Check the liveness or readiness of a locally-running server
istio_ca probe [flags]
Prints out build version information
istio_ca version [flags]
--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_jsonCreate a kubeconfig file suitable for use with istioctl in a non kubernetes environment
istioctl context-create --api-server http://<ip>:<port> [flags]
--context <string>--istioNamespace <string>--kubeconfig <string>-c--log_as_json# Create a config file for the api server.
istioctl context-create --api-server http://127.0.0.1:8080
Create policies and rules
istioctl create [flags]
--context <string>--file <string>-f--kubeconfig <string>-c--log_as_jsonistioctl create -f example-routing.yaml
Delete policies or rules
istioctl delete <type> <name> [<name2> ... <nameN>] [flags]
--context <string>--file <string>-f--kubeconfig <string>-c--log_as_json# Delete a rule using the definition in example-routing.yaml.
istioctl delete -f example-routing.yaml
@@ -358,7 +373,7 @@ istioctl delete -f example-routing.yaml
istioctl delete virtualservice bookinfo
De-registers a service instance
istioctl deregister <svcname> <ip> [flags]
--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_jsonExperimental commands that may be modified or deprecated
--context <string> |
++ | The name of the kubeconfig context to use (default ``) | +|
--istioNamespace <string> |
-i |
Istio system namespace (default `istio-system`) | @@ -453,7 +478,7 @@ istioctl delete virtualservice bookinfo|
--kubeconfig <string> |
-c |
-Kubernetes configuration file (default `$KUBECONFIG else $HOME/.kube/config`) | +Kubernetes configuration file (default ``) |
--log_as_json |
@@ -512,7 +537,7 @@ istioctl delete virtualservice bookinfo
Converts sets of v1alpha1 configs to v1alpha3 equivalents on a best effort basis. The output should be considered a starting point for your v1alpha3 configs and probably require some minor modification. Warnings will (hopefully) be generated where configs cannot be converted perfectly, or in certain edge cases. The input must be the set of configs that would be in place in an environment at a given time. This allows the command to attempt to create and merge output configs intelligently.Output configs are given the namespace and domain of the first input config so it is recommended that input configs be part of the same namespace and domain.
istioctl experimental convert-networking-config [flags]
--context <string>--filenames <stringSlice>-f--kubeconfig <string>-c--log_as_jsonistioctl experimental convert-networking-config -f v1alpha1/default-route.yaml -f v1alpha1/header-delay.yaml
Prints the metrics for the specified service(s) when running in Kubernetes.
This command finds a Prometheus pod running in the specified istio system @@ -626,6 +656,11 @@ calculated over a time interval of 1 minute.
--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_json
# Retrieve service metrics for productpage service
istioctl experimental metrics productpage
@@ -701,7 +736,7 @@ istioctl experimental metrics productpage
istioctl experimental metrics productpage.foo reviews.bar ratings.baz
A group of commands used to interact with Istio RBAC policies. For example, Query whether a specific request is allowed or denied under the current Istio RBAC policies.
@@ -713,6 +748,11 @@ request is allowed or denied under the current Istio RBAC policies.--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_json# Query if user test is allowed to GET /v1/health of service rating.
istioctl experimental rbac can -u test GET rating /v1/health
This command lets you query whether a specific request will be allowed or denied under current Istio RBAC policies. It constructs a fake request with the custom subject and action specified in the command @@ -806,6 +846,11 @@ is being taken on. PATH is the HTTP path within the service.
--context <string>--groups <string>-g--kubeconfig <string>-c--log_as_json# Query if user test is allowed to GET /v1/health of service rating.
istioctl experimental rbac can -u test GET rating /v1/health
# Query if service product-page is allowed to POST to /data of service rating with label version=dev.
istioctl experimental rbac can -s service=product-page POST rating /data -a version=dev
istioctl gen-deploy produces deployment files to run the Istio.
istioctl gen-deploy [flags]
--context <string>--debug--kubeconfig <string>-c--log_as_jsonistioctl gen-deploy --values myvalues.yaml
Retrieve policies and rules
istioctl get <type> [<name>] [flags]
--all-namespaces--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_json# List all virtual services
istioctl get virtualservices
@@ -1099,7 +1159,7 @@ istioctl get destinationrules
istioctl get virtualservice bookinfo
kube-inject manually injects envoy sidecar into kubernetes workloads. Unsupported resources are left unmodified so it is safe to @@ -1129,6 +1189,11 @@ file/configmap created with a new Istio release.
