIP
snip_enduser_authentication_9() {
TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/demo.jwt -s)
TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s)
curl --header "Authorization: Bearer $TOKEN" "$INGRESS_HOST:$INGRESS_PORT/headers" -s -o /dev/null -w "%{http_code}\n"
}
@ -346,11 +346,11 @@ curl --header "Authorization: Bearer $TOKEN" "$INGRESS_HOST:$INGRESS_PORT/header
ENDSNIP
snip_enduser_authentication_10() {
wget --no-verbose https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/gen-jwt.py
wget --no-verbose https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/gen-jwt.py
}
snip_enduser_authentication_11() {
wget --no-verbose https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/key.pem
wget --no-verbose https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/key.pem
}
snip_enduser_authentication_12() {

4
content/en/docs/tasks/security/authentication/claim-to-header/snips.sh
View File

@ -48,7 +48,7 @@ spec:
app: httpbin
jwtRules:
- issuer: "testing@secure.istio.io"
jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/jwks.json"
jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json"
outputClaimToHeaders:
- header: "x-jwt-claim-foo"
claim: "foo"
@ -64,7 +64,7 @@ kubectl exec "$(kubectl get pod -l app=sleep -n foo -o jsonpath={.items..metadat
ENDSNIP
snip_allow_requests_with_valid_jwt_and_listtyped_claims_3() {
TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode -
TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode -
}
! IFS=$'\n' read -r -d '' snip_allow_requests_with_valid_jwt_and_listtyped_claims_3_out <<\ENDSNIP

6
content/en/docs/tasks/security/authentication/jwt-route/snips.sh
View File

@ -47,7 +47,7 @@ spec:
istio: ingressgateway
jwtRules:
- issuer: "testing@secure.istio.io"
jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/jwks.json"
jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json"
EOF
}
@ -97,7 +97,7 @@ HTTP/1.1 401 Unauthorized
ENDSNIP
snip_validating_ingress_routing_based_on_jwt_claims_3() {
TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode
TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode
}
! IFS=$'\n' read -r -d '' snip_validating_ingress_routing_based_on_jwt_claims_3_out <<\ENDSNIP
@ -114,7 +114,7 @@ HTTP/1.1 200 OK
ENDSNIP
snip_validating_ingress_routing_based_on_jwt_claims_5() {
TOKEN_NO_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode
TOKEN_NO_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode
}
! IFS=$'\n' read -r -d '' snip_validating_ingress_routing_based_on_jwt_claims_5_out <<\ENDSNIP

2
content/en/docs/tasks/security/authorization/authz-custom/snips.sh
View File

@ -36,7 +36,7 @@ kubectl exec "$(kubectl get pod -l app=sleep -n foo -o jsonpath={.items..metadat
ENDSNIP
snip_deploy_the_external_authorizer_1() {
kubectl apply -n foo -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/extauthz/ext-authz.yaml
kubectl apply -n foo -f https://raw.githubusercontent.com/istio/istio/master/samples/extauthz/ext-authz.yaml
}
! IFS=$'\n' read -r -d '' snip_deploy_the_external_authorizer_1_out <<\ENDSNIP

6
content/en/docs/tasks/security/authorization/authz-jwt/snips.sh
View File

@ -47,7 +47,7 @@ spec:
app: httpbin
jwtRules:
- issuer: "testing@secure.istio.io"
jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/jwks.json"
jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json"
EOF
}
@ -87,7 +87,7 @@ EOF
}
snip_allow_requests_with_valid_jwt_and_listtyped_claims_5() {
TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode -
TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode -
}
! IFS=$'\n' read -r -d '' snip_allow_requests_with_valid_jwt_and_listtyped_claims_5_out <<\ENDSNIP
@ -133,7 +133,7 @@ EOF
}
snip_allow_requests_with_valid_jwt_and_listtyped_claims_9() {
TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/release-1.22/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode -
TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode -
}
! IFS=$'\n' read -r -d '' snip_allow_requests_with_valid_jwt_and_listtyped_claims_9_out <<\ENDSNIP

75
content/zh/docs/reference/commands/install-cni/index.html
View File

@ -81,11 +81,11 @@ remove_toc_prefix: 'install-cni '
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -105,7 +105,7 @@ remove_toc_prefix: 'install-cni '
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -203,11 +203,11 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -227,7 +227,7 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -272,11 +272,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -296,7 +296,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -340,11 +340,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -364,7 +364,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -407,11 +407,11 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -431,7 +431,7 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -481,11 +481,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -505,7 +505,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -548,12 +548,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -578,7 +578,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ambient, cni, controllers, default, grpc, install, iptables, klog, model, monitoring, repair, spiffe, trustBundle, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -694,6 +694,12 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>If provided, StdoutStubDependencies will write the input from stdin to the given file.</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>
@ -820,12 +826,30 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
<td><code>GRPC_KEEPALIVE_INTERVAL</code></td>
<td>Time Duration</td>
<td><code>30s</code></td>
<td>gRPC Keepalive Interval</td>
</tr>
<tr>
<td><code>GRPC_KEEPALIVE_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>10s</code></td>
<td>gRPC Keepalive Timeout</td>
</tr>
<tr>
<td><code>HOST_PROBE_SNAT_IP</code></td>
<td>String</td>
<td><code>169.254.7.127</code></td>
<td></td>
</tr>
<tr>
<td><code>HOST_PROBE_SNAT_IPV6</code></td>
<td>String</td>
<td><code>fd16:9254:7127:1337:ffff:ffff:ffff:ffff</code></td>
<td></td>
</tr>
<tr>
<td><code>INBOUND_INTERCEPTION_MODE</code></td>
<td>String</td>
<td><code></code></td>
@ -1683,8 +1707,17 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>pilot_jwks_resolver_network_fetch_success_total</code></td><td><code>Sum</code></td><td>Total number of successfully network fetch by pilot jwks resolver</td></tr>
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
<tr><td><code>pilot_total_rejected_configs</code></td><td><code>Sum</code></td><td>Total number of configs that Pilot had to reject or ignore.</td></tr>
<tr><td><code>pilot_total_xds_internal_errors</code></td><td><code>Sum</code></td><td>Total number of internal XDS errors in pilot.</td></tr>
<tr><td><code>pilot_total_xds_rejects</code></td><td><code>Sum</code></td><td>Total number of XDS responses from pilot rejected by proxy.</td></tr>
<tr><td><code>pilot_virt_services</code></td><td><code>LastValue</code></td><td>Total virtual services known to pilot.</td></tr>
<tr><td><code>pilot_vservice_dup_domain</code></td><td><code>LastValue</code></td><td>Virtual services with dup domains.</td></tr>
<tr><td><code>pilot_xds_cds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected CDS configs.</td></tr>
<tr><td><code>pilot_xds_eds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected EDS.</td></tr>
<tr><td><code>pilot_xds_expired_nonce</code></td><td><code>Sum</code></td><td>Total number of XDS requests with an expired nonce.</td></tr>
<tr><td><code>pilot_xds_lds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected LDS.</td></tr>
<tr><td><code>pilot_xds_rds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected RDS.</td></tr>
<tr><td><code>pilot_xds_send_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to send generated configuration.</td></tr>
<tr><td><code>pilot_xds_write_timeout</code></td><td><code>Sum</code></td><td>Pilot XDS response write timeouts.</td></tr>
<tr><td><code>provider_lookup_cluster_failures</code></td><td><code>Sum</code></td><td>Number of times a cluster lookup failed</td></tr>
<tr><td><code>xds_cache_dependent_config_size</code></td><td><code>LastValue</code></td><td>Current size of dependent configs</td></tr>
<tr><td><code>xds_cache_evictions</code></td><td><code>Sum</code></td><td>Total number of xds cache evictions.</td></tr>

