istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Automator: update istio.io@ reference docs (#11433)

This commit is contained in:
Istio Automation 2022-06-14 19:47:54 -07:00 committed by GitHub
parent e9841ae394
commit 3ee0ecaa76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 582 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
content/en/docs/reference/commands/install-cni/index.html
View File

@ -700,9 +700,15 @@ These environment variables affect the behavior of the <code>install-cni</code>
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -756,7 +762,7 @@ These environment variables affect the behavior of the <code>install-cni</code>
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -860,6 +866,12 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>LOG_LEVEL</code></td>
<td>String</td>
<td><code>warn</code></td>
@ -1136,12 +1148,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -1186,7 +1192,7 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>

133
content/en/docs/reference/commands/istioctl/index.html
View File

@ -1546,7 +1546,7 @@ Use &#39;add-to-mesh&#39; as an alternate to namespace-wide auto injection for t
<p>&#39;istioctl experimental add-to-mesh deployment&#39; restarts pods with the Istio sidecar. Use &#39;add-to-mesh&#39;
to test deployments for compatibility with Istio. It can be used instead of namespace-wide auto-injection of sidecars and is especially helpful for compatibility testing.</p>
<p>If your deployment does not function after using &#39;add-to-mesh&#39; you must re-deploy it and troubleshoot it for Istio compatibility.
See https://istio.io/v1.14/docs/ops/deployment/requirements/</p>
See https://istio.io/v1.15/docs/ops/deployment/requirements/</p>
<p>See also &#39;istioctl experimental remove-from-mesh deployment&#39; which does the reverse.</p>
<p>THIS COMMAND IS UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.</p>
<pre class="language-bash"><code>istioctl experimental add-to-mesh deployment &lt;deployment&gt; [flags]
@ -1727,7 +1727,7 @@ The typical usage scenario is Mesh Expansion on VMs.</p>
<p>istioctl experimental add-to-mesh service restarts pods with the Istio sidecar. Use &#39;add-to-mesh&#39;
to test deployments for compatibility with Istio. It can be used instead of namespace-wide auto-injection of sidecars and is especially helpful for compatibility testing.</p>
<p>If your service does not function after using &#39;add-to-mesh&#39; you must re-deploy it and troubleshoot it for Istio compatibility.
See https://istio.io/v1.14/docs/ops/deployment/requirements/</p>
See https://istio.io/v1.15/docs/ops/deployment/requirements/</p>
<p>See also &#39;istioctl experimental remove-from-mesh service&#39; which does the reverse.</p>
<p>THIS COMMAND IS UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.</p>
<pre class="language-bash"><code>istioctl experimental add-to-mesh service &lt;service&gt; [flags]
@ -2043,8 +2043,8 @@ from multiple sources (mesh-level, namespace-level and workload-level).</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3124,8 +3124,8 @@ The typical usage scenario is Mesh Expansion on VMs.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3182,8 +3182,8 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3252,8 +3252,8 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3327,8 +3327,8 @@ without manual relabeling of the &#34;istio.io/rev&#34; tag.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3391,8 +3391,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3488,8 +3488,8 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3556,8 +3556,8 @@ revision tag before removing using the &#34;istioctl tag list&#34; command.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3631,8 +3631,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3744,8 +3744,8 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3768,7 +3768,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -3986,7 +3986,7 @@ istioctl x version --xds-label istio.io/rev=default
istioctl experimental wait --for=distribution virtualservice bookinfo.default
# Wait until 99% of the proxies receive the distribution, timing out after 5 minutes
istioctl experimental wait --for=distribution --threshold=.99 --timeout=300 virtualservice bookinfo.default
istioctl experimental wait --for=distribution --threshold=.99 --timeout=300s virtualservice bookinfo.default
</code></pre>
<h2 id="istioctl-experimental-workload">istioctl experimental workload</h2>
@ -4350,8 +4350,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -4374,7 +4374,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -4745,8 +4745,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -4769,7 +4769,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--vklog &lt;Level&gt;</code></td>
@ -4851,8 +4851,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -4875,7 +4875,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -5003,8 +5003,8 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5103,8 +5103,8 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5326,8 +5326,8 @@ istioctl install --set profile=demo # Use a profile from the list
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5402,8 +5402,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5465,8 +5465,8 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6402,8 +6402,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6596,8 +6596,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6705,8 +6705,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6724,7 +6724,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -6860,8 +6860,8 @@ istioctl experimental precheck.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -7015,9 +7015,15 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -7077,7 +7083,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -7243,6 +7249,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MCS_API_GROUP</code></td>
<td>String</td>
<td><code>multicluster.x-k8s.io</code></td>
@ -7495,12 +7507,6 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -7545,7 +7551,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -7771,11 +7777,6 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<tr><td><code>cr_merge_failure_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR merge failures</td></tr>
<tr><td><code>cr_validation_error_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR validation failures</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>galley_validation_config_delete_error</code></td><td><code>Count</code></td><td>k8s webhook configuration delete error</td></tr>
<tr><td><code>galley_validation_config_load</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)loads</td></tr>
<tr><td><code>galley_validation_config_load_error</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)load error</td></tr>
<tr><td><code>galley_validation_config_update_error</code></td><td><code>Count</code></td><td>k8s webhook configuration update error</td></tr>
<tr><td><code>galley_validation_config_updates</code></td><td><code>Count</code></td><td>k8s webhook configuration updates</td></tr>
<tr><td><code>get_cr_error_total</code></td><td><code>Sum</code></td><td>Number of times fetching CR from apiserver failed</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_managed_clusters</code></td><td><code>LastValue</code></td><td>Number of clusters managed by istiod</td></tr>

