Final round of file renames.

content/docs/reference/commands/galley/index.html

@@ -1,8 +1,8 @@
 ---
-title: gals
+title: galley
 description: Galley provides configuration management services for Istio.
 generator: pkg-collateral-docs
-number_of_entries: 7
+number_of_entries: 6
 ---
 <p>Galley provides configuration management services for Istio.</p>
 <table class="command-flags">
@@ -21,11 +21,11 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_caller &lt;string&gt;</code></td>
-<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter]  (default ``)</td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, runtime]  (default ``)</td>
 </tr>
 <tr>
 <td><code>--log_output_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
 </tr>
 <tr>
 <td><code>--log_rotate &lt;string&gt;</code></td>
@@ -45,21 +45,33 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_stacktrace_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
 </tr>
 <tr>
 <td><code>--log_target &lt;stringArray&gt;</code></td>
 <td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
 </tr>
 <tr>
+<td><code>--logcaller</code></td>
+<td>Logs filename and line number of callers to log </td>
+</tr>
+<tr>
+<td><code>--loglevel &lt;Level&gt;</code></td>
+<td>loglevel, one of [Debug Verbose Info Warning Error Critical Fatal]  (default `Info`)</td>
+</tr>
+<tr>
+<td><code>--logprefix &lt;string&gt;</code></td>
+<td>Prefix to log lines before logged messages  (default `> `)</td>
+</tr>
+<tr>
 <td><code>--resyncPeriod &lt;duration&gt;</code></td>
 <td>Resync period for rescanning Kubernetes resources  (default `0s`)</td>
 </tr>
 </tbody>
 </table>
-<h2 id="gals-probe">gals probe</h2>
+<h2 id="galley-probe">galley probe</h2>
 <p>Check the liveness or readiness of a locally-running server</p>
-<pre class="language-bash"><code>gals probe [flags]
+<pre class="language-bash"><code>galley probe [flags]
 </code></pre>
 <table class="command-flags">
 <thead>
@@ -81,11 +93,11 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_caller &lt;string&gt;</code></td>
-<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter]  (default ``)</td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, runtime]  (default ``)</td>
 </tr>
 <tr>
 <td><code>--log_output_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
 </tr>
 <tr>
 <td><code>--log_rotate &lt;string&gt;</code></td>
@@ -105,13 +117,25 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_stacktrace_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
 </tr>
 <tr>
 <td><code>--log_target &lt;stringArray&gt;</code></td>
 <td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
 </tr>
 <tr>
+<td><code>--logcaller</code></td>
+<td>Logs filename and line number of callers to log </td>
+</tr>
+<tr>
+<td><code>--loglevel &lt;Level&gt;</code></td>
+<td>loglevel, one of [Debug Verbose Info Warning Error Critical Fatal]  (default `Info`)</td>
+</tr>
+<tr>
+<td><code>--logprefix &lt;string&gt;</code></td>
+<td>Prefix to log lines before logged messages  (default `> `)</td>
+</tr>
+<tr>
 <td><code>--probe-path &lt;string&gt;</code></td>
 <td>Path of the file for checking the availability.  (default ``)</td>
 </tr>
@@ -121,65 +145,9 @@ number_of_entries: 7
 </tr>
 </tbody>
 </table>
-<h2 id="gals-purge">gals purge</h2>
+<h2 id="galley-server">galley server</h2>
-<p>Delete the internal configuration CRDs and resources.</p>
-<pre class="language-bash"><code>gals purge [flags]
-</code></pre>
-<table class="command-flags">
-<thead>
-<th>Flags</th>
-<th>Description</th>
-</thead>
-<tbody>
-<tr>
-<td><code>--kubeconfig &lt;string&gt;</code></td>
-<td>Use a Kubernetes configuration file instead of in-cluster configuration  (default ``)</td>
-</tr>
-<tr>
-<td><code>--log_as_json</code></td>
-<td>Whether to format output as JSON or in plain console-friendly format </td>
-</tr>
-<tr>
-<td><code>--log_caller &lt;string&gt;</code></td>
-<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter]  (default ``)</td>
-</tr>
-<tr>
-<td><code>--log_output_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
-</tr>
-<tr>
-<td><code>--log_rotate &lt;string&gt;</code></td>
-<td>The path for the optional rotating log file  (default ``)</td>
-</tr>
-<tr>
-<td><code>--log_rotate_max_age &lt;int&gt;</code></td>
-<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit)  (default `30`)</td>
-</tr>
-<tr>
-<td><code>--log_rotate_max_backups &lt;int&gt;</code></td>
-<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit)  (default `1000`)</td>
-</tr>
-<tr>
-<td><code>--log_rotate_max_size &lt;int&gt;</code></td>
-<td>The maximum size in megabytes of a log file beyond which the file is rotated  (default `104857600`)</td>
-</tr>
-<tr>
-<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
-</tr>
-<tr>
-<td><code>--log_target &lt;stringArray&gt;</code></td>
-<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
-</tr>
-<tr>
-<td><code>--resyncPeriod &lt;duration&gt;</code></td>
-<td>Resync period for rescanning Kubernetes resources  (default `0s`)</td>
-</tr>
-</tbody>
-</table>
-<h2 id="gals-server">gals server</h2>
 <p>Starts Galley as a server</p>
-<pre class="language-bash"><code>gals server [flags]
+<pre class="language-bash"><code>galley server [flags]
 </code></pre>
 <table class="command-flags">
 <thead>
@@ -188,20 +156,44 @@ number_of_entries: 7
 </thead>
 <tbody>
 <tr>
+<td><code>--address &lt;string&gt;</code></td>
+<td>Address to use for Galley&#39;s gRPC API, e.g. tcp://127.0.0.1:9092 or unix:///path/to/file  (default `tcp://127.0.0.1:9901`)</td>
+</tr>
+<tr>
+<td><code>--ctrlz_address &lt;string&gt;</code></td>
+<td>The IP Address to listen on for the ControlZ introspection facility. Use &#39;*&#39; to indicate all addresses.  (default `127.0.0.1`)</td>
+</tr>
+<tr>
+<td><code>--ctrlz_port &lt;uint16&gt;</code></td>
+<td>The IP port to use for the ControlZ introspection facility  (default `9876`)</td>
+</tr>
+<tr>
+<td><code>--kubeConfig &lt;string&gt;</code></td>