--context <string>--filename <string>-f--kubeconfig <string>-c--log_as_json
# Update resources on the fly before applying.
kubectl apply -f <(istioctl kube-inject -f <resource.yaml>)
@@ -1242,7 +1307,7 @@ kubectl get deployment -o yaml | istioctl kube-inject -f - | kubectl apply -f -
istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConfigMapName istio-inject
Retrieves proxy configuration for the specified pod from the endpoint proxy or Pilot when running in Kubernetes. It is also able to retrieve the state of the entire mesh by using mesh instead of <pod-name>. This is only available when querying Pilot.
@@ -1262,6 +1327,11 @@ It is also able to retrieve the state of the entire mesh by using mesh instead o--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_json# Retrieve all config for productpage-v1-bb8d5cbc7-k7qbm pod from the endpoint proxy
istioctl proxy-config endpoint productpage-v1-bb8d5cbc7-k7qbm
@@ -1341,7 +1411,7 @@ istioctl proxy-config pilot mesh ads
# Retrieve static config for productpage-v1-bb8d5cbc7-k7qbm pod in the application namespace from the endpoint proxy
istioctl proxy-config endpoint -n application productpage-v1-bb8d5cbc7-k7qbm static
Registers a service instance (e.g. VM) joining the mesh
istioctl register <svcname> <ip> [name1:]port1 [name2:]port2 ... [flags]
--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--labels <stringSlice>Replace existing policies and rules
istioctl replace [flags]
--context <string>--file <string>-f--kubeconfig <string>-c--log_as_jsonistioctl replace -f example-routing.yaml
Prints out build version information
istioctl version [flags]
--context <string>--istioNamespace <string>-i--kubeconfig <string>-c--log_as_jsonThis command lets you interact with a running instance of Mixer. Note that you need a pretty good understanding of Mixer's API in order to use this command.
-The Check method is used to perform precondition checks and quota allocations. Mixer expects a set of attributes as input, which it uses, along with its configuration, to determine which adapters to invoke and with @@ -98,7 +98,7 @@ which parameters in order to perform the checks and allocations.
The Report method is used to produce telemetry. Mixer expects a set of attributes as input, which it uses, along with its configuration, to determine which adapters to invoke and with @@ -184,7 +184,7 @@ which parameters in order to output the telemetry.
-Prints out build version information
mixc version [flags]
Mixer is Istio's point of integration with infrastructure backends and is the nexus for policy evaluation and telemetry reporting.
-CRDs (CustomResourceDefinition) available in Mixer
-List CRDs for available adapters
mixs crd adapter [flags]
List all CRDs
mixs crd all [flags]
List CRDs for available instance kinds (mesh functions)
mixs crd instance [flags]
Check the liveness or readiness of a locally-running server
mixs probe [flags]
Starts Mixer as a server
mixs server [flags]
Prints out build version information
mixs version [flags]
Prints out build version information
node_agent version [flags]
Debug local envoy
pilot-agent debug <configuration-type> [flags]
Envoy proxy agent
pilot-agent proxy [flags]
--serviceregistry <string>--statsdUdpAddress <string>Prints out build version information
pilot-agent version [flags]
Retrieve the configuration for the specified proxy
pilot-discovery debug <proxyID> <configuration-type> [flags]
Start Istio proxy discovery service
pilot-discovery discovery [flags]
--httpAddr <string>--kubeconfig <string>--monitoringPort <int>--monitoringAddr <string>--namespace <string>--port <int>--profile--registries <stringSlice>--resync <duration>Prints out build version information
pilot-discovery version [flags]
Check the liveness or readiness of a locally-running server
sidecar-injector probe [flags]
Prints out build version information
sidecar-injector version [flags]
Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.
@@ -68,17 +68,17 @@ spec: -tcpConnectionPoolSettings.TCPSettingsConnectionPoolSettings.TCPSettingsSettings common to both HTTP and TCP upstream connections.
httpConnectionPoolSettings.HTTPSettingsConnectionPoolSettings.HTTPSettingsHTTP connection pool settings.
