mirror of https://github.com/istio/istio.io.git
Automator: update istio.io@release-1.6 reference docs (#7292)
This commit is contained in:
Istio Automation
GitHub
parent
5576157ca4
commit
32393453e3
|
|
@ -4,7 +4,7 @@ source_repo: https://github.com/istio/istio
|
|||
title: istioctl
|
||||
description: Istio control interface.
|
||||
generator: pkg-collateral-docs
|
||||
number_of_entries: 77
|
||||
number_of_entries: 78
|
||||
max_toc_level: 2
|
||||
remove_toc_prefix: 'istioctl '
|
||||
---
|
||||
|
|
@ -2307,6 +2307,137 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<h3 id="istioctl-experimental-remove-from-mesh-service Examples">Examples</h3>
|
||||
<pre class="language-bash"><code>istioctl experimental remove-from-mesh service productpage
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-sidecar-bootstrap">istioctl experimental sidecar-bootstrap</h2>
|
||||
<p>Takes in one or more WorkloadEntries generates identities for them, and copies to
|
||||
the particular identities to the workloads over SSH. Optionally allowing for saving the certificates locally
|
||||
for use in CI like environments, and starting istio-proxy where no special configuration is needed.
|
||||
This allows for workloads to participate in the Istio mesh.</p>
|
||||
<p>To autenticate to a remote node you can use either SSH Keys, or SSH Passwords. If using passwords you
|
||||
must have a TTY for you to be asked your password, we do not accept an argument for it so it
|
||||
cannot be left inside your shell history.</p>
|
||||
<p>Copying is performed with scp, and as such is required if you'd like to copy a file over.
|
||||
If SCP is not at the standard path "/usr/bin/scp", you should provide it's location with
|
||||
the "--remote-scp-path" option.</p>
|
||||
<p>In order to start Istio on the remote node you must have docker installed on the remote node.
|
||||
Istio will be started on the host network as a docker container in capture mode.</p>
|
||||
<pre class="language-bash"><code>istioctl experimental sidecar-bootstrap <workloadEntry>.<namespace> [flags]
|
||||
</code></pre>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--all</code></td>
|
||||
<td><code>-a</code></td>
|
||||
<td>attempt to bootstrap all workload entries </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--duration <duration></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) duration the certificates generated are valid for. (default `8760h0m0s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ignore-host-keys</code></td>
|
||||
<td></td>
|
||||
<td>(experimental) ignore host keys on the remote host </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istio-image <string></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) the Istio proxy image to start up when starting Istio (default `istio/proxyv2:latest`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--local-dir <string></code></td>
|
||||
<td><code>-d</code></td>
|
||||
<td>directory to place certs in locally as opposed to copying (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--mutual-tls</code></td>
|
||||
<td></td>
|
||||
<td>(experimental) enable mutual TLS if starting Istio-Proxy. </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--organization <string></code></td>
|
||||
<td><code>-o</code></td>
|
||||
<td>(experimental) the organization to use on the certificate, defaults to the same as the root cert. (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--remote-directory <string></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) the directory to create on the remote machine. (default `/var/run/istio`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--remote-scp-path <string></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) the scp binary location on the target machine if not at /usr/bin/scp (default `/usr/bin/scp`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--spiffe-trust-domain <string></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) the SPIFFE trust domain for the generated certs (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ssh-key <string></code></td>
|
||||
<td><code>-k</code></td>
|
||||
<td>(experimental) the location of the SSH key (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ssh-port <int></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) the port to SSH to the machine on (default `22`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--ssh-user <string></code></td>
|
||||
<td><code>-u</code></td>
|
||||
<td>(experimental) the user to SSH as, defaults to the current user (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--start-istio-proxy</code></td>
|
||||
<td></td>
|
||||
<td>start Istio proxy on a remote host after copying certs </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--timeout <duration></code></td>
|
||||
<td></td>
|
||||
<td>(experimental) the timeout for copying certificates (default `1m0s`)</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-experimental-sidecar-bootstrap Examples">Examples</h3>
|
||||
<pre class="language-bash"><code> # Copy certificates to a WorkloadEntry named "we" in the "ns" namespace:
|
||||
istioctl x sidecar-bootstrap we.ns
|
||||
|
||||
# Copy certificates, and start istio to a WorkloadEntry named "we" in the "ns" namespace:
|
||||
istioctl x sidecar-bootstrap we.ns --start-istio-proxy
|
||||
|
||||
# Generate Certs locally, but do not copy them to a WorkloadEntry named "we" in the "ns" namespace:
|
||||
istioctl x sidecar-bootstrap we.ns --local-dir path/where/i/want/certs/
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-upgrade">istioctl experimental upgrade</h2>
|
||||
<p>The upgrade command checks for upgrade version eligibility and, if eligible, upgrades the Istio control plane components in-place. Warning: traffic may be disrupted during upgrade. Please ensure PodDisruptionBudgets are defined to maintain service continuity.</p>
|
||||
<pre class="language-bash"><code>istioctl experimental upgrade [flags]
|
||||
|
|
|
|||
|
|
@ -1898,6 +1898,15 @@ No
|
|||
No
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="IstioComponentSetSpec-istiod_remote">
|
||||
<td><code>istiodRemote</code></td>
|
||||
<td><code><a href="#ComponentSpec">ComponentSpec</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
<td>
|
||||
No
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="IstioComponentSetSpec-ingress_gateways">
|
||||
<td><code>ingressGateways</code></td>
|
||||
<td><code><a href="#GatewaySpec">GatewaySpec[]</a></code></td>
|
||||
|
|
|
|||
Loading…
Reference in New Issue