+<td>Path to the Kube config file  (default ``)</td>
+</tr>
+<tr>
 <td><code>--kubeconfig &lt;string&gt;</code></td>
 <td>Use a Kubernetes configuration file instead of in-cluster configuration  (default ``)</td>
 </tr>
 <tr>
+<td><code>--livenessProbeInterval &lt;duration&gt;</code></td>
+<td>Interval of updating file for the liveness probe.  (default `0s`)</td>
+</tr>
+<tr>
+<td><code>--livenessProbePath &lt;string&gt;</code></td>
+<td>Path to the file for the liveness probe.  (default ``)</td>
+</tr>
+<tr>
 <td><code>--log_as_json</code></td>
 <td>Whether to format output as JSON or in plain console-friendly format </td>
 </tr>
 <tr>
 <td><code>--log_caller &lt;string&gt;</code></td>
-<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter]  (default ``)</td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, runtime]  (default ``)</td>
 </tr>
 <tr>
 <td><code>--log_output_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
 </tr>
 <tr>
 <td><code>--log_rotate &lt;string&gt;</code></td>
@@ -221,21 +213,49 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_stacktrace_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
 </tr>
 <tr>
 <td><code>--log_target &lt;stringArray&gt;</code></td>
 <td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
 </tr>
 <tr>
+<td><code>--logcaller</code></td>
+<td>Logs filename and line number of callers to log </td>
+</tr>
+<tr>
+<td><code>--loglevel &lt;Level&gt;</code></td>
+<td>loglevel, one of [Debug Verbose Info Warning Error Critical Fatal]  (default `Info`)</td>
+</tr>
+<tr>
+<td><code>--logprefix &lt;string&gt;</code></td>
+<td>Prefix to log lines before logged messages  (default `> `)</td>
+</tr>
+<tr>
+<td><code>--maxConcurrentStreams &lt;uint&gt;</code></td>
+<td>Maximum number of outstanding RPCs per connection  (default `1024`)</td>
+</tr>
+<tr>
+<td><code>--maxReceivedMessageSize &lt;uint&gt;</code></td>
+<td>Maximum size of individual gRPC messages  (default `1048576`)</td>
+</tr>
+<tr>
+<td><code>--readinessProbeInterval &lt;duration&gt;</code></td>
+<td>Interval of updating file for the readiness probe.  (default `0s`)</td>
+</tr>
+<tr>
+<td><code>--readinessProbePath &lt;string&gt;</code></td>
+<td>Path to the file for the readiness probe.  (default ``)</td>
+</tr>
+<tr>
 <td><code>--resyncPeriod &lt;duration&gt;</code></td>
 <td>Resync period for rescanning Kubernetes resources  (default `0s`)</td>
 </tr>
 </tbody>
 </table>
-<h2 id="gals-validator">gals validator</h2>
+<h2 id="galley-validator">galley validator</h2>
 <p>Runs an https server for Istio configuration validation. Uses k8s validating webhooks to validate Pilot and Mixer configuration.</p>
-<pre class="language-bash"><code>gals validator [flags]
+<pre class="language-bash"><code>galley validator [flags]
 </code></pre>
 <table class="command-flags">
 <thead>
@@ -265,11 +285,11 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_caller &lt;string&gt;</code></td>
-<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter]  (default ``)</td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, runtime]  (default ``)</td>
 </tr>
 <tr>
 <td><code>--log_output_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
 </tr>
 <tr>
 <td><code>--log_rotate &lt;string&gt;</code></td>
@@ -289,13 +309,25 @@ number_of_entries: 7
 </tr>
 <tr>
 <td><code>--log_stacktrace_level &lt;string&gt;</code></td>
-<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
 </tr>
 <tr>
 <td><code>--log_target &lt;stringArray&gt;</code></td>
 <td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
 </tr>
 <tr>
+<td><code>--logcaller</code></td>
+<td>Logs filename and line number of callers to log </td>
+</tr>
+<tr>
+<td><code>--loglevel &lt;Level&gt;</code></td>
+<td>loglevel, one of [Debug Verbose Info Warning Error Critical Fatal]  (default `Info`)</td>
+</tr>
+<tr>
+<td><code>--logprefix &lt;string&gt;</code></td>
+<td>Prefix to log lines before logged messages  (default `> `)</td>
+</tr>
+<tr>
 <td><code>--mixer-webhook-name &lt;string&gt;</code></td>
 <td>Name of the mixer webhook entry in the webhook config.  (default `mixer.validation.istio.io`)</td>
 </tr>
@@ -325,9 +357,9 @@ number_of_entries: 7
 </tr>
 </tbody>
 </table>
-<h2 id="gals-version">gals version</h2>
+<h2 id="galley-version">galley version</h2>
 <p>Prints out build version information</p>
-<pre class="language-bash"><code>gals version [flags]
+<pre class="language-bash"><code>galley version [flags]
 </code></pre>
 <table class="command-flags">
 <thead>
@@ -349,12 +381,12 @@ number_of_entries: 7
 <tr>
 <td><code>--log_caller &lt;string&gt;</code></td>
 <td></td>
-<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter]  (default ``)</td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, runtime]  (default ``)</td>
 </tr>
 <tr>
 <td><code>--log_output_level &lt;string&gt;</code></td>
 <td></td>
-<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
 </tr>
 <tr>
 <td><code>--log_rotate &lt;string&gt;</code></td>
@@ -379,7 +411,7 @@ number_of_entries: 7
 <tr>
 <td><code>--log_stacktrace_level &lt;string&gt;</code></td>
 <td></td>
-<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, runtime] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
 </tr>
 <tr>
 <td><code>--log_target &lt;stringArray&gt;</code></td>
@@ -387,6 +419,21 @@ number_of_entries: 7
 <td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
 </tr>
 <tr>
+<td><code>--logcaller</code></td>
+<td></td>
+<td>Logs filename and line number of callers to log </td>
+</tr>
+<tr>
+<td><code>--loglevel &lt;Level&gt;</code></td>
+<td></td>
+<td>loglevel, one of [Debug Verbose Info Warning Error Critical Fatal]  (default `Info`)</td>
+</tr>
+<tr>
+<td><code>--logprefix &lt;string&gt;</code></td>
+<td></td>
+<td>Prefix to log lines before logged messages  (default `> `)</td>
+</tr>
+<tr>
 <td><code>--resyncPeriod &lt;duration&gt;</code></td>
 <td></td>
 <td>Resync period for rescanning Kubernetes resources  (default `0s`)</td>