@@ -87,7 +87,7 @@ spec:Settings applicable to HTTP1.1/HTTP2/GRPC connections.
@@ -100,7 +100,7 @@ spec: -http1MaxPendingRequestsint32http2MaxRequestsint32maxRequestsPerConnectionint32maxRetriesint32Settings common to both HTTP and TCP upstream connections.
@@ -150,7 +150,7 @@ cluster at a given time. Defaults to 3. -maxConnectionsint32connectTimeoutgoogle.protobuf.DurationallowOriginstring[]allowMethodsstring[]allowHeadersstring[]exposeHeadersstring[]maxAgegoogle.protobuf.DurationallowCredentialsgoogle.protobuf.BoolValuehoststringsubsetstringportPortSelectorhoststringtrafficPolicyTrafficPolicysubsetsSubset[]destinationDestinationweightint32serversServer[]selectormap<string, string>delayHTTPFaultInjection.DelayHTTPFaultInjection.DelayDelay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.
abortHTTPFaultInjection.AbortHTTPFaultInjection.AbortAbort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.
@@ -877,7 +877,7 @@ service, giving the impression that the upstream service is faulty.Abort specification is used to prematurely abort a request with a pre-specified error code. The following example will return an HTTP @@ -915,7 +915,7 @@ not specified, all requests are aborted.
-percentint32httpStatusint32 (oneof)Delay specification is used to inject latency into the request forwarding path. The following example will introduce a 5 second delay @@ -976,7 +976,7 @@ unspecified, all request will be delayed.
-percentint32fixedDelaygoogle.protobuf.Duration (oneof)uriStringMatchschemeStringMatchmethodStringMatchauthorityStringMatchheadersmap<string, StringMatch>portuint32sourceLabelsmap<string, string>gatewaysstring[]uristringauthoritystringattemptsint32perTryTimeoutgoogle.protobuf.DurationuristringauthoritystringmatchHTTPMatchRequest[]routeDestinationWeight[]redirectHTTPRedirectrewriteHTTPRewritewebsocketUpgradebooltimeoutgoogle.protobuf.DurationretriesHTTPRetryfaultHTTPFaultInjectionmirrorDestinationcorsPolicyCorsPolicyappendHeadersmap<string, string>destinationSubnetstringportuint32sourceSubnetstringsourceLabelsmap<string, string>gatewaysstring[]simpleLoadBalancerSettings.SimpleLB (oneof)LoadBalancerSettings.SimpleLB (oneof)consistentHashLoadBalancerSettings.ConsistentHashLB (oneof)LoadBalancerSettings.ConsistentHashLB (oneof)Consistent hashing (ketama hash) based load balancer for even load -distribution/redistribution when the connection pool changes. This -load balancing policy is applicable only for HTTP-based -connections. A user specified HTTP header is used as the key with -xxHash hashing.
- - -Standard load balancing algorithms that require no tuning.
@@ -1635,14 +1592,14 @@ single virtual node. -ROUND_ROBINRound Robin policy. Default
LEAST_CONNThe least request load balancer uses an O(1) algorithm which selects @@ -1651,7 +1608,7 @@ requests.
RANDOMThe random load balancer selects a random healthy host. The random @@ -1660,7 +1617,7 @@ checking policy is configured.
PASSTHROUGHThis option will forward the connection to the original IP address @@ -1677,11 +1634,12 @@ Envoy for further details.
A Circuit breaker implementation that tracks the status of each -individual host in the upstream service. While currently applicable to -only HTTP services, future versions will support opaque TCP services as -well. For HTTP services, hosts that continually return errors for API -calls are ejected from the pool for a pre-defined period of time. See -Envoy’s outlier +individual host in the upstream service. Applicable to both HTTP and +TCP services. For HTTP services, hosts that continually return 5xx +errors for API calls are ejected from the pool for a pre-defined period +of time. For TCP services, connection timeouts or connection +failures to a given host counts as an error when measuring the +consecutive errors metric. See Envoy’s outlier detection for more details.
@@ -1705,10 +1663,9 @@ spec: http2MaxRequests: 1000 maxRequestsPerConnection: 10 outlierDetection: - http: - consecutiveErrors: 7 - interval: 5m - baseEjectionTime: 15m + consecutiveErrors: 7 + interval: 5m + baseEjectionTime: 15mOutlier detection settings for HTTP1.1/HTTP2/GRPC connections.