35
content/en/docs/reference/commands/operator/index.html
View File

@ -219,11 +219,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, validationController, wasm, wle] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, validationController, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -243,7 +243,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, validationController, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -351,9 +351,15 @@ These environment variables affect the behavior of the <code>operator</code> com
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -413,7 +419,7 @@ These environment variables affect the behavior of the <code>operator</code> com
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -525,6 +531,12 @@ These environment variables affect the behavior of the <code>operator</code> com
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MCS_API_GROUP</code></td>
<td>String</td>
<td><code>multicluster.x-k8s.io</code></td>
@ -777,12 +789,6 @@ These environment variables affect the behavior of the <code>operator</code> com
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -827,7 +833,7 @@ These environment variables affect the behavior of the <code>operator</code> com
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -1053,11 +1059,6 @@ These environment variables affect the behavior of the <code>operator</code> com
<tr><td><code>cr_merge_failure_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR merge failures</td></tr>
<tr><td><code>cr_validation_error_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR validation failures</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>galley_validation_config_delete_error</code></td><td><code>Count</code></td><td>k8s webhook configuration delete error</td></tr>
<tr><td><code>galley_validation_config_load</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)loads</td></tr>
<tr><td><code>galley_validation_config_load_error</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)load error</td></tr>
<tr><td><code>galley_validation_config_update_error</code></td><td><code>Count</code></td><td>k8s webhook configuration update error</td></tr>
<tr><td><code>galley_validation_config_updates</code></td><td><code>Count</code></td><td>k8s webhook configuration updates</td></tr>
<tr><td><code>get_cr_error_total</code></td><td><code>Sum</code></td><td>Number of times fetching CR from apiserver failed</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_managed_clusters</code></td><td><code>LastValue</code></td><td>Number of clusters managed by istiod</td></tr>

135
content/en/docs/reference/commands/pilot-agent/index.html
View File

@ -23,11 +23,11 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -47,7 +47,7 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -77,11 +77,11 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -101,7 +101,7 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -142,11 +142,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -166,7 +166,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -206,11 +206,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -230,7 +230,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -269,11 +269,11 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -293,7 +293,7 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -337,11 +337,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -361,7 +361,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -403,12 +403,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -433,7 +433,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -522,7 +522,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--istio-exclude-interfaces &lt;string&gt;</code></td>
<td></td>
<td><code>-c</code></td>
<td>Comma separated list of NIC (optional). Neither inbound nor outbound traffic will be captured (default ``)</td>
</tr>
<tr>
@ -583,12 +583,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -613,7 +613,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -698,11 +698,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -722,7 +722,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -788,11 +788,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -812,7 +812,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -845,12 +845,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -875,7 +875,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -917,11 +917,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -941,7 +941,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -1084,9 +1084,15 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -1170,7 +1176,7 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -1382,6 +1388,12 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MCS_API_GROUP</code></td>
<td>String</td>
<td><code>multicluster.x-k8s.io</code></td>
@ -1646,12 +1658,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -1696,7 +1702,7 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -1952,10 +1958,40 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, certificates fetched from SDS server will be verified before sending back to proxy.</td>
</tr>
<tr>
<td><code>WASM_HTTP_REQUEST_MAX_RETRIES</code></td>
<td>Integer</td>
<td><code>5</code></td>
<td>maximum number of HTTP/HTTPS request retries for pulling a Wasm module via http/https</td>
</tr>
<tr>
<td><code>WASM_HTTP_REQUEST_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>timeout per a HTTP request for pulling a Wasm module via http/https</td>
</tr>
<tr>
<td><code>WASM_INSECURE_REGISTRIES</code></td>
<td>String</td>
<td><code></code></td>
<td>allow agent pull wasm plugin from insecure registries, for example: &#39;localhost:5000,docker-registry:5000&#39;</td>
<td>allow agent pull wasm plugin from insecure registries or https server, for example: &#39;localhost:5000,docker-registry:5000&#39;</td>
</tr>
<tr>
<td><code>WASM_MODULE_EXPIRY</code></td>
<td>Time Duration</td>
<td><code>24h0m0s</code></td>
<td>cache expiration duration for a wasm module.</td>
</tr>
<tr>
<td><code>WASM_PURGE_INTERVAL</code></td>
<td>Time Duration</td>
<td><code>1h0m0s</code></td>
<td>interval between checking the expiration of wasm modules</td>
</tr>
<tr>
<td><code>WORKLOAD_RSA_KEY_SIZE</code></td>
<td>Integer</td>
<td><code>2048</code></td>
<td>Specify the RSA key size to use for workload certificates.</td>
</tr>
<tr>
<td><code>XDS_AUTH</code></td>
@ -1997,11 +2033,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>controller_sync_errors_total</code></td><td><code>Sum</code></td><td>Total number of errorMetric syncing controllers.</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>envoy_connection_terminations</code></td><td><code>Sum</code></td><td>The total number of connection errors from envoy</td></tr>
<tr><td><code>galley_validation_config_delete_error</code></td><td><code>Count</code></td><td>k8s webhook configuration delete error</td></tr>
<tr><td><code>galley_validation_config_load</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)loads</td></tr>
<tr><td><code>galley_validation_config_load_error</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)load error</td></tr>
<tr><td><code>galley_validation_config_update_error</code></td><td><code>Count</code></td><td>k8s webhook configuration update error</td></tr>
<tr><td><code>galley_validation_config_updates</code></td><td><code>Count</code></td><td>k8s webhook configuration updates</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_connection_failures</code></td><td><code>Sum</code></td><td>The total number of connection failures to Istiod</td></tr>
<tr><td><code>istiod_connection_terminations</code></td><td><code>Sum</code></td><td>The total number of connection errors to Istiod</td></tr>