content/docs/reference/commands/istioctl/index.html

@@ -2,7 +2,7 @@
 title: istioctl
 description: Istio control interface
 generator: pkg-collateral-docs
-number_of_entries: 22
+number_of_entries: 26
 ---
 <p>
 Istio configuration command line utility.</p>
@@ -1491,16 +1491,98 @@ istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConf
 
 </code></pre>
 <h2 id="istioctl-proxy-config">istioctl proxy-config</h2>
-<p>
+<p>A group of commands used to retrieve information about proxy configuration from the Envoy config dump</p>
-Retrieves proxy configuration for the specified pod from the endpoint proxy or Pilot when running in Kubernetes.
+<table class="command-flags">
-It is also able to retrieve the state of the entire mesh by using mesh instead of &lt;pod-name&gt;. This is only available when querying Pilot.</p>
+<thead>
-<p>Available configuration types:</p>
+<th>Flags</th>
-<p>	Endpoint:
+<th>Shorthand</th>
-	[clusters listeners routes bootstrap]</p>
+<th>Description</th>
-<p>	Pilot:
+</thead>
-	[ads eds]</p>
+<tbody>
-<p></p>
+<tr>
-<pre class="language-bash"><code>istioctl proxy-config &lt;endpoint|pilot&gt; &lt;pod-name|mesh&gt; [&lt;configuration-type&gt;] [flags]
+<td><code>--context &lt;string&gt;</code></td>
+<td></td>
+<td>The name of the kubeconfig context to use  (default ``)</td>
+</tr>
+<tr>
+<td><code>--istioNamespace &lt;string&gt;</code></td>
+<td><code>-i</code></td>
+<td>Istio system namespace  (default `istio-system`)</td>
+</tr>
+<tr>
+<td><code>--kubeconfig &lt;string&gt;</code></td>
+<td><code>-c</code></td>
+<td>Kubernetes configuration file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_as_json</code></td>
+<td></td>
+<td>Whether to format output as JSON or in plain console-friendly format </td>
+</tr>
+<tr>
+<td><code>--log_caller &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default]  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_output_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate &lt;string&gt;</code></td>
+<td></td>
+<td>The path for the optional rotating log file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_age &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit)  (default `30`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_backups &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit)  (default `1000`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_size &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum size in megabytes of a log file beyond which the file is rotated  (default `104857600`)</td>
+</tr>
+<tr>
+<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+</tr>
+<tr>
+<td><code>--log_target &lt;stringArray&gt;</code></td>
+<td></td>
+<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
+</tr>
+<tr>
+<td><code>--namespace &lt;string&gt;</code></td>
+<td><code>-n</code></td>
+<td>Config namespace  (default ``)</td>
+</tr>
+<tr>
+<td><code>--output &lt;string&gt;</code></td>
+<td><code>-o</code></td>
+<td>Output format: one of json|short  (default `short`)</td>
+</tr>
+<tr>
+<td><code>--platform &lt;string&gt;</code></td>
+<td><code>-p</code></td>
+<td>Istio host platform  (default `kube`)</td>
+</tr>
+</tbody>
+</table>
+<h3 id="istioctl-proxy-config Examples">Examples</h3>
+<pre class="language-bash"><code>  # Retrieve information about proxy configuration from an Envoy instance.
+  istioctl proxy-config &lt;clusters|listeners|routes|bootstap&gt; &lt;pod-name&gt;
+</code></pre>
+<h2 id="istioctl-proxy-config-bootstrap">istioctl proxy-config bootstrap</h2>
+<p>Retrieve information about bootstrap configuration for the Envoy instance in the specified pod.</p>
+<pre class="language-bash"><code>istioctl proxy-config bootstrap &lt;pod-name&gt; [flags]
 </code></pre>
 <table class="command-flags">
 <thead>
@@ -1575,24 +1657,358 @@ It is also able to retrieve the state of the entire mesh by using mesh instead o
 <td>Config namespace  (default ``)</td>
 </tr>
 <tr>
+<td><code>--output &lt;string&gt;</code></td>
+<td><code>-o</code></td>
+<td>Output format: one of json|short  (default `short`)</td>
+</tr>
+<tr>
 <td><code>--platform &lt;string&gt;</code></td>
 <td><code>-p</code></td>
 <td>Istio host platform  (default `kube`)</td>
 </tr>
 </tbody>
 </table>
-<h3 id="istioctl-proxy-config Examples">Examples</h3>
+<h3 id="istioctl-proxy-config-bootstrap Examples">Examples</h3>
-<pre class="language-bash"><code># Retrieve all config for productpage-v1-bb8d5cbc7-k7qbm pod from the endpoint proxy
+<pre class="language-bash"><code>  # Retrieve full bootstrap configuration for a given pod from Envoy.
-istioctl proxy-config endpoint productpage-v1-bb8d5cbc7-k7qbm
+  istioctl proxy-config bootstrap &lt;pod-name&gt;
 