@@ -1744,7 +1743,7 @@ spec:consecutiveErrorsint32intervalgoogle.protobuf.DurationbaseEjectionTimegoogle.protobuf.DurationmaxEjectionPercentint32numberuint32protocolstringnamestringnumberuint32 (oneof)portPorthostsstring[]tlsServer.TLSOptionsServer.TLSOptionsSet of TLS related options that govern the server’s behavior. Use these options to control if all http requests should be redirected to @@ -1966,7 +1965,7 @@ https, and the TLS modes to use.
TLS modes enforced by the proxy
@@ -2048,7 +2047,7 @@ certificate presented by the client. -PASSTHROUGHForward the connection to the upstream server selected based on @@ -2056,14 +2055,14 @@ the SNI string presented by the client.
SIMPLESecure connections with standard TLS semantics.
MUTUALSecure connections to the upstream using mutual TLS by presenting @@ -2227,7 +2226,7 @@ https://uk.foo.bar.com/baz.
hostsstring[]addressesstring[]portsPort[]locationServiceEntry.LocationServiceEntry.LocationSpecify whether the service should be considered external to the mesh or part of the mesh.
resolutionServiceEntry.ResolutionServiceEntry.ResolutionService discovery mode for the hosts. If not set, Istio will attempt to infer the discovery mode based on the value of hosts and endpoints.
endpointsServiceEntry.Endpoint[]ServiceEntry.Endpoint[]One or more endpoints associated with the service.
@@ -2300,7 +2299,7 @@ to infer the discovery mode based on the value of hosts and endpoints.Endpoint defines a network address (IP or hostname) associated with the mesh service.
@@ -2314,7 +2313,7 @@ the mesh service. -addressstringportsmap<string, uint32>labelsmap<string, string>Location specifies whether the service is part of Istio mesh or outside the mesh. Location determines the behavior of several @@ -2363,7 +2362,7 @@ performed on the client-side as opposed to server-side.
-MESH_EXTERNALSignifies that the service is external to the mesh. Typically used @@ -2371,7 +2370,7 @@ to indicate external services consumed through APIs.
MESH_INTERNALSignifies that the service is part of the mesh. Typically used to @@ -2384,7 +2383,7 @@ Kubernetes based service mesh).
Resolution determines how the proxy will resolve the IP addresses of the network endpoints associated with the service, so that it can @@ -2404,7 +2403,7 @@ talk to these services.
-NONEAssume that incoming connections have already been resolved (to a @@ -2416,7 +2415,7 @@ connection was bound.
STATICUse the static IP addresses specified in endpoints (see below) as the @@ -2424,7 +2423,7 @@ backing instances associated with the service.
DNSAttempt to resolve the IP address by querying the ambient DNS, @@ -2454,7 +2453,7 @@ case-sensitive.
exactstring (oneof)prefixstring (oneof)regexstring (oneof)namestringlabelsmap<string, string>trafficPolicyTrafficPolicymatchL4MatchAttributes[]routeDestinationWeight[]modeTLSSettings.TLSmodeTLSSettings.TLSmodeREQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
clientCertificatestringISTIO_MUTUAL.
privateKeystringISTIO_MUTUAL.
caCertificatesstringISTIO_MUTUAL.
subjectAltNamesstring[]ISTIO_MUTUAL.
snistringISTIO_MUTUAL.
TLS connection mode
@@ -2748,21 +2747,21 @@ Should be empty if mode isISTIO_MUTUAL.
-DISABLEDo not setup a TLS connection to the upstream endpoint.
SIMPLEOriginate a TLS connection to the upstream endpoint.
MUTUALSecure connections to the upstream using mutual TLS by presenting @@ -2770,7 +2769,7 @@ client certificates for authentication.
ISTIO_MUTUALSecure connections to the upstream using mutual TLS by presenting @@ -2798,7 +2797,7 @@ destination ports. See DestinationRule for examples.
loadBalancerLoadBalancerSettingsconnectionPoolConnectionPoolSettingsoutlierDetectionOutlierDetectiontlsTLSSettingsportLevelSettingsTrafficPolicy.PortTrafficPolicy[]TrafficPolicy.PortTrafficPolicy[]Traffic policies specific to individual ports. Note that port level settings will override the destination-level settings. Traffic @@ -2845,7 +2844,7 @@ to fields omitted in port-level traffic policies.