88
content/zh/docs/reference/commands/istioctl/index.html
View File

@ -926,7 +926,7 @@ to enable it. You can execute the following once:</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--name &lt;string&gt;</code></td>
@ -3022,7 +3022,7 @@ Retrieves last sent and last acknowledged xDS sync from Istiod to each Envoy in
<tr>
<td><code>--for &lt;string&gt;</code></td>
<td></td>
<td>Specify the traffic type [all none service workload] for the waypoint (default `service`)</td>
<td>Specify the traffic type [all none service workload] for the waypoint (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
@ -3152,7 +3152,7 @@ Retrieves last sent and last acknowledged xDS sync from Istiod to each Envoy in
<tr>
<td><code>--for &lt;string&gt;</code></td>
<td></td>
<td>Specify the traffic type [all none service workload] for the waypoint (default `service`)</td>
<td>Specify the traffic type [all none service workload] for the waypoint (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
@ -3592,10 +3592,10 @@ The default output is serialized YAML, which can be piped into &#39;kubectl appl
</table>
<h3 id="istioctl-experimental-ztunnel-config Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about workload configuration
istioctl ztunnel-config workload
istioctl x ztunnel-config workload
# Retrieve summary about certificates
istioctl ztunnel-config certificates
istioctl x ztunnel-config certificates
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-all">istioctl experimental ztunnel-config all</h2>
<p>Retrieve information about all configuration for the Ztunnel instance.</p>
@ -3659,10 +3659,10 @@ The default output is serialized YAML, which can be piped into &#39;kubectl appl
</table>
<h3 id="istioctl-experimental-ztunnel-config-all Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about all configuration for a randomly chosen ztunnel.
istioctl ztunnel-config all
istioctl x ztunnel-config all
# Retrieve full configuration dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-certificate">istioctl experimental ztunnel-config certificate</h2>
@ -3732,10 +3732,10 @@ istioctl experimental ztunnel-config cert [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-certificate Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about workload configuration for a randomly chosen ztunnel.
istioctl ztunnel-config certificates
istioctl x ztunnel-config certificates
# Retrieve full certificate dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config certificates &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config certificates &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-log">istioctl experimental ztunnel-config log</h2>
@ -3777,7 +3777,7 @@ istioctl experimental ztunnel-config cert [flags]
<tr>
<td><code>--level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-logger level of messages to output, in the form of [&lt;logger&gt;:]&lt;level&gt;,[&lt;logger&gt;:]&lt;level&gt;,... or &lt;level&gt; to change all active loggers, where logger components can be listed by running &#34;istioctl ztunnel-config log &lt;pod-name[.namespace]&gt;&#34;, and level can be one of [trace, debug, info, warning, error, critical, off] (default ``)</td>
<td>Comma-separated minimum per-logger level of messages to output, in the form of [&lt;logger&gt;:]&lt;level&gt;,[&lt;logger&gt;:]&lt;level&gt;,... or &lt;level&gt; to change all active loggers, where logger components can be listed by running &#34;istioctl x ztunnel-config log &lt;pod-name[.namespace]&gt;&#34;, and level can be one of [trace, debug, info, warning, error, critical, off] (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -3813,16 +3813,16 @@ istioctl experimental ztunnel-config cert [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-log Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve information about logging levels from all Ztunnel pods
istioctl ztunnel-config log
istioctl x ztunnel-config log
# Update levels of the all loggers for a specific Ztunnel pod
istioctl ztunnel-config log &lt;pod-name[.namespace]&gt; --level off
istioctl x ztunnel-config log &lt;pod-name[.namespace]&gt; --level off
# Update levels of the specified loggers for all Ztunnl pods
istioctl ztunnel-config log --level access:debug,info
istioctl x ztunnel-config log --level access:debug,info
# Reset levels of all the loggers to default value (warning) for a specific Ztunnel pod.
istioctl ztunnel-config log &lt;pod-name[.namespace]&gt; -r
istioctl x ztunnel-config log &lt;pod-name[.namespace]&gt; -r
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-policy">istioctl experimental ztunnel-config policy</h2>
@ -3897,10 +3897,10 @@ istioctl experimental ztunnel-config pol [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-policy Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about policy configuration for a randomly chosen ztunnel.
istioctl ztunnel-config policies
istioctl x ztunnel-config policies
# Retrieve full policy dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config policies &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-service">istioctl experimental ztunnel-config service</h2>
@ -3975,10 +3975,10 @@ istioctl experimental ztunnel-config svc [flags]
</table>
<h3 id="istioctl-experimental-ztunnel-config-service Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about services configuration for a randomly chosen ztunnel.
istioctl ztunnel-config services
istioctl x ztunnel-config services
# Retrieve full certificate dump of workloads for a given Ztunnel instance.
istioctl ztunnel-config services &lt;ztunnel-name[.namespace]&gt; -o json
istioctl x ztunnel-config services &lt;ztunnel-name[.namespace]&gt; -o json
</code></pre>
<h2 id="istioctl-experimental-ztunnel-config-workload">istioctl experimental ztunnel-config workload</h2>
@ -4067,20 +4067,20 @@ istioctl experimental ztunnel-config workloads [&lt;type&gt;/]&lt;name&gt;[.&lt;
</table>
<h3 id="istioctl-experimental-ztunnel-config-workload Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about workload configuration for a randomly chosen ztunnel.
istioctl ztunnel-config workload
istioctl x ztunnel-config workload
# Retrieve summary of workloads on node XXXX for a given Ztunnel instance.
istioctl ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --node ambient-worker
istioctl x ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --node ambient-worker
# Retrieve full workload dump of workloads with address XXXX for a given Ztunnel instance.
istioctl ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --address 0.0.0.0 -o json
istioctl x ztunnel-config workload &lt;ztunnel-name[.namespace]&gt; --address 0.0.0.0 -o json
# Retrieve Ztunnel config dump separately and inspect from file.
kubectl exec -it $ZTUNNEL -n istio-system -- curl localhost:15000/config_dump &gt; ztunnel-config.json
istioctl ztunnel-config workloads --file ztunnel-config.json
istioctl x ztunnel-config workloads --file ztunnel-config.json
# Retrieve workload summary for a specific namespace
istioctl ztunnel-config workloads &lt;ztunnel-name[.namespace]&gt; --workloads-namespace foo
istioctl x ztunnel-config workloads &lt;ztunnel-name[.namespace]&gt; --workloads-namespace foo
</code></pre>
<h2 id="istioctl-install">istioctl install</h2>
@ -4139,7 +4139,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4162,7 +4162,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -4535,7 +4535,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4558,7 +4558,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--vklog &lt;Level&gt;</code></td>
@ -4637,7 +4637,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4660,7 +4660,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -4785,7 +4785,7 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -4884,7 +4884,7 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -5117,7 +5117,7 @@ istioctl install --set profile=demo # Use a profile from the list
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -5192,7 +5192,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -5254,7 +5254,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -6404,7 +6404,7 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -6601,7 +6601,7 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -6702,7 +6702,7 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -6725,7 +6725,7 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -6808,7 +6808,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests).
(e.g. ~/Downloads/istio-1.23.0/manifests).
(default ``)</td>
</tr>
<tr>
@ -6831,7 +6831,7 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.22/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.23/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -6965,7 +6965,7 @@ istioctl experimental precheck.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.22.0/manifests). (default ``)</td>
(e.g. ~/Downloads/istio-1.23.0/manifests). (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
@ -7112,6 +7112,12 @@ cryptograhic modules (please consult
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fips-140-2).</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>