-# Retrieve eds config for productpage-v1-bb8d5cbc7-k7qbm pod from Pilot
+</code></pre>
-istioctl proxy-config pilot productpage-v1-bb8d5cbc7-k7qbm eds
+<h2 id="istioctl-proxy-config-cluster">istioctl proxy-config cluster</h2>
+<p>Retrieve information about cluster configuration for the Envoy instance in the specified pod.</p>
+<pre class="language-bash"><code>istioctl proxy-config cluster &lt;pod-name&gt; [flags]
+</code></pre>
+<table class="command-flags">
+<thead>
+<th>Flags</th>
+<th>Shorthand</th>
+<th>Description</th>
+</thead>
+<tbody>
+<tr>
+<td><code>--context &lt;string&gt;</code></td>
+<td></td>
+<td>The name of the kubeconfig context to use  (default ``)</td>
+</tr>
+<tr>
+<td><code>--direction &lt;string&gt;</code></td>
+<td></td>
+<td>Filter clusters by Direction field  (default ``)</td>
+</tr>
+<tr>
+<td><code>--fqdn &lt;string&gt;</code></td>
+<td></td>
+<td>Filter clusters by substring of Service FQDN field  (default ``)</td>
+</tr>
+<tr>
+<td><code>--istioNamespace &lt;string&gt;</code></td>
+<td><code>-i</code></td>
+<td>Istio system namespace  (default `istio-system`)</td>
+</tr>
+<tr>
+<td><code>--kubeconfig &lt;string&gt;</code></td>
+<td><code>-c</code></td>
+<td>Kubernetes configuration file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_as_json</code></td>
+<td></td>
+<td>Whether to format output as JSON or in plain console-friendly format </td>
+</tr>
+<tr>
+<td><code>--log_caller &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default]  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_output_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate &lt;string&gt;</code></td>
+<td></td>
+<td>The path for the optional rotating log file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_age &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit)  (default `30`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_backups &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit)  (default `1000`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_size &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum size in megabytes of a log file beyond which the file is rotated  (default `104857600`)</td>
+</tr>
+<tr>
+<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+</tr>
+<tr>
+<td><code>--log_target &lt;stringArray&gt;</code></td>
+<td></td>
+<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
+</tr>
+<tr>
+<td><code>--namespace &lt;string&gt;</code></td>
+<td><code>-n</code></td>
+<td>Config namespace  (default ``)</td>
+</tr>
+<tr>
+<td><code>--output &lt;string&gt;</code></td>
+<td><code>-o</code></td>
+<td>Output format: one of json|short  (default `short`)</td>
+</tr>
+<tr>
+<td><code>--platform &lt;string&gt;</code></td>
+<td><code>-p</code></td>
+<td>Istio host platform  (default `kube`)</td>
+</tr>
+<tr>
+<td><code>--port &lt;int&gt;</code></td>
+<td></td>
+<td>Filter clusters by Port field  (default `0`)</td>
+</tr>
+<tr>
+<td><code>--subset &lt;string&gt;</code></td>
+<td></td>
+<td>Filter clusters by subtring of Subset field  (default ``)</td>
+</tr>
+</tbody>
+</table>
+<h3 id="istioctl-proxy-config-cluster Examples">Examples</h3>
+<pre class="language-bash"><code>  # Retrieve summary about cluster configuration for a given pod from Envoy.
+  istioctl proxy-config clusters &lt;pod-name&gt;
 