26
content/en/docs/reference/commands/pilot-discovery/index.html
View File

@ -519,9 +519,15 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -587,7 +593,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -723,6 +729,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MAX_WORKLOAD_CERT_TTL</code></td>
<td>Time Duration</td>
<td><code>2160h0m0s</code></td>
@ -981,12 +993,6 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -1031,7 +1037,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -1230,7 +1236,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td><code>USE_REMOTE_CERTS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>Whether to try to load CA certs from a remote Kubernetes cluster. Used for external Istiod.</td>
<td>Whether to try to load CA certs from config Kubernetes cluster. Used for external Istiod.</td>
</tr>
<tr>
<td><code>VALIDATION_WEBHOOK_CONFIG_NAME</code></td>

26
content/en/docs/reference/config/annotations/index.html
View File

@ -534,6 +534,19 @@ Istio supports to control its behavior.
<tr>
<td><code>traffic.istio.io/nodeSelector</code></td>
<td>Stable</td>
<td>[Service]</td>
<td>This annotation is a set of node-labels (key1=value,key2=value). If the annotated Service is of type NodePort and is a multi-network gateway (see topology.istio.io/network), the addresses for selected nodes will be used for cross-network communication.</td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeInboundPorts</code></td>
@ -547,6 +560,19 @@ Istio supports to control its behavior.
<tr>
<td><code>traffic.sidecar.istio.io/excludeInterfaces</code></td>
<td>Alpha</td>
<td>[Pod]</td>
<td>A comma separated list of interfaces to be excluded from Istio traffic capture</td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeOutboundIPRanges</code></td>

2
content/en/docs/reference/config/istio.mesh.v1alpha1/index.html
View File

@ -196,7 +196,7 @@ No
<td><code>bool</code></td>
<td>
<p>This flag enables Envoy&rsquo;s gRPC Access Log Service.
See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/accesslog/v2/als.proto">Access Log Service</a>
See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto">Access Log Service</a>
for details about Envoy&rsquo;s gRPC Access Log Service API.
Default value is <code>false</code>.</p>

6
content/en/docs/reference/config/networking/destination-rule/index.html
View File

@ -655,7 +655,7 @@ No
remains in warmup mode starting from its creation time for the duration of this window and
Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic.
This should be enabled for services that require warm up time to serve full production load with reasonable latency.
Currently this is only supported for ROUND_ROBIN and LEAST_CONN load balancers.</p>
Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.</p>
</td>
<td>
@ -1469,8 +1469,8 @@ No
<td>
<p>Specifies which protocol to use for tunneling the downstream connection.
Supported protocols are:
connect - uses HTTP CONNECT;
post - uses HTTP POST.
CONNECT - uses HTTP CONNECT;
POST - uses HTTP POST.
HTTP version for upstream requests is determined by the service protocol defined for the proxy.</p>
</td>

4
content/en/docs/reference/config/networking/proxy-config/index.html
View File

@ -33,7 +33,7 @@ metadata:
spec:
concurrency: 0
image:
type: distroless
imageType: distroless
</code></pre>
<p>For namespace level configuration, put the resource in the desired namespace without a workload selector:</p>
@ -60,7 +60,7 @@ spec:
app: ratings
concurrency: 0
image:
type: debug
imageType: debug
</code></pre>
<p>If a <code>ProxyConfig</code> CR is defined that matches a workload it will merge with its <code>proxy.istio.io/config</code> annotation if present,

14
content/en/docs/reference/config/networking/virtual-service/index.html
View File

@ -2851,6 +2851,20 @@ aborted.</p>
Yes
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-grpc_status" class="oneof">
<td><code>grpcStatus</code></td>
<td><code>string (oneof)</code></td>
<td>
<p>GRPC status code to use to abort the request. The supported
codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md
Note: If you want to return the status &ldquo;Unavailable&rdquo;, then you should
specify the code as <code>UNAVAILABLE</code>(all caps), but not <code>14</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-percentage">
<td><code>percentage</code></td>
<td><code><a href="#Percent">Percent</a></code></td>

42
content/en/docs/reference/config/proxy_extensions/wasm-plugin/index.html
View File