6
content/zh/docs/reference/commands/operator/index.html
View File

@ -359,6 +359,12 @@ cryptograhic modules (please consult
https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fips-140-2).</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>

122
content/zh/docs/reference/commands/pilot-agent/index.html
View File

@ -23,11 +23,11 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -47,7 +47,7 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -77,11 +77,11 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -101,7 +101,7 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -142,11 +142,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -166,7 +166,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -206,11 +206,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -230,7 +230,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -269,11 +269,11 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -293,7 +293,7 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -339,11 +339,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -363,7 +363,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -420,12 +420,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -450,7 +450,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -605,12 +605,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -635,7 +635,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -715,11 +715,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -739,7 +739,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -809,11 +809,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -833,7 +833,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -866,12 +866,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -896,7 +896,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -938,11 +938,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -962,7 +962,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gcecred, googleca, googlecas, grpc, healthcheck, iptables, klog, mockcred, model, monitoring, retry, sds, security, serviceentry, spiffe, stsclient, stsserver, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, all, ca, cache, citadelclient, default, dns, gcecred, grpc, healthcheck, iptables, klog, mockcred, monitoring, sds, security, spiffe, stsclient, stsserver, token, validation, wasm, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -1111,6 +1111,12 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>The type of ECC signature algorithm to use when generating private keys</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>
@ -1529,12 +1535,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>Kubernetes service host, set automatically when running in-cluster</td>
</tr>
<tr>
<td><code>K_REVISION</code></td>
<td>String</td>
<td><code></code></td>
<td>KNative revision, set if running in knative</td>
</tr>
<tr>
<td><code>LABEL_CANONICAL_SERVICES_FOR_MESH_EXTERNAL_SERVICE_ENTRIES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -2262,17 +2262,11 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><th>Metric Name</th><th>Type</th><th>Description</th></tr>
</thead>
<tbody>
<tr><td><code>auto_registration_deletes_total</code></td><td><code>Sum</code></td><td>Total number of auto registration cleaned up by periodic timer.</td></tr>
<tr><td><code>auto_registration_errors_total</code></td><td><code>Sum</code></td><td>Total number of auto registration errors.</td></tr>
<tr><td><code>auto_registration_success_total</code></td><td><code>Sum</code></td><td>Total number of successful auto registrations.</td></tr>
<tr><td><code>auto_registration_unregister_total</code></td><td><code>Sum</code></td><td>Total number of unregistrations.</td></tr>
<tr><td><code>auto_registration_updates_total</code></td><td><code>Sum</code></td><td>Total number of auto registration updates.</td></tr>
<tr><td><code>cert_expiry_seconds</code></td><td><code>LastValue</code></td><td>The time remaining, in seconds, before the certificate chain will expire. A negative value indicates the cert is expired.</td></tr>
<tr><td><code>dns_requests_total</code></td><td><code>Sum</code></td><td>Total number of DNS requests.</td></tr>
<tr><td><code>dns_upstream_failures_total</code></td><td><code>Sum</code></td><td>Total number of DNS failures.</td></tr>
<tr><td><code>dns_upstream_request_duration_seconds</code></td><td><code>Distribution</code></td><td>Total time in seconds Istio takes to get DNS response from upstream.</td></tr>
<tr><td><code>dns_upstream_requests_total</code></td><td><code>Sum</code></td><td>Total number of DNS requests forwarded to upstream.</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>envoy_connection_terminations</code></td><td><code>Sum</code></td><td>The total number of connection errors from envoy</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_connection_failures</code></td><td><code>Sum</code></td><td>The total number of connection failures to Istiod</td></tr>
@ -2283,46 +2277,18 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>num_outgoing_requests</code></td><td><code>Sum</code></td><td>Number of total outgoing requests (e.g. to a token exchange server, CA, etc.)</td></tr>
<tr><td><code>num_outgoing_retries</code></td><td><code>Sum</code></td><td>Number of outgoing retry requests (e.g. to a token exchange server, CA, etc.)</td></tr>
<tr><td><code>outgoing_latency</code></td><td><code>Sum</code></td><td>The latency of outgoing requests (e.g. to a token exchange server, CA, etc.) in milliseconds.</td></tr>
<tr><td><code>pilot_conflict_inbound_listener</code></td><td><code>LastValue</code></td><td>Number of conflicting inbound listeners.</td></tr>
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting tcp listeners with current tcp listener.</td></tr>
<tr><td><code>pilot_debounce_time</code></td><td><code>Distribution</code></td><td>Delay in seconds between the first config enters debouncing and the merged push request is pushed into the push queue.</td></tr>
<tr><td><code>pilot_destrule_subsets</code></td><td><code>LastValue</code></td><td>Duplicate subsets across destination rules for same host</td></tr>
<tr><td><code>pilot_dns_cluster_without_endpoints</code></td><td><code>LastValue</code></td><td>DNS clusters without endpoints caused by the endpoint field in STRICT_DNS type cluster is not set or the corresponding subset cannot select any endpoint</td></tr>
<tr><td><code>pilot_duplicate_envoy_clusters</code></td><td><code>LastValue</code></td><td>Duplicate envoy clusters caused by service entries with same hostname</td></tr>
<tr><td><code>pilot_eds_no_instances</code></td><td><code>LastValue</code></td><td>Number of clusters without instances.</td></tr>
<tr><td><code>pilot_endpoint_not_ready</code></td><td><code>LastValue</code></td><td>Endpoint found in unready state.</td></tr>
<tr><td><code>pilot_envoy_filter_status</code></td><td><code>LastValue</code></td><td>Status of Envoy filters whether it was applied or errored.</td></tr>
<tr><td><code>pilot_inbound_updates</code></td><td><code>Sum</code></td><td>Total number of updates received by pilot.</td></tr>
<tr><td><code>pilot_jwks_resolver_network_fetch_fail_total</code></td><td><code>Sum</code></td><td>Total number of failed network fetch by pilot jwks resolver</td></tr>
<tr><td><code>pilot_jwks_resolver_network_fetch_success_total</code></td><td><code>Sum</code></td><td>Total number of successfully network fetch by pilot jwks resolver</td></tr>
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
<tr><td><code>pilot_proxy_convergence_time</code></td><td><code>Distribution</code></td><td>Delay in seconds between config change and a proxy receiving all required configuration.</td></tr>
<tr><td><code>pilot_proxy_queue_time</code></td><td><code>Distribution</code></td><td>Time in seconds, a proxy is in the push queue before being dequeued.</td></tr>
<tr><td><code>pilot_push_triggers</code></td><td><code>Sum</code></td><td>Total number of times a push was triggered, labeled by reason for the push.</td></tr>
<tr><td><code>pilot_pushcontext_init_seconds</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to init pushContext.</td></tr>
<tr><td><code>pilot_sds_certificate_errors_total</code></td><td><code>Sum</code></td><td>Total number of failures to fetch SDS key and certificate.</td></tr>
<tr><td><code>pilot_services</code></td><td><code>LastValue</code></td><td>Total services known to pilot.</td></tr>
<tr><td><code>pilot_total_rejected_configs</code></td><td><code>Sum</code></td><td>Total number of configs that Pilot had to reject or ignore.</td></tr>
<tr><td><code>pilot_total_xds_internal_errors</code></td><td><code>Sum</code></td><td>Total number of internal XDS errors in pilot.</td></tr>
<tr><td><code>pilot_total_xds_rejects</code></td><td><code>Sum</code></td><td>Total number of XDS responses from pilot rejected by proxy.</td></tr>
<tr><td><code>pilot_virt_services</code></td><td><code>LastValue</code></td><td>Total virtual services known to pilot.</td></tr>
<tr><td><code>pilot_vservice_dup_domain</code></td><td><code>LastValue</code></td><td>Virtual services with dup domains.</td></tr>
<tr><td><code>pilot_worker_queue_depth</code></td><td><code>LastValue</code></td><td>Depth of the controller queues</td></tr>
<tr><td><code>pilot_worker_queue_duration</code></td><td><code>Distribution</code></td><td>Time taken to process an item</td></tr>
<tr><td><code>pilot_worker_queue_latency</code></td><td><code>Distribution</code></td><td>Latency before the item is processed</td></tr>
<tr><td><code>pilot_xds</code></td><td><code>LastValue</code></td><td>Number of endpoints connected to this pilot using XDS.</td></tr>
<tr><td><code>pilot_xds_cds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected CDS configs.</td></tr>
<tr><td><code>pilot_xds_config_size_bytes</code></td><td><code>Distribution</code></td><td>Distribution of configuration sizes pushed to clients</td></tr>
<tr><td><code>pilot_xds_eds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected EDS.</td></tr>
<tr><td><code>pilot_xds_expired_nonce</code></td><td><code>Sum</code></td><td>Total number of XDS requests with an expired nonce.</td></tr>
<tr><td><code>pilot_xds_lds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected LDS.</td></tr>
<tr><td><code>pilot_xds_push_context_errors</code></td><td><code>Sum</code></td><td>Number of errors (timeouts) initiating push context.</td></tr>
<tr><td><code>pilot_xds_push_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to push lds, rds, cds and eds.</td></tr>
<tr><td><code>pilot_xds_pushes</code></td><td><code>Sum</code></td><td>Pilot build and send errors for lds, rds, cds and eds.</td></tr>
<tr><td><code>pilot_xds_rds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected RDS.</td></tr>
<tr><td><code>pilot_xds_send_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to send generated configuration.</td></tr>
<tr><td><code>pilot_xds_write_timeout</code></td><td><code>Sum</code></td><td>Pilot XDS response write timeouts.</td></tr>
<tr><td><code>provider_lookup_cluster_failures</code></td><td><code>Sum</code></td><td>Number of times a cluster lookup failed</td></tr>
<tr><td><code>scrape_failures_total</code></td><td><code>Sum</code></td><td>The total number of failed scrapes.</td></tr>
<tr><td><code>scrapes_total</code></td><td><code>Sum</code></td><td>The total number of scrapes.</td></tr>
<tr><td><code>startup_duration_seconds</code></td><td><code>LastValue</code></td><td>The time from the process starting to being marked ready.</td></tr>
@ -2331,10 +2297,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>wasm_config_conversion_count</code></td><td><code>Sum</code></td><td>number of Wasm config conversion count and results, including success, no remote load, marshal failure, remote fetch failure, miss remote fetch hint.</td></tr>
<tr><td><code>wasm_config_conversion_duration</code></td><td><code>Distribution</code></td><td>Total time in milliseconds istio-agent spends on converting remote load in Wasm config.</td></tr>
<tr><td><code>wasm_remote_fetch_count</code></td><td><code>Sum</code></td><td>number of Wasm remote fetches and results, including success, download failure, and checksum mismatch.</td></tr>
<tr><td><code>xds_cache_dependent_config_size</code></td><td><code>LastValue</code></td><td>Current size of dependent configs</td></tr>
<tr><td><code>xds_cache_evictions</code></td><td><code>Sum</code></td><td>Total number of xds cache evictions.</td></tr>
<tr><td><code>xds_cache_reads</code></td><td><code>Sum</code></td><td>Total number of xds cache xdsCacheReads.</td></tr>
<tr><td><code>xds_cache_size</code></td><td><code>LastValue</code></td><td>Current size of xds cache</td></tr>
<tr><td><code>xds_proxy_requests</code></td><td><code>Sum</code></td><td>The total number of Xds Proxy Requests</td></tr>
<tr><td><code>xds_proxy_responses</code></td><td><code>Sum</code></td><td>The total number of Xds Proxy Responses</td></tr>
</tbody>