-# Retrieve ads config for the mesh from Pilot
+  # Retrieve cluster summary for clusters with port 9080.
-istioctl proxy-config pilot mesh ads
+  istioctl proxy-config clusters &lt;pod-name&gt; --port 9080
+
+  # Retrieve full cluster dump for clusters that are inbound with a FQDN of details.default.svc.cluster.local.
+  istioctl proxy-config clusters &lt;pod-name&gt; --fqdn details.default.svc.cluster.local --direction inbound -o json
+
+</code></pre>
+<h2 id="istioctl-proxy-config-listener">istioctl proxy-config listener</h2>
+<p>Retrieve information about listener configuration for the Envoy instance in the specified pod.</p>
+<pre class="language-bash"><code>istioctl proxy-config listener &lt;pod-name&gt; [flags]
+</code></pre>
+<table class="command-flags">
+<thead>
+<th>Flags</th>
+<th>Shorthand</th>
+<th>Description</th>
+</thead>
+<tbody>
+<tr>
+<td><code>--address &lt;string&gt;</code></td>
+<td></td>
+<td>Filter listeners by address field  (default ``)</td>
+</tr>
+<tr>
+<td><code>--context &lt;string&gt;</code></td>
+<td></td>
+<td>The name of the kubeconfig context to use  (default ``)</td>
+</tr>
+<tr>
+<td><code>--istioNamespace &lt;string&gt;</code></td>
+<td><code>-i</code></td>
+<td>Istio system namespace  (default `istio-system`)</td>
+</tr>
+<tr>
+<td><code>--kubeconfig &lt;string&gt;</code></td>
+<td><code>-c</code></td>
+<td>Kubernetes configuration file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_as_json</code></td>
+<td></td>
+<td>Whether to format output as JSON or in plain console-friendly format </td>
+</tr>
+<tr>
+<td><code>--log_caller &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default]  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_output_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate &lt;string&gt;</code></td>
+<td></td>
+<td>The path for the optional rotating log file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_age &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit)  (default `30`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_backups &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit)  (default `1000`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_size &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum size in megabytes of a log file beyond which the file is rotated  (default `104857600`)</td>
+</tr>
+<tr>
+<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+</tr>
+<tr>
+<td><code>--log_target &lt;stringArray&gt;</code></td>
+<td></td>
+<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
+</tr>
+<tr>
+<td><code>--namespace &lt;string&gt;</code></td>
+<td><code>-n</code></td>
+<td>Config namespace  (default ``)</td>
+</tr>
+<tr>
+<td><code>--output &lt;string&gt;</code></td>
+<td><code>-o</code></td>
+<td>Output format: one of json|short  (default `short`)</td>
+</tr>
+<tr>
+<td><code>--platform &lt;string&gt;</code></td>
+<td><code>-p</code></td>
+<td>Istio host platform  (default `kube`)</td>
+</tr>
+<tr>
+<td><code>--port &lt;int&gt;</code></td>
+<td></td>
+<td>Filter listeners by Port field  (default `0`)</td>
+</tr>
+<tr>
+<td><code>--type &lt;string&gt;</code></td>
+<td></td>
+<td>Filter listeners by type field  (default ``)</td>
+</tr>
+</tbody>
+</table>
+<h3 id="istioctl-proxy-config-listener Examples">Examples</h3>
+<pre class="language-bash"><code>  # Retrieve summary about listener configuration for a given pod from Envoy.
+  istioctl proxy-config listeners &lt;pod-name&gt;
+
+  # Retrieve listener summary for listeners with port 9080.
+  istioctl proxy-config listeners &lt;pod-name&gt; --port 9080
+
+  # Retrieve full listener dump for HTTP listeners with a wildcard address (0.0.0.0).
+  istioctl proxy-config listeners &lt;pod-name&gt; --type HTTP --address 0.0.0.0 -o json
+
+</code></pre>
+<h2 id="istioctl-proxy-config-route">istioctl proxy-config route</h2>
+<p>Retrieve information about route configuration for the Envoy instance in the specified pod.</p>
+<pre class="language-bash"><code>istioctl proxy-config route &lt;pod-name&gt; [flags]
+</code></pre>
+<table class="command-flags">
+<thead>
+<th>Flags</th>
+<th>Shorthand</th>
+<th>Description</th>
+</thead>
+<tbody>
+<tr>
+<td><code>--context &lt;string&gt;</code></td>
+<td></td>
+<td>The name of the kubeconfig context to use  (default ``)</td>
+</tr>
+<tr>
+<td><code>--istioNamespace &lt;string&gt;</code></td>
+<td><code>-i</code></td>
+<td>Istio system namespace  (default `istio-system`)</td>
+</tr>
+<tr>
+<td><code>--kubeconfig &lt;string&gt;</code></td>
+<td><code>-c</code></td>
+<td>Kubernetes configuration file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_as_json</code></td>
+<td></td>
+<td>Whether to format output as JSON or in plain console-friendly format </td>
+</tr>
+<tr>
+<td><code>--log_caller &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default]  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_output_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:info`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate &lt;string&gt;</code></td>
+<td></td>
+<td>The path for the optional rotating log file  (default ``)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_age &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit)  (default `30`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_backups &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit)  (default `1000`)</td>
+</tr>
+<tr>
+<td><code>--log_rotate_max_size &lt;int&gt;</code></td>
+<td></td>
+<td>The maximum size in megabytes of a log file beyond which the file is rotated  (default `104857600`)</td>
+</tr>
+<tr>
+<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
+<td></td>
+<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, default] and level can be one of [debug, info, warn, error, none]  (default `default:none`)</td>
+</tr>
+<tr>
+<td><code>--log_target &lt;stringArray&gt;</code></td>
+<td></td>
+<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr  (default `[stdout]`)</td>
+</tr>
+<tr>
+<td><code>--name &lt;string&gt;</code></td>
+<td></td>
+<td>Filter listeners by route name field  (default ``)</td>
+</tr>
+<tr>
+<td><code>--namespace &lt;string&gt;</code></td>
+<td><code>-n</code></td>
+<td>Config namespace  (default ``)</td>
+</tr>
+<tr>
+<td><code>--output &lt;string&gt;</code></td>
+<td><code>-o</code></td>
+<td>Output format: one of json|short  (default `short`)</td>
+</tr>
+<tr>
+<td><code>--platform &lt;string&gt;</code></td>
+<td><code>-p</code></td>
+<td>Istio host platform  (default `kube`)</td>
+</tr>
+</tbody>
+</table>
+<h3 id="istioctl-proxy-config-route Examples">Examples</h3>
+<pre class="language-bash"><code>  # Retrieve summary about route configuration for a given pod from Envoy.
+  istioctl proxy-config routes &lt;pod-name&gt;
+
+  # Retrieve route summary for route 9080.
+  istioctl proxy-config route &lt;pod-name&gt; --name 9080
+
+  # Retrieve full route dump for route 9080
+  istioctl proxy-config route &lt;pod-name&gt; --name 9080 -o json
 
-# Retrieve bootstrap config for productpage-v1-bb8d5cbc7-k7qbm pod in the application namespace from the endpoint proxy
-istioctl proxy-config endpoint -n application productpage-v1-bb8d5cbc7-k7qbm bootstrap
 </code></pre>
 <h2 id="istioctl-proxy-status">istioctl proxy-status</h2>
 <p>

content/docs/reference/commands/mixs/index.html

@@ -193,6 +193,11 @@ nexus for policy evaluation and telemetry reporting.</p>
 <td>HTTP port to use for the exposing mixer self-monitoring information  (default `9093`)</td>
 </tr>
 <tr>
+<td><code>--numCheckCacheEntries &lt;int32&gt;</code></td>
+<td></td>
+<td>Max number of entries in the check result cache  (default `1500000`)</td>
+</tr>
+<tr>
 <td><code>--port &lt;uint16&gt;</code></td>
 <td><code>-p</code></td>
 <td>TCP port to use for Mixer&#39;s gRPC API, if the address option is not specified  (default `9091`)</td>

content/docs/reference/config/istio.networking.v1alpha3/index.html

@@ -4,7 +4,7 @@ description: Configuration affecting traffic routing
 location: https://istio.io/docs/reference/config/istio.networking.v1alpha3.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-number_of_entries: 46
+number_of_entries: 48
 ---
 <p>Configuration affecting traffic routing. Here are a few terms useful to define
 in the context of traffic routing.</p>
@@ -689,7 +689,7 @@ The behavior is undefined if multiple EnvoyFilter configurations are
 specified for the same workload.</p>
 