Traffic policies that apply to specific ports of the service
@@ -2858,7 +2857,7 @@ to fields omitted in port-level traffic policies. -portPortSelectorloadBalancerLoadBalancerSettingsconnectionPoolConnectionPoolSettingsoutlierDetectionOutlierDetectiontlsTLSSettingshostsstring[]gatewaysstring[]mesh as one of the gateway names.
httpHTTPRoute[]tcpTCPRoute[]servicesstring[]pathsstring[]methodsstring[]constraintsAccessRule.Constraint[]AccessRule.Constraint[]Optional. Extra constraints in the ServiceRole specification. The above ServiceRole examples shows an example of constraint “version”.
@@ -153,7 +153,7 @@ The above ServiceRole examples shows an example of constraint “version&rdqDefinition of a custom constraint. The key of a custom constraint must match one of the “properties” in the “action” part of the “authorization” template @@ -168,7 +168,7 @@ one of the “properties” in the “action” part of the &ldq
-keystringvaluesstring[]modeRbacConfig.ModeRbacConfig.ModeIstio RBAC mode.
inclusionRbacConfig.TargetRbacConfig.TargetA list of services or namespaces that should be enforced by Istio RBAC policies. Note: This field have effect only when mode is ONWITHINCLUSION and will be ignored for any other modes.
exclusionRbacConfig.TargetRbacConfig.TargetA list of services or namespaces that should not be enforced by Istio RBAC policies. Note: This field have effect only when mode is ONWITHEXCLUSION and will be ignored for any other modes.
@@ -251,7 +251,7 @@ effect only when mode is ONWITHEXCLUSION and will be ignored for any otOFF |
Disable Istio RBAC completely, any other config in RbacConfig will be ignored and Istio RBAC policies @@ -269,14 +269,14 @@ will not be enforced. |
ON |
Enable Istio RBAC for all services and namespaces. |
ON_WITH_INCLUSION |
Enable Istio RBAC only for services and namespaces specified in the inclusion field. Any other @@ -284,7 +284,7 @@ services and namespaces not in the inclusion field will not be enforced by Istio |
ON_WITH_EXCLUSION |
Enable Istio RBAC for all services and namespaces except those specified in the exclusion field. Any other @@ -295,7 +295,7 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA |
Target defines a list of services or namespaces.
@@ -308,7 +308,7 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA -servicesstring[]namespacesstring[]kindstringnamestringrulesAccessRule[]subjectsSubject[]roleRefRoleRefuserstringgroupstringpropertiesmap<string, string>simpleCbCircuitBreaker.SimpleCircuitBreakerPolicy (oneof)CircuitBreaker.SimpleCircuitBreakerPolicy (oneof)customgoogle.protobuf.Any (oneof)A simple circuit breaker can be set based on a number of criteria such as connection and request limits. For example, the following destination @@ -131,7 +131,7 @@ spec:
-maxConnectionsint32httpMaxPendingRequestsint32httpMaxRequestsint32sleepWindowgoogle.protobuf.DurationhttpConsecutiveErrorsint32httpDetectionIntervalgoogle.protobuf.DurationhttpMaxRequestsPerConnectionint32httpMaxEjectionPercentint32httpMaxRetriesint32allowOriginstring[]allowMethodsstring[]allowHeadersstring[]exposeHeadersstring[]maxAgegoogle.protobuf.DurationallowCredentialsgoogle.protobuf.BoolValuedestinationIstioServicesourceIstioServiceloadBalancingLoadBalancingcircuitBreakerCircuitBreakercustomgoogle.protobuf.AnydestinationIstioServicelabelsmap<string, string>weightint32destinationIstioServiceportsEgressRule.Port[]EgressRule.Port[]REQUIRED: list of ports on which the external service is available.
useEgressProxyboolPort describes the properties of a specific TCP port of an external service.
@@ -592,7 +592,7 @@ These dedicated egress nodes could then be more closely monitored for security v -portint32protocolstringdelayHTTPFaultInjection.DelayHTTPFaultInjection.DelayDelay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.
abortHTTPFaultInjection.AbortHTTPFaultInjection.AbortAbort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.