8
content/zh/docs/reference/commands/pilot-discovery/index.html
View File

@ -520,6 +520,12 @@ https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl#fip
<td>The default TTL of issued workload certificates. Applied when the client sets a non-positive TTL in the CSR.</td>
</tr>
<tr>
<td><code>ENABLE_100_CONTINUE_HEADERS</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>If enabled, istiod will proxy 100-continue headers as is</td>
</tr>
<tr>
<td><code>ENABLE_AUTO_SNI</code></td>
<td>Boolean</td>
<td><code>true</code></td>
@ -839,7 +845,7 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td><code>K8S_INGRESS_NS</code></td>
<td>String</td>
<td><code>istio-system</code></td>
<td></td>
<td>The namespace where ingress controller runs, by default it is istio-system</td>
</tr>
<tr>
<td><code>K8S_SIGNER</code></td>

4
content/zh/docs/reference/config/networking/destination-rule/index.html
View File

@ -1396,7 +1396,9 @@ No
<td>
<p>The table size for Maglev hashing. This helps in controlling the
disruption when the backend hosts change.
Increasing the table size reduces the amount of disruption.</p>
Increasing the table size reduces the amount of disruption.
The table size must be prime number less than 5000011.
If it is not specified, the default is 65537.</p>
</td>
<td>

55
content/zh/docs/reference/config/networking/virtual-service/index.html
View File