 <p>The following example for Kubernetes enables Envoy&rsquo;s Lua filter for all
-inbound calls arriving at port 18080 of the reviews service pod with
+inbound calls arriving at service port 8080 of the reviews service pod with
 labels &ldquo;app: reviews&rdquo;.</p>
 
 <pre><code>apiVersion: networking.istio.io/v1alpha3
@@ -701,8 +701,8 @@ spec:
     app: reviews
   filters:
   - listenerMatch:
-      portNumber: 18080
+      portNumber: 8080 
-      listenerType: SIDECAR_INBOUND #will match with the listener for the podIP:18080
+      listenerType: SIDECAR_INBOUND #will match with the inbound listener for reviews:8080
     filterName: envoy.lua
     filterType: HTTP
     filterConfig:
@@ -937,8 +937,10 @@ to be applied to a listener.</p>
 <td><code>portNumber</code></td>
 <td><code>uint32</code></td>
 <td>
-<p>Port associated with the listener. If not specified, matches all
+<p>The service port/gateway port to which traffic is being
-listeners.</p>
+sent/received. If not specified, matches all listeners. Eventhough
+inbound listeners are generated for the instance/pod ports, only
+service ports should be used to match listeners.</p>
 
 </td>
 </tr>
@@ -1185,12 +1187,13 @@ spec:
   - my-gateway
   tcp:
   - match:
-    - port:
+    - port: 27017
-        number: 27017
       sourceSubnet: &quot;172.17.16.0/24&quot;
     route:
     - destination:
         host: mongo.prod.svc.cluster.local
+        port:
+          number: 5555
 </code></pre>
 
 <table class="message-fields">
@@ -1874,15 +1877,6 @@ specifies a particular IP.</p>
 only expose a single port or label ports with the protocols they support,
 in these cases it is not required to explicitly select the port.</p>
 
-</td>
-</tr>
-<tr id="L4MatchAttributes-source_subnet">
-<td><code>sourceSubnet</code></td>
-<td><code>string</code></td>
-<td>
-<p>IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx
-form or just a.b.c.d</p>
-
 </td>
 </tr>
 <tr id="L4MatchAttributes-source_labels">
@@ -1901,8 +1895,8 @@ gateways specified at the top, it should include the reserved gateway
 <td><code>string[]</code></td>
 <td>
 <p>Names of gateways where the rule should be applied to. Gateway names
-at the top of the VirtualService (if any) are overridden. The gateway match is
+at the top of the VirtualService (if any) are overridden. The gateway
-independent of sourceLabels.</p>
+match is independent of sourceLabels.</p>
 
 </td>
 </tr>
@@ -2200,8 +2194,8 @@ service that can be ejected. Defaults to 10%.</p>
 <td><code>string</code></td>
 <td>
 <p>REQUIRED: The protocol exposed on the port.
-MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TCP-TLS.
+MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS.
-TCP-TLS is used to indicate secure connections to non HTTP services.</p>
+TLS is used to indicate secure connections to non HTTP services.</p>
 
 </td>
 </tr>
@@ -2513,6 +2507,132 @@ spec:
       caCertificates: /etc/certs/rootcacerts.pem
 </code></pre>
 
+<p>The following example uses a combination of service entry and TLS
+routing in virtual service to demonstrate the use of SNI routing to
+forward unterminated TLS traffic from the application to external
+services via the sidecar. The sidecar inspects the SNI value in the
+ClientHello message to route to the appropriate external service.</p>
+
+<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: external-svc-https
+spec:
+  hosts:
+  - api.dropboxapi.com
+  - www.googleapis.com
+  - api.facebook.com
+  location: MESH_EXTERNAL
+  ports:
+  - number: 443
+    name: https
+    protocol: HTTPS
+  resolution: DNS
+</code></pre>
+
+<p>And the associated VirtualService to route based on the SNI value.</p>
+
+<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: tls-routing
+spec:
+  hosts:
+  - api.dropboxapi.com
+  - www.googleapis.com
+  - api.facebook.com
+  tls:
+  - match:
+    - port: 443
+      sniHosts:
+      - api.dropboxapi.com
+    route:
+    - destination:
+        host: api.dropboxapi.com
+  - match:
+    - port: 443
+      sniHosts:
+      - www.googleapis.com
+    route:
+    - destination:
+        host: www.googleapis.com
+  - match:
+    - port: 443
+      sniHosts:
+      - api.facebook.com
+    route:
+    - destination:
+        host: api.facebook.com
+
+</code></pre>
+
+<p>The following example demonstrates the use of a dedicated egress gateway
+through which all external service traffic is forwarded.</p>
+
+<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: external-svc-httpbin
+spec:
+  hosts:
+  - httpbin.com
+  location: MESH_EXTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: DNS
+</code></pre>
+
+<p>Define a gateway to to handle all egress traffic.</p>
+
+<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+ name: istio-egressgateway
+spec:
+ selector:
+   istio: egressgateway
+ servers:
+ - port:
+     number: 80
+     name: http
+     protocol: HTTP
+   hosts:
+   - &quot;*&quot;
+
+And the associated VirtualService to route from the sidecar to the
+gateway service (istio-egressgateway.istio-system.svc.cluster.local), as
+well as route from the gateway to the external service.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: gateway-routing
+spec:
+  hosts:
+  - httpbin.com
+  gateways:
+  - mesh
+  - istio-egressgateway
+  http:
+  - match:
+    - port: 80
+      gateways:
+      - mesh
+    route:
+    - destination:
+        host: istio-egressgateway.istio-system.svc.cluster.local
+  - match:
+    - port: 80
+      gateway:
+      - istio-egressgateway
+    route:
+    - destination:
+        host: httpbin.com
+</code></pre>
+
 <p>The following example demonstrates the use of wildcards in the hosts for
 external services. If the connection has to be routed to the IP address
 requested by the application (i.e. application resolves DNS and attempts
@@ -2559,8 +2679,8 @@ backed by multiple DNS addressable endpoints. In such a scenario, the
 application can use the HTTP_PROXY environment variable to transparently
 reroute API calls for the VirtualService to a chosen backend. For
 example, the following configuration creates a non-existent external
-service called foo.bar.com backed by three domains: us.foo.bar.com:8443,
+service called foo.bar.com backed by three domains: us.foo.bar.com:8080,
-uk.foo.bar.com:9443, and in.foo.bar.com:7443</p>
+uk.foo.bar.com:9080, and in.foo.bar.com:7080</p>
 