@@ -653,7 +653,7 @@ service, giving the impression that the upstream service is faulty.Abort specification is used to prematurely abort a request with a pre-specified error code. The following example will return an HTTP @@ -687,7 +687,7 @@ not specified, all requests are aborted.
-percentfloatgrpcStatusstring (oneof)http2Errorstring (oneof)httpStatusint32 (oneof)overrideHeaderNamestringDelay specification is used to inject latency into the request forwarding path. The following example will introduce a 5 second delay @@ -762,7 +762,7 @@ unspecified, all request will be delayed.
-percentfloatfixedDelaygoogle.protobuf.Duration (oneof)exponentialDelaygoogle.protobuf.Duration (oneof)overrideHeaderNamestringuristringauthoritystringsimpleRetryHTTPRetry.SimpleRetryPolicy (oneof)HTTPRetry.SimpleRetryPolicy (oneof)customgoogle.protobuf.Any (oneof)Abruptly reset (terminate) the Tcp connection after it has been established, emulating remote server crash or link failure.
@@ -1283,7 +1283,7 @@ established, emulating remote server crash or link failure. -percentfloatterminateAfterPeriodgoogle.protobuf.DurationBandwidth throttling for Tcp and Udp connections
@@ -1316,7 +1316,7 @@ express time interval related configs. -percentfloatdownstreamLimitBpsint64upstreamLimitBpsint64throttleAfterPeriodgoogle.protobuf.Duration (oneof)throttleAfterBytesdouble (oneof)throttleForPeriodgoogle.protobuf.DurationsourceSubnetstring[]destinationSubnetstring[]nameLoadBalancing.SimpleLBPolicy (oneof)LoadBalancing.SimpleLBPolicy (oneof)Load balancing policy name (as defined in SimpleLBPolicy below)
customgoogle.protobuf.Any (oneof)Load balancing algorithms supported by Envoy.
@@ -1465,14 +1465,14 @@ spec: -ROUND_ROBINSimple round robin policy.
LEAST_CONNThe least request load balancer uses an O(1) algorithm which selects @@ -1481,7 +1481,7 @@ requests.
RANDOMThe random load balancer selects a random healthy host. The random @@ -1535,7 +1535,7 @@ request header must be specified.
sourceIstioServicetcpL4MatchAttributesudpL4MatchAttributesrequestMatchRequestheadersmap<string, StringMatch>destinationIstioServiceprecedenceint32matchMatchConditionrouteDestinationWeight[]redirectHTTPRedirectrewriteHTTPRewritewebsocketUpgradeboolhttpReqTimeoutHTTPTimeouthttpReqRetriesHTTPRetryhttpFaultHTTPFaultInjectionl4FaultL4FaultInjectionmirrorIstioServicecorsPolicyCorsPolicyappendHeadersmap<string, string>exactstring (oneof)prefixstring (oneof)regexstring (oneof)Default: 5 minutes
-clusterDomainNamestringConfigures the cluster domain name to use for service name normalization.
- -Default: svc.cluster.local
- -podLabelForServicestringIn order to extract the service associated with a source, destination, or -origin, this adapter relies on pod labels. In particular, it looks for -the value of a specific label, as specified by this parameter.
- -Default: app
- -podLabelForIstioComponentServicestringIn order to extract the service associated with a source, destination, or -origin, this adapter relies on pod labels. In particular, it looks for -the value of a specific label for istio component services, as specified -by this parameter.
- -Default: istio
- -lookupIngressSourceAndOriginValuesboolDefault: false
- -fullyQualifiedIstioIngressServiceNamestringIstio ingress service string. This is used to identify the -ingress service in requests.
- -Default: “ingress.istio-system.svc.cluster.local”
-The stackdriver adapter enables Istio to deliver log and metric data to the
-Stackdriver logging and monitoring backend.
The stackdriver adapter enables Istio to deliver log, metric and traces to the
+Stackdriver backend.
This adapter supports the metric template, -and the logentry template.
+This adapter supports the metric template and +the logentry template.
./testdata/my-test-account-creds.json.
A map of Istio LogEntry name to Stackdriver log info.