@ -8,7 +8,7 @@ layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.networking.v1alpha3.VirtualService
aliases: [/zh/docs/reference/config/networking/v1alpha3/virtual-service]
number_of_entries: 29
number_of_entries: 30
---
<p>Configuration affecting traffic routing. Here are a few terms useful to define
in the context of traffic routing.</p>
@ -241,7 +241,7 @@ services), as well as services declared through the
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. &ldquo;reviews&rdquo;
instead of &ldquo;reviews.default.svc.cluster.local&rdquo;), Istio will interpret
the short name based on the namespace of the rule, not the service. A
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews will be
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews&rdquo; will be
interpreted as &ldquo;reviews.default.svc.cluster.local&rdquo;, irrespective of the
actual namespace associated with the reviews service. <em>To avoid potential
misconfigurations, it is recommended to always use fully qualified
@ -368,7 +368,7 @@ destinations that are not found in either of the two, will be dropped.</p>
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. &ldquo;reviews&rdquo;
instead of &ldquo;reviews.default.svc.cluster.local&rdquo;), Istio will interpret
the short name based on the namespace of the rule, not the service. A
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews will be
rule in the &ldquo;default&rdquo; namespace containing a host &ldquo;reviews&rdquo; will be
interpreted as &ldquo;reviews.default.svc.cluster.local&rdquo;, irrespective of
the actual namespace associated with the reviews service. To avoid
potential misconfiguration, it is recommended to always use fully
@ -2200,6 +2200,19 @@ No
(not the preflight) using credentials. Translates to
<code>Access-Control-Allow-Credentials</code> header.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-unmatched_preflights">
<td><code>unmatchedPreflights</code></td>
<td><code><a href="#CorsPolicy-UnmatchedPreflights">UnmatchedPreflights</a></code></td>
<td>
<p>Indicates whether preflight requests not matching the configured
allowed origin shouldn&rsquo;t be forwarded to the upstream.
Default is forward to upstream.</p>
</td>
<td>
No
@ -2618,3 +2631,39 @@ No
</tbody>
</table>
</section>
<h2 id="CorsPolicy-UnmatchedPreflights">CorsPolicy.UnmatchedPreflights</h2>
<section>
<table class="enum-values">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="CorsPolicy-UnmatchedPreflights-UNSPECIFIED">
<td><code>UNSPECIFIED</code></td>
<td>
<p>Default to FORWARD</p>
</td>
</tr>
<tr id="CorsPolicy-UnmatchedPreflights-FORWARD">
<td><code>FORWARD</code></td>
<td>
<p>Preflight requests not matching the configured allowed origin
will be forwarded to the upstream.</p>
</td>
</tr>
<tr id="CorsPolicy-UnmatchedPreflights-IGNORE">
<td><code>IGNORE</code></td>
<td>
<p>Preflight requests not matching the configured allowed origin
will not be forwarded to the upstream.</p>
</td>
</tr>
</tbody>
</table>
</section>

308
content/zh/docs/reference/config/security/jwt/index.html
View File

@ -1,308 +0,0 @@
---
WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/api' REPO
source_repo: https://github.com/istio/api
title: JWTRule
description: Configuration to validate JWT.
location: https://istio.io/docs/reference/config/security/jwt.html
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1beta1.JWTRule
aliases: [/zh/docs/reference/config/security/v1beta1/jwt]
number_of_entries: 3
---
<h2 id="JWTRule">JWTRule</h2>
<section>
<p>JSON Web Token (JWT) token format for authentication as defined by
<a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a>. See <a href="https://tools.ietf.org/html/rfc6749">OAuth 2.0</a> and
<a href="http://openid.net/connect">OIDC 1.0</a> for how this is used in the whole
authentication flow.</p>
<p>Examples:</p>
<p>Spec for a JWT that is issued by <code>https://example.com</code>, with the audience claims must be either
<code>bookstore_android.apps.example.com</code> or <code>bookstore_web.apps.example.com</code>.
The token should be presented at the <code>Authorization</code> header (default). The JSON Web Key Set (JWKS)
will be discovered following OpenID Connect protocol.</p>
<pre><code class="language-yaml">issuer: https://example.com
audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
<p>This example specifies a token in a non-default location (<code>x-goog-iap-jwt-assertion</code> header). It also
defines the URI to fetch JWKS explicitly.</p>
<pre><code class="language-yaml">issuer: https://example.com
jwksUri: https://example.com/.secret/jwks.json
fromHeaders:
- &quot;x-goog-iap-jwt-assertion&quot;
</code></pre>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTRule-issuer">
<td><code>issuer</code></td>
<td><code>string</code></td>
<td>
<p>Identifies the issuer that issued the JWT. See
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.1">issuer</a>
A JWT with different <code>iss</code> claim will be rejected.</p>
<p>Example: <code>https://foobar.auth0.com</code>
Example: <code>1234567-compute@developer.gserviceaccount.com</code></p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTRule-audiences">
<td><code>audiences</code></td>
<td><code>string[]</code></td>
<td>
<p>The list of JWT
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.3">audiences</a>
that are allowed to access. A JWT containing any of these
audiences will be accepted.</p>
<p>The service name will be accepted if audiences is empty.</p>
<p>Example:</p>
<pre><code class="language-yaml">audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks_uri">
<td><code>jwksUri</code></td>
<td><code>string</code></td>
<td>
<p>URL of the provider&rsquo;s public key set to validate signature of the
JWT. See <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata">OpenID Discovery</a>.</p>
<p>Optional if the key set document can either (a) be retrieved from
<a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID
Discovery</a> of
the issuer or (b) inferred from the email domain of the issuer (e.g. a
Google service account).</p>
<p>Example: <code>https://www.googleapis.com/oauth2/v1/certs</code></p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks">
<td><code>jwks</code></td>
<td><code>string</code></td>
<td>
<p>JSON Web Key Set of public keys to validate signature of the JWT.
See <a href="https://auth0.com/docs/jwks">https://auth0.com/docs/jwks</a>.</p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_headers">
<td><code>fromHeaders</code></td>
<td><code><a href="#JWTHeader">JWTHeader[]</a></code></td>
<td>
<p>List of header locations from which JWT is expected. For example, below is the location spec
if JWT is expected to be found in <code>x-jwt-assertion</code> header, and have <code>Bearer</code> prefix:</p>
<pre><code class="language-yaml"> fromHeaders:
- name: x-jwt-assertion
prefix: &quot;Bearer &quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_params">
<td><code>fromParams</code></td>
<td><code>string[]</code></td>
<td>
<p>List of query parameters from which JWT is expected. For example, if JWT is provided via query
parameter <code>my_token</code> (e.g <code>/path?my_token=&lt;JWT&gt;</code>), the config is:</p>
<pre><code class="language-yaml"> fromParams:
- &quot;my_token&quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_payload_to_header">
<td><code>outputPayloadToHeader</code></td>
<td><code>string</code></td>
<td>
<p>This field specifies the header name to output a successfully verified JWT payload to the
backend. The forwarded data is <code>base64_encoded(jwt_payload_in_JSON)</code>. If it is not specified,
the payload will not be emitted.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_cookies">
<td><code>fromCookies</code></td>
<td><code>string[]</code></td>
<td>
<p>List of cookie names from which JWT is expected. //
For example, if config is:</p>
<pre><code class="language-yaml"> from_cookies:
- auth-token
</code></pre>
<p>Then JWT will be extracted from <code>auth-token</code> cookie in the request.</p>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-forward_original_token">
<td><code>forwardOriginalToken</code></td>
<td><code>bool</code></td>
<td>
<p>If set to true, the original token will be kept for the upstream request. Default is false.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_claim_to_headers">
<td><code>outputClaimToHeaders</code></td>
<td><code><a href="#ClaimToHeader">ClaimToHeader[]</a></code></td>
<td>
<p>This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.
This differs from the <code>output_payload_to_header</code> by allowing outputting individual claims instead of the whole payload.
The header specified in each operation in the list must be unique. Nested claims of type string/int/bool is supported as well.</p>
<pre><code> outputClaimToHeaders:
- header: x-my-company-jwt-group
claim: my-group
- header: x-test-environment-flag
claim: test-flag
- header: x-jwt-claim-group
claim: nested.key.group
</code></pre>
<p>[Experimental] This feature is a experimental feature.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-timeout">
<td><code>timeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable,
will spend waiting for the JWKS to be fetched. Default is 5s.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="JWTHeader">JWTHeader</h2>
<section>
<p>This message specifies a header location to extract JWT token.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTHeader-name">
<td><code>name</code></td>
<td><code>string</code></td>
<td>
<p>The HTTP header name.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTHeader-prefix">
<td><code>prefix</code></td>
<td><code>string</code></td>
<td>
<p>The prefix that should be stripped before decoding the token.
For example, for <code>Authorization: Bearer &lt;token&gt;</code>, prefix=<code>Bearer</code> with a space at the end.
If the header doesn&rsquo;t have this exact prefix, it is considered invalid.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="ClaimToHeader">ClaimToHeader</h2>
<section>
<p>This message specifies the detail for copying claim to header.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="ClaimToHeader-header">
<td><code>header</code></td>
<td><code>string</code></td>
<td>
<p>The name of the header to be created. The header will be overridden if it already exists in the request.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ClaimToHeader-claim">
<td><code>claim</code></td>
<td><code>string</code></td>
<td>
<p>The name of the claim to be copied from. Only claim of type string/int/bool is supported.
The header will not be there if the claim does not exist or the type of the claim is not supported.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>