 <pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
@@ -2571,40 +2691,26 @@ spec:
   - foo.bar.com
   location: MESH_EXTERNAL
   ports:
-  - number: 443
+  - number: 80
     name: https
     protocol: HTTP
   resolution: DNS
   endpoints:
   - address: us.foo.bar.com
     ports:
-      https: 8443
+      https: 8080
   - address: uk.foo.bar.com
     ports:
-      https: 9443
+      https: 9080
   - address: in.foo.bar.com
     ports:
-      https: 7443
+      https: 7080
 </code></pre>
 
-<p>and a DestinationRule to initiate TLS connections to the ServiceEntry.</p>
+<p>With HTTP_PROXY=http://localhost/, calls from the application to
-
+http://foo.bar.com will be load balanced across the three domains
-<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
+specified above. In other words, a call to http://foo.bar.com/baz would
-kind: DestinationRule
+be translated to http://uk.foo.bar.com/baz.</p>
-metadata:
-  name: tls-foobar
-spec:
-  host: foo.bar.com
-  trafficPolicy:
-    tls:
-      mode: SIMPLE # initiates HTTPS
-</code></pre>
-
-<p>With HTTP_PROXY=http://localhost:443, calls from the application to
-http://foo.bar.com will be upgraded to HTTPS and load balanced across
-the three domains specified above. In other words, a call to
-http://foo.bar.com/baz would be translated to
-https://uk.foo.bar.com/baz.</p>
 
 <table class="message-fields">
 <thead>
@@ -2946,8 +3052,7 @@ specified at the DestinationRule level.</p>
 <section>
 <p>Describes match conditions and actions for routing TCP traffic. The
 following routing rule forwards traffic arriving at port 27017 for
-mongo.prod.svc.cluster.local from 172.17.16.* subnet to another Mongo
+mongo.prod.svc.cluster.local to another Mongo server on port 5555.</p>
-server on port 5555.</p>
 
 <pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
@@ -2959,7 +3064,6 @@ spec:
   tcp:
   - match:
     - port: 27017
-      sourceSubnet: &quot;172.17.16.0/24&quot;
     route:
     - destination:
         host: mongo.backup.svc.cluster.local
@@ -2996,6 +3100,142 @@ Currently, only one destination is allowed for TCP services. When TCP
 weighted routing support is introduced in Envoy, multiple destinations
 with weights can be specified.</p>
 