+traceParams.TraceStackdriver Trace configuration.
+Lower bound of the first bucket.
+Details of Stackdriver Trace configuration for tracespan template.
+ +AttributeInfo describes the schema of an Istio Attribute.
Istio uses attributes to describe runtime activities of Istio services.
An Istio attribute carries a specific piece of information about an activity,
@@ -130,7 +130,7 @@ functionality by collecting, generating, and operating on attributes.
For example, the proxy collects the error code attribute, and the logging
stores it into a log.
Each Istio attribute must conform to an AttributeInfo in an
AttributeManifest in the current Istio deployment at runtime. An
@@ -144,7 +144,7 @@ specification, because passing attribute using JSON, XML, or Protocol Buffers
does not change the semantics of the attribute. Different implementations
can choose different representations based on their needs.
Because many systems already have REST APIs, it makes sense to define a standard HTTP mapping for Istio attributes that are compatible with typical @@ -161,7 +161,7 @@ encoding scheme will be decided later.
-descriptionstringvalueTypeValueTypeaddressstringAn instance field of type DNSName denotes that the expression for the field must evalaute to -ValueType.DNS_NAME
+ValueType.DNS_NAMEObjects of type DNSName are also passed to the adapters during request-time for the instance fields of type DNSName
@@ -222,7 +222,7 @@ type DNSNamevaluestringAn instance field of type Duration denotes that the expression for the field must evalaute to -ValueType.DURATION
+ValueType.DURATIONObjects of type Duration are also passed to the adapters during request-time for the instance fields of type Duration
@@ -250,7 +250,7 @@ type Durationvaluegoogle.protobuf.DurationDO NOT USE !! Under Development An instance field of type EmailAddress denotes that the expression for the field must evalaute to -ValueType.EMAIL_ADDRESS
+ValueType.EMAIL_ADDRESSObjects of type EmailAddress are also passed to the adapters during request-time for the instance fields of type EmailAddress
@@ -279,7 +279,7 @@ type EmailAddressvaluestringnamestringRequired. Must be unique in the entire mixer configuration. Used by Actions +
Required. Must be unique in the entire mixer configuration. Used by Actions to refer to this handler.
adaptercompiledAdapterstringRequired. The name of a specific adapter implementation. An adapter’s -implementation name is typically a constant in its code.
+Required. The name of the compiled in adapter this handler instantiates. For referencing non compiled-in
+adapters, use the adapter field instead.
The value must match the name of the available adapter Mixer is built with. An adapter’s name is typically a +constant in its code.
adapterstringRequired. The name of a specific adapter implementation. For referencing compiled-in
+adapters, use the compiled_adapter field instead.
An adapter’s implementation name is typically a constant in its code.
+ +paramsgoogle.protobuf.StructconnectionConnectionAn instance field of type IPAddress denotes that the expression for the field must evalaute to -ValueType.IP_ADDRESS
+ValueType.IP_ADDRESSObjects of type IPAddress are also passed to the adapters during request-time for the instance fields of type IPAddress
@@ -408,7 +422,7 @@ type IPAddressvaluebytesnamestringtemplatecompiledTemplatestringRequired. The name of the template this instance creates instances for. -The value must match the name of the available template in scope.
+Required. The name of the compiled in template this instance creates instances for. For referencing non compiled-in
+templates, use the template field instead.
The value must match the name of the available template Mixer is built with.
templatestringRequired. The name of the template this instance creates instances for. For referencing compiled-in
+templates, use the compiled_template field instead.
The value must match the name of the available template in scope.