302
content/zh/docs/reference/config/security/request_authentication/index.html
View File

@ -7,8 +7,8 @@ location: https://istio.io/docs/reference/config/security/request_authentication
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.security.v1beta1.RequestAuthentication
aliases: [/zh/docs/reference/config/security/v1beta1/request_authentication]
number_of_entries: 1
aliases: [/zh/docs/reference/config/security/v1beta1/request_authentication, /docs/reference/config/security/v1beta1/jwt, /docs/reference/config/security/v1beta1/jwt.html]
number_of_entries: 4
---
<h2 id="RequestAuthentication">RequestAuthentication</h2>
<section>
@ -256,7 +256,7 @@ No
</tr>
<tr id="RequestAuthentication-jwt_rules">
<td><code>jwtRules</code></td>
<td><code><a href="/zh/docs/reference/config/security/jwt/#JWTRule">JWTRule[]</a></code></td>
<td><code><a href="#JWTRule">JWTRule[]</a></code></td>
<td>
<p>Define the list of JWTs that can be validated at the selected workloads&rsquo; proxy. A valid token
will be used to extract the authenticated identity.
@ -274,3 +274,299 @@ No
</tbody>
</table>
</section>
<h2 id="JWTRule">JWTRule</h2>
<section>
<p>JSON Web Token (JWT) token format for authentication as defined by
<a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a>. See <a href="https://tools.ietf.org/html/rfc6749">OAuth 2.0</a> and
<a href="http://openid.net/connect">OIDC 1.0</a> for how this is used in the whole
authentication flow.</p>
<p>Examples:</p>
<p>Spec for a JWT that is issued by <code>https://example.com</code>, with the audience claims must be either
<code>bookstore_android.apps.example.com</code> or <code>bookstore_web.apps.example.com</code>.
The token should be presented at the <code>Authorization</code> header (default). The JSON Web Key Set (JWKS)
will be discovered following OpenID Connect protocol.</p>
<pre><code class="language-yaml">issuer: https://example.com
audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
<p>This example specifies a token in a non-default location (<code>x-goog-iap-jwt-assertion</code> header). It also
defines the URI to fetch JWKS explicitly.</p>
<pre><code class="language-yaml">issuer: https://example.com
jwksUri: https://example.com/.secret/jwks.json
fromHeaders:
- &quot;x-goog-iap-jwt-assertion&quot;
</code></pre>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTRule-issuer">
<td><code>issuer</code></td>
<td><code>string</code></td>
<td>
<p>Identifies the issuer that issued the JWT. See
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.1">issuer</a>
A JWT with different <code>iss</code> claim will be rejected.</p>
<p>Example: <code>https://foobar.auth0.com</code>
Example: <code>1234567-compute@developer.gserviceaccount.com</code></p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTRule-audiences">
<td><code>audiences</code></td>
<td><code>string[]</code></td>
<td>
<p>The list of JWT
<a href="https://tools.ietf.org/html/rfc7519#section-4.1.3">audiences</a>
that are allowed to access. A JWT containing any of these
audiences will be accepted.</p>
<p>The service name will be accepted if audiences is empty.</p>
<p>Example:</p>
<pre><code class="language-yaml">audiences:
- bookstore_android.apps.example.com
bookstore_web.apps.example.com
</code></pre>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks_uri">
<td><code>jwksUri</code></td>
<td><code>string</code></td>
<td>
<p>URL of the provider&rsquo;s public key set to validate signature of the
JWT. See <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata">OpenID Discovery</a>.</p>
<p>Optional if the key set document can either (a) be retrieved from
<a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID
Discovery</a> of
the issuer or (b) inferred from the email domain of the issuer (e.g. a
Google service account).</p>
<p>Example: <code>https://www.googleapis.com/oauth2/v1/certs</code></p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-jwks">
<td><code>jwks</code></td>
<td><code>string</code></td>
<td>
<p>JSON Web Key Set of public keys to validate signature of the JWT.
See <a href="https://auth0.com/docs/jwks">https://auth0.com/docs/jwks</a>.</p>
<p>Note: Only one of <code>jwksUri</code> and <code>jwks</code> should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_headers">
<td><code>fromHeaders</code></td>
<td><code><a href="#JWTHeader">JWTHeader[]</a></code></td>
<td>
<p>List of header locations from which JWT is expected. For example, below is the location spec
if JWT is expected to be found in <code>x-jwt-assertion</code> header, and have <code>Bearer</code> prefix:</p>
<pre><code class="language-yaml"> fromHeaders:
- name: x-jwt-assertion
prefix: &quot;Bearer &quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_params">
<td><code>fromParams</code></td>
<td><code>string[]</code></td>
<td>
<p>List of query parameters from which JWT is expected. For example, if JWT is provided via query
parameter <code>my_token</code> (e.g <code>/path?my_token=&lt;JWT&gt;</code>), the config is:</p>
<pre><code class="language-yaml"> fromParams:
- &quot;my_token&quot;
</code></pre>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_payload_to_header">
<td><code>outputPayloadToHeader</code></td>
<td><code>string</code></td>
<td>
<p>This field specifies the header name to output a successfully verified JWT payload to the
backend. The forwarded data is <code>base64_encoded(jwt_payload_in_JSON)</code>. If it is not specified,
the payload will not be emitted.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-from_cookies">
<td><code>fromCookies</code></td>
<td><code>string[]</code></td>
<td>
<p>List of cookie names from which JWT is expected. //
For example, if config is:</p>
<pre><code class="language-yaml"> from_cookies:
- auth-token
</code></pre>
<p>Then JWT will be extracted from <code>auth-token</code> cookie in the request.</p>
<p>Note: Requests with multiple tokens (at different locations) are not supported, the output principal of
such requests is undefined.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-forward_original_token">
<td><code>forwardOriginalToken</code></td>
<td><code>bool</code></td>
<td>
<p>If set to true, the original token will be kept for the upstream request. Default is false.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-output_claim_to_headers">
<td><code>outputClaimToHeaders</code></td>
<td><code><a href="#ClaimToHeader">ClaimToHeader[]</a></code></td>
<td>
<p>This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.
This differs from the <code>output_payload_to_header</code> by allowing outputting individual claims instead of the whole payload.
The header specified in each operation in the list must be unique. Nested claims of type string/int/bool is supported as well.</p>
<pre><code> outputClaimToHeaders:
- header: x-my-company-jwt-group
claim: my-group
- header: x-test-environment-flag
claim: test-flag
- header: x-jwt-claim-group
claim: nested.key.group
</code></pre>
<p>[Experimental] This feature is a experimental feature.</p>
</td>
<td>
No
</td>
</tr>
<tr id="JWTRule-timeout">
<td><code>timeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable,
will spend waiting for the JWKS to be fetched. Default is 5s.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="JWTHeader">JWTHeader</h2>
<section>
<p>This message specifies a header location to extract JWT token.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="JWTHeader-name">
<td><code>name</code></td>
<td><code>string</code></td>
<td>
<p>The HTTP header name.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="JWTHeader-prefix">
<td><code>prefix</code></td>
<td><code>string</code></td>
<td>
<p>The prefix that should be stripped before decoding the token.
For example, for <code>Authorization: Bearer &lt;token&gt;</code>, prefix=<code>Bearer</code> with a space at the end.
If the header doesn&rsquo;t have this exact prefix, it is considered invalid.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="ClaimToHeader">ClaimToHeader</h2>
<section>
<p>This message specifies the detail for copying claim to header.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="ClaimToHeader-header">
<td><code>header</code></td>
<td><code>string</code></td>
<td>
<p>The name of the header to be created. The header will be overridden if it already exists in the request.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ClaimToHeader-claim">
<td><code>claim</code></td>
<td><code>string</code></td>
<td>
<p>The name of the claim to be copied from. Only claim of type string/int/bool is supported.
The header will not be there if the claim does not exist or the type of the claim is not supported.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
</section>