@ -87,6 +87,31 @@ spec:
value: &quot;cluster.local&quot;
</code></pre>
<p>This is also the same as the last example, but the Wasm module is pulled via https and updated for each time when this plugin resource is changed.</p>
<pre><code class="language-yaml">apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: openid-connect
namespace: istio-ingress
spec:
selector:
matchLabels:
istio: ingressgateway
url: https://private-bucket/filters/openid.wasm
imagePullPolicy: Always
phase: AUTHN
pluginConfig:
openid_server: authn
openid_realm: ingress
vmConfig:
env:
- name: POD_NAME
valueFrom: HOST
- name: TRUST_DOMAIN
value: &quot;cluster.local&quot;
</code></pre>
<p>And a more complex example that deploys three WasmPlugins and orders them
using <code>phase</code> and <code>priority</code>. The (hypothetical) setup is that the
<code>openid-connect</code> filter performs an OpenID Connect flow to authenticate the
@ -224,13 +249,12 @@ No
<td><code>imagePullPolicy</code></td>
<td><code><a href="#PullPolicy">PullPolicy</a></code></td>
<td>
<p>The pull behaviour to be applied when fetching an OCI image. Only
relevant when images are referenced by tag instead of SHA. Defaults
to IfNotPresent, except when an OCI image is referenced in the <code>url</code>
<p>The pull behaviour to be applied when fetching Wasm module by either
OCI image or http/https. Only relevant when referencing Wasm module without
any digest, including the digest in OCI image URL or sha256 field in <code>vm_config</code>.
Defaults to IfNotPresent, except when an OCI image is referenced in the <code>url</code>
and the <code>latest</code> tag is used, in which case <code>Always</code> is the default,
mirroring K8s behaviour.
Setting is ignored if <code>url</code> field is referencing a Wasm module directly
using <code>file://</code> or <code>http[s]://</code></p>
mirroring K8s behaviour.</p>
</td>
<td>
@ -446,7 +470,7 @@ Do not specify <code>PluginPhase</code> if the plugin is independent of others.<
</section>
<h2 id="PullPolicy">PullPolicy</h2>
<section>
<p>The pull behaviour to be applied when fetching an OCI image,
<p>The pull behaviour to be applied when fetching a Wam module,
mirroring K8s behaviour.</p>
<table class="enum-values">
@ -477,8 +501,8 @@ will pull the latest version.</p>
<tr id="PullPolicy-Always">
<td><code>Always</code></td>
<td>
<p>We will always pull the latest version of an image when applying
this plugin.</p>
<p>We will always pull the latest version of an image when changing
this plugin. Note that the change includes <code>metadata</code> field as well.</p>
</td>
</tr>

24
content/zh/docs/reference/commands/install-cni/index.html
View File

@ -700,9 +700,15 @@ These environment variables affect the behavior of the <code>install-cni</code>
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -756,7 +762,7 @@ These environment variables affect the behavior of the <code>install-cni</code>
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -860,6 +866,12 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>LOG_LEVEL</code></td>
<td>String</td>
<td><code>warn</code></td>
@ -1136,12 +1148,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -1186,7 +1192,7 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>