+ +paramsgoogle.protobuf.StructmatchstringactionsAction[]An instance field of type TimeStamp denotes that the expression for the field must evalaute to -ValueType.TIMESTAMP
+ValueType.TIMESTAMPObjects of type TimeStamp are also passed to the adapters during request-time for the instance fields of type TimeStamp
@@ -554,7 +581,7 @@ type TimeStampvaluegoogle.protobuf.TimestampDO NOT USE !! Under Development An instance field of type Uri denotes that the expression for the field must evalaute to -ValueType.URI
+ValueType.URIObjects of type Uri are also passed to the adapters during request-time for the instance fields of type Uri
@@ -583,7 +610,7 @@ type UrivaluestringValue is populated by Mixer and passe
stringValuestring (oneof)Value is populated by Mixer and passe
int64Valueint64 (oneof)Value is populated by Mixer and passe
doubleValuedouble (oneof)Value is populated by Mixer and passe
boolValuebool (oneof)Value is populated by Mixer and passe
ipAddressValueIPAddress (oneof)Value is populated by Mixer and passe
timestampValueTimeStamp (oneof)Value is populated by Mixer and passe
durationValueDuration (oneof)Value is populated by Mixer and passe
emailAddressValueEmailAddress (oneof)Value is populated by Mixer and passe
dnsNameValueDNSName (oneof)Value is populated by Mixer and passe
uriValueUri (oneof)VALUE_TYPE_UNSPECIFIEDInvalid, default value.
STRINGAn undiscriminated variable-length string.
INT64An undiscriminated 64-bit signed integer.
DOUBLEAn undiscriminated 64-bit floating-point value.
BOOLAn undiscriminated boolean value.
TIMESTAMPA point in time.
IP_ADDRESSAn IP address.
EMAIL_ADDRESSAn email address.
URIA URI.
DNS_NAMEA DNS name.
DURATIONA span between two points in time.
STRING_MAPA map string -> string, typically used by headers.
diff --git a/content/docs/reference/config/policy-and-telemetry/templates/kubernetes.html b/content/docs/reference/config/policy-and-telemetry/templates/kubernetes.html index cb751502c8..77ec1e6794 100644 --- a/content/docs/reference/config/policy-and-telemetry/templates/kubernetes.html +++ b/content/docs/reference/config/policy-and-telemetry/templates/kubernetes.html @@ -81,14 +81,6 @@ to assign values to the generated attributes using the$out.<field name
Refers to source pod namespace. attributebindings can refer to this field using $out.sourcenamespace
-
-sourceServicestringRefers to source service. attributebindings can refer to this field using $out.sourceservice
-$out.<field name
Refers to source pod host ip address. attributebindings can refer to this field using $out.sourcehost_ip
+
+sourceWorkloadUidstringRefers to the Istio workload identifier for the source pod. Attributebindings can refer to this field using $out.sourceworkload_uid
+ +sourceWorkloadNamestringRefers to the Istio workload name for the source pod. Attributebindings can refer to this field using $out.sourceworkload_name
+ +sourceWorkloadNamespacestringRefers to the Istio workload namespace for the source pod. Attributebindings can refer to this field using $out.sourceworkload_namespace
+ +sourceOwnerstringRefers to the (controlling) owner of the source pod. Attributebindings can refer to this field using $out.sourceowner
+$out.<field name
Refers to destination pod namespace. attributebindings can refer to this field using $out.destinationnamespace
-
-destinationServicestringRefers to destination service. attributebindings can refer to this field using $out.destinationservice
-$out.<field name
originPodIpistio.policy.v1beta1.IPAddressRefers to origin pod ip address. attributebindings can refer to this field using $out.originpod_ip
- -originPodNamedestinationOwnerstringRefers to origin pod name. attributebindings can refer to this field using $out.originpod_name
+Refers to the (controlling) owner of the destination pod. Attributebindings can refer to this field using $out.destinationowner
originLabelsmap<string, string>Refers to origin pod labels. attributebindings can refer to this field using $out.originlabels
- -originNamespacedestinationWorkloadUidstringRefers to origin pod namespace. attributebindings can refer to this field using $out.originnamespace
+Refers to the Istio workload identifier for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_uid
originServicedestinationWorkloadNamestringRefers to origin service. attributebindings can refer to this field using $out.originservice
+Refers to the Istio workload name for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_name
originServiceAccountNamedestinationWorkloadNamespacestringRefers to origin pod service account name. attributebindings can refer to this field using $out.originserviceaccountname
- -originHostIpistio.policy.v1beta1.IPAddressRefers to origin pod host ip address. attributebindings can refer to this field using $out.originhost_ip
+Refers to the Istio workload name for the destination pod. Attributebindings can refer to this field using $out.destinationworkload_namespace
Destination pod’s ip.
-originUidstringOrigin pod’s uid. Must be of the form: “kubernetes://pod.namespace”
- -originIpistio.policy.v1beta1.IPAddressOrigin pod’s ip.
-