2
data/analysis.yaml
View File

@ -298,7 +298,7 @@ messages:
- name: "ServiceEntryAddressesRequired"
code: IST0134
level: Warning
description: "Virtual IP addresses are required for ports serving TCP (or unset) protocol"
description: "Virtual IP addresses are required for ports serving TCP (or unset) protocol when ISTIO_META_DNS_AUTO_ALLOCATE is not set on a proxy"
template: "ServiceEntry addresses are required for this protocol."
- name: "DeprecatedAnnotation"

8
data/args.yml
View File

@ -1,11 +1,11 @@
# The primary Istio version identifier the docs describe, used throughout the site
version: "1.22"
version: "1.23"
# The full Istio version identifier the docs describe
full_version: "1.22.0"
full_version: "1.23.0"
# The previous Istio version identifier the docs describe, used for upgrade documentation
previous_version: "1.21"
previous_version: "1.22"
# The year to display in copyright notices
copyright_year: 2024
@ -25,7 +25,7 @@ archive_date: YYYY-MM-DD
archive_search_refinement: "V1.1"
# GitHub branch names used when the docs have links to GitHub
source_branch_name: release-1.22
source_branch_name: master
doc_branch_name: master
####### Static values

49
go.mod
View File

@ -13,15 +13,14 @@ replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.5
require (
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
golang.org/x/sync v0.7.0
istio.io/istio v0.0.0-20240511025857-aaf597fbfae6
istio.io/istio v0.0.0-20240513214320-e13e6c4357e8
k8s.io/apimachinery v0.30.0
k8s.io/client-go v0.30.0
)
require (
cel.dev/expr v0.15.0 // indirect
cloud.google.com/go/compute v1.25.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/compute/metadata v0.3.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
github.com/MakeNowJust/heredoc v1.0.0 // indirect
@ -36,18 +35,18 @@ require (
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/cheggaaa/pb/v3 v3.1.5 // indirect
github.com/cncf/xds/go v0.0.0-20240329184929-0c46c01016dc // indirect
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/docker/cli v26.0.0+incompatible // indirect
github.com/docker/cli v26.1.0+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v25.0.5+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.1 // indirect
github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/envoyproxy/go-control-plane v0.12.1-0.20240419124334-0cebb2f428b3 // indirect
github.com/envoyproxy/go-control-plane v0.12.1-0.20240509201933-132c0a31ab09 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
@ -108,7 +107,7 @@ require (
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/miekg/dns v1.1.58 // indirect
github.com/miekg/dns v1.1.59 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@ -124,7 +123,7 @@ require (
github.com/onsi/ginkgo/v2 v2.17.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255 // indirect
github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784 // indirect
github.com/pelletier/go-toml/v2 v2.1.1 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pires/go-proxyproto v0.7.0 // indirect
@ -132,11 +131,11 @@ require (
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/prometheus/client_golang v1.19.0 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.52.2 // indirect
github.com/prometheus/procfs v0.13.0 // indirect
github.com/prometheus/prometheus v0.51.1 // indirect
github.com/prometheus/common v0.53.0 // indirect
github.com/prometheus/procfs v0.14.0 // indirect
github.com/prometheus/prometheus v0.51.2 // indirect
github.com/quic-go/qpack v0.4.0 // indirect
github.com/quic-go/quic-go v0.42.0 // indirect
github.com/quic-go/quic-go v0.43.0 // indirect
github.com/rivo/uniseg v0.4.6 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
@ -160,16 +159,16 @@ require (
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
github.com/yl2chen/cidranger v1.0.2 // indirect
go.opentelemetry.io/otel v1.24.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 // indirect
go.opentelemetry.io/otel/exporters/prometheus v0.46.0 // indirect
go.opentelemetry.io/otel/metric v1.24.0 // indirect
go.opentelemetry.io/otel/sdk v1.24.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
go.opentelemetry.io/proto/otlp v1.1.0 // indirect
go.opentelemetry.io/otel v1.26.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect
go.opentelemetry.io/otel/exporters/prometheus v0.48.0 // indirect
go.opentelemetry.io/otel/metric v1.26.0 // indirect
go.opentelemetry.io/otel/sdk v1.26.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.26.0 // indirect
go.opentelemetry.io/otel/trace v1.26.0 // indirect
go.opentelemetry.io/proto/otlp v1.2.0 // indirect
go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
go.uber.org/atomic v1.11.0 // indirect
go.uber.org/mock v0.4.0 // indirect
@ -186,8 +185,8 @@ require (
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.20.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240401170217-c3f982113cda // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
google.golang.org/grpc v1.63.2 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
@ -195,7 +194,7 @@ require (
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
helm.sh/helm/v3 v3.14.3 // indirect
helm.sh/helm/v3 v3.14.4 // indirect
istio.io/api v1.22.0-beta.0 // indirect
istio.io/client-go v1.22.0-rc.0.0.20240511020757-412bec918d1e // indirect
k8s.io/api v0.30.0 // indirect