133
content/zh/docs/reference/commands/istioctl/index.html
View File

@ -1546,7 +1546,7 @@ Use &#39;add-to-mesh&#39; as an alternate to namespace-wide auto injection for t
<p>&#39;istioctl experimental add-to-mesh deployment&#39; restarts pods with the Istio sidecar. Use &#39;add-to-mesh&#39;
to test deployments for compatibility with Istio. It can be used instead of namespace-wide auto-injection of sidecars and is especially helpful for compatibility testing.</p>
<p>If your deployment does not function after using &#39;add-to-mesh&#39; you must re-deploy it and troubleshoot it for Istio compatibility.
See https://istio.io/v1.14/docs/ops/deployment/requirements/</p>
See https://istio.io/v1.15/docs/ops/deployment/requirements/</p>
<p>See also &#39;istioctl experimental remove-from-mesh deployment&#39; which does the reverse.</p>
<p>THIS COMMAND IS UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.</p>
<pre class="language-bash"><code>istioctl experimental add-to-mesh deployment &lt;deployment&gt; [flags]
@ -1727,7 +1727,7 @@ The typical usage scenario is Mesh Expansion on VMs.</p>
<p>istioctl experimental add-to-mesh service restarts pods with the Istio sidecar. Use &#39;add-to-mesh&#39;
to test deployments for compatibility with Istio. It can be used instead of namespace-wide auto-injection of sidecars and is especially helpful for compatibility testing.</p>
<p>If your service does not function after using &#39;add-to-mesh&#39; you must re-deploy it and troubleshoot it for Istio compatibility.
See https://istio.io/v1.14/docs/ops/deployment/requirements/</p>
See https://istio.io/v1.15/docs/ops/deployment/requirements/</p>
<p>See also &#39;istioctl experimental remove-from-mesh service&#39; which does the reverse.</p>
<p>THIS COMMAND IS UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.</p>
<pre class="language-bash"><code>istioctl experimental add-to-mesh service &lt;service&gt; [flags]
@ -2043,8 +2043,8 @@ from multiple sources (mesh-level, namespace-level and workload-level).</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3124,8 +3124,8 @@ The typical usage scenario is Mesh Expansion on VMs.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3182,8 +3182,8 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3252,8 +3252,8 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3327,8 +3327,8 @@ without manual relabeling of the &#34;istio.io/rev&#34; tag.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3391,8 +3391,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3488,8 +3488,8 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3556,8 +3556,8 @@ revision tag before removing using the &#34;istioctl tag list&#34; command.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3631,8 +3631,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3744,8 +3744,8 @@ If set to true, the user is not prompted and a Yes response is assumed in all ca
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -3768,7 +3768,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -3986,7 +3986,7 @@ istioctl x version --xds-label istio.io/rev=default
istioctl experimental wait --for=distribution virtualservice bookinfo.default
# Wait until 99% of the proxies receive the distribution, timing out after 5 minutes
istioctl experimental wait --for=distribution --threshold=.99 --timeout=300 virtualservice bookinfo.default
istioctl experimental wait --for=distribution --threshold=.99 --timeout=300s virtualservice bookinfo.default
</code></pre>
<h2 id="istioctl-experimental-workload">istioctl experimental workload</h2>
@ -4350,8 +4350,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -4374,7 +4374,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -4745,8 +4745,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -4769,7 +4769,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--vklog &lt;Level&gt;</code></td>
@ -4851,8 +4851,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -4875,7 +4875,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -5003,8 +5003,8 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5103,8 +5103,8 @@ could be secret list separated by comma, eg. &#39;--imagePullSecrets imagePullSe
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5326,8 +5326,8 @@ istioctl install --set profile=demo # Use a profile from the list
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5402,8 +5402,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -5465,8 +5465,8 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6402,8 +6402,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6596,8 +6596,8 @@ injection labels.</p>
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6705,8 +6705,8 @@ This flag can be specified multiple times to overlay multiple files. Multiple fi
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -6724,7 +6724,7 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0
<td><code>-s</code></td>
<td>Override an IstioOperator value, e.g. to choose a profile
(--set profile=demo), enable or disable components (--set components.cni.enabled=true), or override Istio
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.14/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
settings (--set meshConfig.enableTracing=true). See documentation for more info:https://istio.io/v1.15/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec (default `[]`)</td>
</tr>
<tr>
<td><code>--skip-confirmation</code></td>
@ -6860,8 +6860,8 @@ istioctl experimental precheck.
<td><code>--manifests &lt;string&gt;</code></td>
<td><code>-d</code></td>
<td>Specify a path to a directory of charts and profiles
(e.g. ~/Downloads/istio-1.14.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.14.0/istio-1.14.0-linux-amd64.tar.gz).
(e.g. ~/Downloads/istio-1.15.0/manifests)
or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.15.0/istio-1.15.0-linux-amd64.tar.gz).
(default ``)</td>
</tr>
<tr>
@ -7015,9 +7015,15 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -7077,7 +7083,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -7243,6 +7249,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MCS_API_GROUP</code></td>
<td>String</td>
<td><code>multicluster.x-k8s.io</code></td>
@ -7495,12 +7507,6 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -7545,7 +7551,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -7771,11 +7777,6 @@ These environment variables affect the behavior of the <code>istioctl</code> com
<tr><td><code>cr_merge_failure_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR merge failures</td></tr>
<tr><td><code>cr_validation_error_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR validation failures</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>galley_validation_config_delete_error</code></td><td><code>Count</code></td><td>k8s webhook configuration delete error</td></tr>
<tr><td><code>galley_validation_config_load</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)loads</td></tr>
<tr><td><code>galley_validation_config_load_error</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)load error</td></tr>
<tr><td><code>galley_validation_config_update_error</code></td><td><code>Count</code></td><td>k8s webhook configuration update error</td></tr>
<tr><td><code>galley_validation_config_updates</code></td><td><code>Count</code></td><td>k8s webhook configuration updates</td></tr>
<tr><td><code>get_cr_error_total</code></td><td><code>Sum</code></td><td>Number of times fetching CR from apiserver failed</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_managed_clusters</code></td><td><code>LastValue</code></td><td>Number of clusters managed by istiod</td></tr>

35
content/zh/docs/reference/commands/operator/index.html
View File

@ -219,11 +219,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, validationController, wasm, wle] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, validationController, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -243,7 +243,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, validationController, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -351,9 +351,15 @@ These environment variables affect the behavior of the <code>operator</code> com
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -413,7 +419,7 @@ These environment variables affect the behavior of the <code>operator</code> com
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -525,6 +531,12 @@ These environment variables affect the behavior of the <code>operator</code> com
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MCS_API_GROUP</code></td>
<td>String</td>
<td><code>multicluster.x-k8s.io</code></td>
@ -777,12 +789,6 @@ These environment variables affect the behavior of the <code>operator</code> com
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -827,7 +833,7 @@ These environment variables affect the behavior of the <code>operator</code> com
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -1053,11 +1059,6 @@ These environment variables affect the behavior of the <code>operator</code> com
<tr><td><code>cr_merge_failure_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR merge failures</td></tr>
<tr><td><code>cr_validation_error_total</code></td><td><code>Sum</code></td><td>Number of IstioOperator CR validation failures</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>galley_validation_config_delete_error</code></td><td><code>Count</code></td><td>k8s webhook configuration delete error</td></tr>
<tr><td><code>galley_validation_config_load</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)loads</td></tr>
<tr><td><code>galley_validation_config_load_error</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)load error</td></tr>
<tr><td><code>galley_validation_config_update_error</code></td><td><code>Count</code></td><td>k8s webhook configuration update error</td></tr>
<tr><td><code>galley_validation_config_updates</code></td><td><code>Count</code></td><td>k8s webhook configuration updates</td></tr>
<tr><td><code>get_cr_error_total</code></td><td><code>Sum</code></td><td>Number of times fetching CR from apiserver failed</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_managed_clusters</code></td><td><code>LastValue</code></td><td>Number of clusters managed by istiod</td></tr>

135
content/zh/docs/reference/commands/pilot-agent/index.html
View File

@ -23,11 +23,11 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -47,7 +47,7 @@ remove_toc_prefix: 'pilot-agent '
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -77,11 +77,11 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -101,7 +101,7 @@ See each sub-command&#39;s help for details on how to use the generated script.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -142,11 +142,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -166,7 +166,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -206,11 +206,11 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -230,7 +230,7 @@ If it is not installed already, you can install it via your OS&#39;s package man
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -269,11 +269,11 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -293,7 +293,7 @@ to your powershell profile.
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -337,11 +337,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -361,7 +361,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -403,12 +403,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -433,7 +433,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -522,7 +522,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--istio-exclude-interfaces &lt;string&gt;</code></td>
<td></td>
<td><code>-c</code></td>
<td>Comma separated list of NIC (optional). Neither inbound nor outbound traffic will be captured (default ``)</td>
</tr>
<tr>
@ -583,12 +583,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -613,7 +613,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -698,11 +698,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -722,7 +722,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -788,11 +788,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -812,7 +812,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -845,12 +845,12 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -875,7 +875,7 @@ to enable it. You can execute the following once:</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -917,11 +917,11 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -941,7 +941,7 @@ to enable it. You can execute the following once:</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, validationController, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -1084,9 +1084,15 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -1170,7 +1176,7 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -1382,6 +1388,12 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MCS_API_GROUP</code></td>
<td>String</td>
<td><code>multicluster.x-k8s.io</code></td>
@ -1646,12 +1658,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -1696,7 +1702,7 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -1952,10 +1958,40 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<td>If enabled, certificates fetched from SDS server will be verified before sending back to proxy.</td>
</tr>
<tr>
<td><code>WASM_HTTP_REQUEST_MAX_RETRIES</code></td>
<td>Integer</td>
<td><code>5</code></td>
<td>maximum number of HTTP/HTTPS request retries for pulling a Wasm module via http/https</td>
</tr>
<tr>
<td><code>WASM_HTTP_REQUEST_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>timeout per a HTTP request for pulling a Wasm module via http/https</td>
</tr>
<tr>
<td><code>WASM_INSECURE_REGISTRIES</code></td>
<td>String</td>
<td><code></code></td>
<td>allow agent pull wasm plugin from insecure registries, for example: &#39;localhost:5000,docker-registry:5000&#39;</td>
<td>allow agent pull wasm plugin from insecure registries or https server, for example: &#39;localhost:5000,docker-registry:5000&#39;</td>
</tr>
<tr>
<td><code>WASM_MODULE_EXPIRY</code></td>
<td>Time Duration</td>
<td><code>24h0m0s</code></td>
<td>cache expiration duration for a wasm module.</td>
</tr>
<tr>
<td><code>WASM_PURGE_INTERVAL</code></td>
<td>Time Duration</td>
<td><code>1h0m0s</code></td>
<td>interval between checking the expiration of wasm modules</td>
</tr>
<tr>
<td><code>WORKLOAD_RSA_KEY_SIZE</code></td>
<td>Integer</td>
<td><code>2048</code></td>
<td>Specify the RSA key size to use for workload certificates.</td>
</tr>
<tr>
<td><code>XDS_AUTH</code></td>
@ -1997,11 +2033,6 @@ Only applies when traffic from all groups (i.e. &#34;*&#34;) is being redirected
<tr><td><code>controller_sync_errors_total</code></td><td><code>Sum</code></td><td>Total number of errorMetric syncing controllers.</td></tr>
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
<tr><td><code>envoy_connection_terminations</code></td><td><code>Sum</code></td><td>The total number of connection errors from envoy</td></tr>
<tr><td><code>galley_validation_config_delete_error</code></td><td><code>Count</code></td><td>k8s webhook configuration delete error</td></tr>
<tr><td><code>galley_validation_config_load</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)loads</td></tr>
<tr><td><code>galley_validation_config_load_error</code></td><td><code>Count</code></td><td>k8s webhook configuration (re)load error</td></tr>
<tr><td><code>galley_validation_config_update_error</code></td><td><code>Count</code></td><td>k8s webhook configuration update error</td></tr>
<tr><td><code>galley_validation_config_updates</code></td><td><code>Count</code></td><td>k8s webhook configuration updates</td></tr>
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
<tr><td><code>istiod_connection_failures</code></td><td><code>Sum</code></td><td>The total number of connection failures to Istiod</td></tr>
<tr><td><code>istiod_connection_terminations</code></td><td><code>Sum</code></td><td>The total number of connection errors to Istiod</td></tr>