102
go.sum
View File

@ -3,10 +3,8 @@ cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU=
cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
@ -82,8 +80,8 @@ github.com/cheggaaa/pb/v3 v3.1.5 h1:QuuUzeM2WsAqG2gMqtzaWithDJv0i+i6UlnwSCI4QLk=
github.com/cheggaaa/pb/v3 v3.1.5/go.mod h1:CrxkeghYTXi1lQBEI7jSn+3svI3cuc19haAj6jM60XI=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/xds/go v0.0.0-20240329184929-0c46c01016dc h1:Xo7J+m6Iq9pGYXnooTSpxZ11PzNzI7cKU9V81dpKSRQ=
github.com/cncf/xds/go v0.0.0-20240329184929-0c46c01016dc/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw=
github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
@ -120,8 +118,8 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etly
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUyzJVPxD30I=
github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlPXifX/UQ3Y=
github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
@ -143,8 +141,8 @@ github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/go-control-plane v0.12.1-0.20240419124334-0cebb2f428b3 h1:/eklMEyfPvB7C8dULCt9GYwpYDy6shwe7vqHMS+82bI=
github.com/envoyproxy/go-control-plane v0.12.1-0.20240419124334-0cebb2f428b3/go.mod h1:rlr50u7tACJ1Y9jCUMndkfLvGCAX3fWXVVAkj+OfzT4=
github.com/envoyproxy/go-control-plane v0.12.1-0.20240509201933-132c0a31ab09 h1:EuYREJjw6sE1+kyRBIS3lBRiobHNMCnhhchdRAovl1s=
github.com/envoyproxy/go-control-plane v0.12.1-0.20240509201933-132c0a31ab09/go.mod h1:5Wkq+JduFtdAXihLmeTJf+tRYIT4KBc2vPXDhwVo1pA=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
@ -427,8 +425,8 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@ -478,14 +476,14 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE=
github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255 h1:OPEl/rl/Bt8soLkMUex9PZu9PJB59VPFnaPh/n1Pb3I=
github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784 h1:SmOZFMxuAH4d1Cj7dOftVyo4Wg/mEC4pwz6QIJJsAkc=
github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@ -521,21 +519,21 @@ github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQy
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck=
github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q=
github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE=
github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o=
github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g=
github.com/prometheus/prometheus v0.51.1 h1:V2e7x2oiUC0Megp26+xjffxBf9EGkyP1iQuGd4VjUSU=
github.com/prometheus/prometheus v0.51.1/go.mod h1:yv4MwOn3yHMQ6MZGHPg/U7Fcyqf+rxqiZfSur6myVtc=
github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s=
github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ=
github.com/prometheus/prometheus v0.51.2 h1:U0faf1nT4CB9DkBW87XLJCBi2s8nwWXdTbyzRUAkX0w=
github.com/prometheus/prometheus v0.51.2/go.mod h1:yv4MwOn3yHMQ6MZGHPg/U7Fcyqf+rxqiZfSur6myVtc=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
github.com/quic-go/quic-go v0.42.0 h1:uSfdap0eveIl8KXnipv9K7nlwZ5IqLlYOpJ58u5utpM=
github.com/quic-go/quic-go v0.42.0/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M=
github.com/quic-go/quic-go v0.43.0 h1:sjtsTKWX0dsHpuMJvLxGqoQdtgJnbAPWY+W+5vjYW/g=
github.com/quic-go/quic-go v0.43.0/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.6 h1:Sovz9sDSwbOz9tgUy8JpT+KgCkPYJEN/oYzlJiYTNLg=
github.com/rivo/uniseg v0.4.6/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@ -648,26 +646,26 @@ go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL
go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 h1:t6wl9SPayj+c7lEIFgm4ooDBZVb01IhLB4InpomhRw8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0/go.mod h1:iSDOcsnSA5INXzZtwaBPrKp/lWu/V14Dd+llD0oI2EA=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0 h1:Mw5xcxMwlqoJd97vwPxA8isEaIoxsta9/Q51+TTJLGE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.24.0/go.mod h1:CQNu9bj7o7mC6U7+CA/schKEYakYXWr79ucDHTMGhCM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM=
go.opentelemetry.io/otel/exporters/prometheus v0.46.0 h1:I8WIFXR351FoLJYuloU4EgXbtNX2URfU/85pUPheIEQ=
go.opentelemetry.io/otel/exporters/prometheus v0.46.0/go.mod h1:ztwVUHe5DTR/1v7PeuGRnU5Bbd4QKYwApWmuutKsJSs=
go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
go.opentelemetry.io/otel/sdk/metric v1.24.0 h1:yyMQrPzF+k88/DbH7o4FMAs80puqd+9osbiBrJrz/w8=
go.opentelemetry.io/otel/sdk/metric v1.24.0/go.mod h1:I6Y5FjH6rvEnTTAYQz3Mmv2kl6Ek5IIrmwTLqMrrOE0=
go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI=
go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY=
go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs=
go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 h1:Waw9Wfpo/IXzOI8bCB7DIk+0JZcqqsyn1JFnAc+iam8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0/go.mod h1:wnJIG4fOqyynOnnQF/eQb4/16VlX2EJAHhHgqIqWfAo=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 h1:1wp/gyxsuYtuE/JFxsQRtcCDtMrO2qMvlfXALU5wkzI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0/go.mod h1:gbTHmghkGgqxMomVQQMur1Nba4M0MQ8AYThXDUjsJ38=
go.opentelemetry.io/otel/exporters/prometheus v0.48.0 h1:sBQe3VNGUjY9IKWQC6z2lNqa5iGbDSxhs60ABwK4y0s=
go.opentelemetry.io/otel/exporters/prometheus v0.48.0/go.mod h1:DtrbMzoZWwQHyrQmCfLam5DZbnmorsGbOtTbYHycU5o=
go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30=
go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4=
go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8=
go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs=
go.opentelemetry.io/otel/sdk/metric v1.26.0 h1:cWSks5tfriHPdWFnl+qpX3P681aAYqlZHcAyHw5aU9Y=
go.opentelemetry.io/otel/sdk/metric v1.26.0/go.mod h1:ClMFFknnThJCksebJwz7KIyEDHO+nTB6gK8obLy8RyE=
go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA=
go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0=
go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94=
go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A=
go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4=
go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@ -865,10 +863,10 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto/googleapis/api v0.0.0-20240401170217-c3f982113cda h1:b6F6WIV4xHHD0FA4oIyzU6mHWg2WI2X1RBehwa5QN38=
google.golang.org/genproto/googleapis/api v0.0.0-20240401170217-c3f982113cda/go.mod h1:AHcE/gZH76Bk/ROZhQphlRoWo5xKDEtz3eVEO1LfA8c=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda h1:LI5DOvAxUPMv/50agcLLoo+AdWc1irS9Rzz4vPuD1V4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU=
google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
@ -923,8 +921,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
helm.sh/helm/v3 v3.14.4 h1:6FSpEfqyDalHq3kUr4gOMThhgY55kXUEjdQoyODYnrM=
helm.sh/helm/v3 v3.14.4/go.mod h1:Tje7LL4gprZpuBNTbG34d1Xn5NmRT3OWfBRwpOSer9I=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@ -932,8 +930,8 @@ istio.io/api v1.22.0-beta.0 h1:dlBLCqjH6/12RZEjDU5dbM3Evwl22jS6JucFn3nJyZ0=
istio.io/api v1.22.0-beta.0/go.mod h1:S3l8LWqNYS9yT+d4bH+jqzH2lMencPkW7SKM1Cu9EyM=
istio.io/client-go v1.22.0-rc.0.0.20240511020757-412bec918d1e h1:scHu9YFFfu8cj56K8kY2BxQfOV8SLywqUZDIJ1iT4w4=
istio.io/client-go v1.22.0-rc.0.0.20240511020757-412bec918d1e/go.mod h1:1lAPr0DOVBbnRQqLAQKxWbEaxFk6b1CJTm+ypnP7sMo=
istio.io/istio v0.0.0-20240511025857-aaf597fbfae6 h1:F/q5U/rdLu+IGXSWICLlxhH3goxRUO5SQYC4DPnocN8=
istio.io/istio v0.0.0-20240511025857-aaf597fbfae6/go.mod h1:4itO8hs4QfELWCRgQVb0vWQg6kBMqRzOiYa+A+k0AYM=
istio.io/istio v0.0.0-20240513214320-e13e6c4357e8 h1:XcV1FNdIDvRGQLFgbVrfvDVdma47lQEpGbM2tDc2yE0=
istio.io/istio v0.0.0-20240513214320-e13e6c4357e8/go.mod h1:n9o/Nh3GlfUWfSfzWQNM/J9BG+8GKf0QATnhFlWbKnQ=
k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78=
k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4=
k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=