26
content/zh/docs/reference/commands/pilot-discovery/index.html
View File

@ -519,9 +519,15 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td>If this is set to false, the debug interface will not be enabled, recommended for production</td>
</tr>
<tr>
<td><code>ENABLE_HCM_INTERNAL_NETWORKS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enable, endpoints defined in mesh networks will be configured as internal addresses in Http Connection Manager</td>
</tr>
<tr>
<td><code>ENABLE_LEGACY_FSGROUP_INJECTION</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td><code>false</code></td>
<td>If true, Istiod will set the pod fsGroup to 1337 on injection. This is required for Kubernetes 1.18 and older (see https://github.com/kubernetes/kubernetes/issues/57923 for details) unless JWT_POLICY is &#34;first-party-jwt&#34;.</td>
</tr>
<tr>
@ -587,7 +593,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<tr>
<td><code>EXTERNAL_ISTIOD</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If this is set to true, one Istiod will control remote clusters including CA.</td>
</tr>
<tr>
@ -723,6 +729,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td>If enabled, metadata representing canonical services for ServiceEntry resources with a location of mesh_external will be populatedin the cluster metadata for those endpoints.</td>
</tr>
<tr>
<td><code>LOCAL_CLUSTER_SECERT_WATCHER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If enabled, the cluster secret watcher will watch the namespace of the external cluster instead of config cluster</td>
</tr>
<tr>
<td><code>MAX_WORKLOAD_CERT_TTL</code></td>
<td>Time Duration</td>
<td><code>2160h0m0s</code></td>
@ -981,12 +993,6 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td>If enabled, Pilot will send only clusters that referenced in gateway virtual services attached to gateway</td>
</tr>
<tr>
<td><code>PILOT_FLOW_CONTROL_TIMEOUT</code></td>
<td>Time Duration</td>
<td><code>15s</code></td>
<td>If set, the max amount of time to delay a push by. Depends on PILOT_ENABLE_FLOW_CONTROL.</td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
@ -1031,7 +1037,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<tr>
<td><code>PILOT_PARTIAL_FULL_PUSHES</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td><code>true</code></td>
<td>If enabled, pilot will send partial pushes in for child resources (RDS, EDS, etc) when possible. This occurs for EDS in many cases regardless of this setting.</td>
</tr>
<tr>
@ -1230,7 +1236,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
<td><code>USE_REMOTE_CERTS</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>Whether to try to load CA certs from a remote Kubernetes cluster. Used for external Istiod.</td>
<td>Whether to try to load CA certs from config Kubernetes cluster. Used for external Istiod.</td>
</tr>
<tr>
<td><code>VALIDATION_WEBHOOK_CONFIG_NAME</code></td>

26
content/zh/docs/reference/config/annotations/index.html
View File

@ -534,6 +534,19 @@ Istio supports to control its behavior.
<tr>
<td><code>traffic.istio.io/nodeSelector</code></td>
<td>Stable</td>
<td>[Service]</td>
<td>This annotation is a set of node-labels (key1=value,key2=value). If the annotated Service is of type NodePort and is a multi-network gateway (see topology.istio.io/network), the addresses for selected nodes will be used for cross-network communication.</td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeInboundPorts</code></td>
@ -547,6 +560,19 @@ Istio supports to control its behavior.
<tr>
<td><code>traffic.sidecar.istio.io/excludeInterfaces</code></td>
<td>Alpha</td>
<td>[Pod]</td>
<td>A comma separated list of interfaces to be excluded from Istio traffic capture</td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeOutboundIPRanges</code></td>

2
content/zh/docs/reference/config/istio.mesh.v1alpha1/index.html
View File

@ -196,7 +196,7 @@ No
<td><code>bool</code></td>
<td>
<p>This flag enables Envoy&rsquo;s gRPC Access Log Service.
See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/accesslog/v2/als.proto">Access Log Service</a>
See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto">Access Log Service</a>
for details about Envoy&rsquo;s gRPC Access Log Service API.
Default value is <code>false</code>.</p>

6
content/zh/docs/reference/config/networking/destination-rule/index.html
View File

@ -655,7 +655,7 @@ No
remains in warmup mode starting from its creation time for the duration of this window and
Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic.
This should be enabled for services that require warm up time to serve full production load with reasonable latency.
Currently this is only supported for ROUND_ROBIN and LEAST_CONN load balancers.</p>
Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.</p>
</td>
<td>
@ -1469,8 +1469,8 @@ No
<td>
<p>Specifies which protocol to use for tunneling the downstream connection.
Supported protocols are:
connect - uses HTTP CONNECT;
post - uses HTTP POST.
CONNECT - uses HTTP CONNECT;
POST - uses HTTP POST.
HTTP version for upstream requests is determined by the service protocol defined for the proxy.</p>
</td>

4
content/zh/docs/reference/config/networking/proxy-config/index.html
View File

@ -33,7 +33,7 @@ metadata:
spec:
concurrency: 0
image:
type: distroless
imageType: distroless
</code></pre>
<p>For namespace level configuration, put the resource in the desired namespace without a workload selector:</p>
@ -60,7 +60,7 @@ spec:
app: ratings
concurrency: 0
image:
type: debug
imageType: debug
</code></pre>
<p>If a <code>ProxyConfig</code> CR is defined that matches a workload it will merge with its <code>proxy.istio.io/config</code> annotation if present,

14
content/zh/docs/reference/config/networking/virtual-service/index.html
View File

@ -2851,6 +2851,20 @@ aborted.</p>
Yes
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-grpc_status" class="oneof">
<td><code>grpcStatus</code></td>
<td><code>string (oneof)</code></td>
<td>
<p>GRPC status code to use to abort the request. The supported
codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md
Note: If you want to return the status &ldquo;Unavailable&rdquo;, then you should
specify the code as <code>UNAVAILABLE</code>(all caps), but not <code>14</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-percentage">
<td><code>percentage</code></td>
<td><code><a href="#Percent">Percent</a></code></td>

42
content/zh/docs/reference/config/proxy_extensions/wasm-plugin/index.html
View File

@ -87,6 +87,31 @@ spec:
value: &quot;cluster.local&quot;
</code></pre>
<p>This is also the same as the last example, but the Wasm module is pulled via https and updated for each time when this plugin resource is changed.</p>
<pre><code class="language-yaml">apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: openid-connect
namespace: istio-ingress
spec:
selector:
matchLabels:
istio: ingressgateway
url: https://private-bucket/filters/openid.wasm
imagePullPolicy: Always
phase: AUTHN
pluginConfig:
openid_server: authn
openid_realm: ingress
vmConfig:
env:
- name: POD_NAME
valueFrom: HOST
- name: TRUST_DOMAIN
value: &quot;cluster.local&quot;
</code></pre>
<p>And a more complex example that deploys three WasmPlugins and orders them
using <code>phase</code> and <code>priority</code>. The (hypothetical) setup is that the
<code>openid-connect</code> filter performs an OpenID Connect flow to authenticate the
@ -224,13 +249,12 @@ No
<td><code>imagePullPolicy</code></td>
<td><code><a href="#PullPolicy">PullPolicy</a></code></td>
<td>
<p>The pull behaviour to be applied when fetching an OCI image. Only
relevant when images are referenced by tag instead of SHA. Defaults
to IfNotPresent, except when an OCI image is referenced in the <code>url</code>
<p>The pull behaviour to be applied when fetching Wasm module by either
OCI image or http/https. Only relevant when referencing Wasm module without
any digest, including the digest in OCI image URL or sha256 field in <code>vm_config</code>.
Defaults to IfNotPresent, except when an OCI image is referenced in the <code>url</code>
and the <code>latest</code> tag is used, in which case <code>Always</code> is the default,
mirroring K8s behaviour.
Setting is ignored if <code>url</code> field is referencing a Wasm module directly
using <code>file://</code> or <code>http[s]://</code></p>
mirroring K8s behaviour.</p>
</td>
<td>
@ -446,7 +470,7 @@ Do not specify <code>PluginPhase</code> if the plugin is independent of others.<
</section>
<h2 id="PullPolicy">PullPolicy</h2>
<section>
<p>The pull behaviour to be applied when fetching an OCI image,
<p>The pull behaviour to be applied when fetching a Wam module,
mirroring K8s behaviour.</p>
<table class="enum-values">
@ -477,8 +501,8 @@ will pull the latest version.</p>
<tr id="PullPolicy-Always">
<td><code>Always</code></td>
<td>
<p>We will always pull the latest version of an image when applying
this plugin.</p>
<p>We will always pull the latest version of an image when changing
this plugin. Note that the change includes <code>metadata</code> field as well.</p>
</td>
</tr>

29
data/analysis.yaml
View File

@ -560,6 +560,29 @@ messages:
- name: "EnvoyFilterUsesRelativeOperation"
code: IST0151
level: Warning
description: "This envoy filter does not have a priority and has a relative patch operation set which can cause the envoyFilter not to be applied. Using the INSERT_FIRST option or setting the priority may help in ensuring the envoyFilter is applied correctly"
template: "This envoy filter does not have a priority and has a relative patch operation set which can cause the envoyFilter not to be applied. Using the INSERT_FIRST option or setting the priority may help in ensuring the envoyFilter is applied correctly"
description: "This EnvoyFilter does not have a priority and has a relative patch operation set which can cause the EnvoyFilter not to be applied. Using the INSERT_FIRST or ADD option or setting the priority may help in ensuring the EnvoyFilter is applied correctly."
template: "This EnvoyFilter does not have a priority and has a relative patch operation set which can cause the EnvoyFilter not to be applied. Using the INSERT_FIRST of ADD option or setting the priority may help in ensuring the EnvoyFilter is applied correctly."
- name: "EnvoyFilterUsesReplaceOperationIncorrectly"
code: IST0152
level: Error
description: "The REPLACE operation is only valid for HTTP_FILTER and NETWORK_FILTER."
template: "The REPLACE operation is only valid for HTTP_FILTER and NETWORK_FILTER."
- name: "EnvoyFilterUsesAddOperationIncorrectly"
code: IST0153
level: Error
description: "The ADD operation will be ignored when applyTo is set to ROUTE_CONFIGURATION, or HTTP_ROUTE."
template: "The ADD operation will be ignored when applyTo is set to ROUTE_CONFIGURATION, or HTTP_ROUTE."
- name: "EnvoyFilterUsesRemoveOperationIncorrectly"
code: IST0154
level: Error
description: "The REMOVE operation will be ignored when applyTo is set to ROUTE_CONFIGURATION, or HTTP_ROUTE."
template: "The REMOVE operation will be ignored when applyTo is set to ROUTE_CONFIGURATION, or HTTP_ROUTE."
- name: "EnvoyFilterUsesRelativeOperationWithProxyVersion"
code: IST0155
level: Warning
description: "This EnvoyFilter does not have a priority and has a relative patch operation (NSTERT_BEFORE/AFTER, REPLACE, MERGE, DELETE) and proxyVersion set which can cause the EnvoyFilter not to be applied during an upgrade. Using the INSERT_FIRST or ADD option or setting the priority may help in ensuring the EnvoyFilter is applied correctly."
template: "This EnvoyFilter does not have a priority and has a relative patch operation (NSTERT_BEFORE/AFTER, REPLACE, MERGE, DELETE) and proxyVersion set which can cause the EnvoyFilter not to be applied during an upgrade. Using the INSERT_FIRST or ADD option or setting the priority may help in ensuring the EnvoyFilter is applied correctly."