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="TLSMatchAttributes">TLSMatchAttributes</h2>
+<section>
+<p>TLS connection match attributes.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="TLSMatchAttributes-destination_subnet">
+<td><code>destinationSubnet</code></td>
+<td><code>string</code></td>
+<td>
+<p>IPv4 or IPv6 ip address of destination with optional subnet.  E.g.,
+a.b.c.d/xx form or just a.b.c.d. This is only valid when the
+destination service has several IPs and the application explicitly
+specifies a particular IP.</p>
+
+</td>
+</tr>
+<tr id="TLSMatchAttributes-port">
+<td><code>port</code></td>
+<td><code>uint32</code></td>
+<td>
+<p>Specifies the port on the host that is being addressed. Many services
+only expose a single port or label ports with the protocols they
+support, in these cases it is not required to explicitly select the
+port.</p>
+
+</td>
+</tr>
+<tr id="TLSMatchAttributes-sni_hosts">
+<td><code>sniHosts</code></td>
+<td><code>string[]</code></td>
+<td>
+<p>SNI (server name indicator) to match on. Wildcard prefixes can be used
+in the SNI value. E.g., *.com will match foo.example.com as well as
+example.com.</p>
+
+</td>
+</tr>
+<tr id="TLSMatchAttributes-source_labels">
+<td><code>sourceLabels</code></td>
+<td><code>map&lt;string,&nbsp;string&gt;</code></td>
+<td>
+<p>One or more labels that constrain the applicability of a rule to
+workloads with the given labels. If the VirtualService has a list of
+gateways specified at the top, it should include the reserved gateway
+<code>mesh</code> in order for this field to be applicable.</p>
+
+</td>
+</tr>
+<tr id="TLSMatchAttributes-gateways">
+<td><code>gateways</code></td>
+<td><code>string[]</code></td>
+<td>
+<p>Names of gateways where the rule should be applied to. Gateway names
+at the top of the VirtualService (if any) are overridden. The gateway
+match is independent of sourceLabels.</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="TLSRoute">TLSRoute</h2>
+<section>
+<p>Describes match conditions and actions for routing unterminated TLS
+traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS
+traffic arriving at port 443 of gateway called &ldquo;mygateway&rdquo; to internal
+services in the mesh based on the SNI value.</p>
+
+<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: bookinfo-sni
+spec:
+  hosts:
+  - &quot;*.bookinfo.com&quot;
+  gateways:
+  - mygateway
+  tls:
+  - match:
+    - port: 443
+      sniHosts:
+      - login.bookinfo.com
+    route:
+    - destination:
+        host: login.prod.svc.cluster.local
+  - match:
+    - port: 443
+      sniHosts:
+      - reviews.bookinfo.com
+    route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+</code></pre>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="TLSRoute-match">
+<td><code>match</code></td>
+<td><code><a href="#TLSMatchAttributes">TLSMatchAttributes[]</a></code></td>
+<td>
+<p>Match conditions to be satisfied for the rule to be activated. All
+conditions inside a single match block have AND semantics, while the
+list of match blocks have OR semantics. The rule is matched if any one
+of the match blocks succeed.</p>
+
+</td>
+</tr>
+<tr id="TLSRoute-route">
+<td><code>route</code></td>
+<td><code><a href="#DestinationWeight">DestinationWeight[]</a></code></td>
+<td>
+<p>The destination to which the connection should be forwarded to.
+Currently, only one destination is allowed for TLS services. When TCP
+weighted routing support is introduced in Envoy, multiple destinations
+with weights can be specified.</p>
+
 </td>
 </tr>
 </tbody>
@@ -3398,15 +3638,15 @@ only for services defined via the Gateway.</p>
 <td><code>string[]</code></td>
 <td>
 <p>The names of gateways and sidecars that should apply these routes. A
-single VirtualService is used for sidecars inside the mesh as well
+single VirtualService is used for sidecars inside the mesh as well as
-as for one or more gateways. The selection condition imposed by this field
+for one or more gateways. The selection condition imposed by this
-can be overridden using the source field in the match conditions of HTTP/TCP
+field can be overridden using the source field in the match conditions
-routes. The reserved word <code>mesh</code> is used to imply all the sidecars in
+of protocol-specific routes. The reserved word <code>mesh</code> is used to imply
-the mesh. When this field is omitted, the default gateway (<code>mesh</code>)
+all the sidecars in the mesh. When this field is omitted, the default
-will be used, which would apply the rule to all sidecars in the
+gateway (<code>mesh</code>) will be used, which would apply the rule to all
-mesh. If a list of gateway names is provided, the rules will apply
+sidecars in the mesh. If a list of gateway names is provided, the
-only to the gateways. To apply the rules to both gateways and sidecars,
+rules will apply only to the gateways. To apply the rules to both
-specify <code>mesh</code> as one of the gateway names.</p>
+gateways and sidecars, specify <code>mesh</code> as one of the gateway names.</p>
 
 </td>
 </tr>
@@ -3414,8 +3654,27 @@ specify <code>mesh</code> as one of the gateway names.</p>
 <td><code>http</code></td>
 <td><code><a href="#HTTPRoute">HTTPRoute[]</a></code></td>
 <td>
-<p>An ordered list of route rules for HTTP traffic.
+<p>An ordered list of route rules for HTTP traffic. HTTP routes will be
-The first rule matching an incoming request is used.</p>
+applied to platform service ports named &lsquo;http-<em>&rsquo;/&lsquo;http2-</em>&rsquo;/&lsquo;grpc-*&rsquo;, gateway
+ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service
+entry ports using HTTP/HTTP2/GRPC protocols.  The first rule matching
+an incoming request is used.</p>
+
+</td>
+</tr>
+<tr id="VirtualService-tls">
+<td><code>tls</code></td>
+<td><code><a href="#TLSRoute">TLSRoute[]</a></code></td>
+<td>
+<p>An ordered list of route rule for non-terminated TLS &amp; HTTPS
+traffic. Routing is typically performed using the SNI value presented
+by the ClientHello message. TLS routes will be applied to platform
+service ports named &lsquo;https-<em>&rsquo;, &lsquo;tls-</em>&rsquo;, unterminated gateway ports using
+HTTPS/TLS protocols (i.e. with &ldquo;passthrough&rdquo; TLS mode) and service
+entry ports using HTTPS/TLS protocols.  The first rule matching an
+incoming request is used.  NOTE: Traffic &lsquo;https-<em>&rsquo; or &lsquo;tls-</em>&rsquo; ports
+without associated virtual service will be treated as opaque TCP
+traffic.</p>
 
 </td>
 </tr>
@@ -3423,8 +3682,9 @@ The first rule matching an incoming request is used.</p>
 <td><code>tcp</code></td>
 <td><code><a href="#TCPRoute">TCPRoute[]</a></code></td>
 <td>
-<p>An ordered list of route rules for TCP traffic.
+<p>An ordered list of route rules for opaque TCP traffic. TCP routes will
-The first rule matching an incoming request is used.</p>
+be applied to any port that is not a HTTP or TLS port. The first rule
+matching an incoming request is used.</p>
 
 </td>
 </tr>

content/docs/reference/config/policy-and-telemetry/templates/tracespan.html

@@ -1,279 +0,0 @@
----
-title: Trace Span
-description: A template that represents\ an individual span within a distributed trace.
-location: https://istio.io/docs/reference/config/policy-and-telemetry/templates/tracespan.html
-layout: protoc-gen-docs
-generator: protoc-gen-docs
-number_of_entries: 3
----
-<p>The <code>tracespan</code> template represents an individual span within a distributed trace.</p>
-
-<p>Example config:</p>
-
-<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
-kind: tracespan
-metadata:
-  name: default
-  namespace: istio-system
-spec:
-  traceId: request.headers[&quot;x-b3-traceid&quot;]
-  spanId: request.headers[&quot;x-b3-spanid&quot;] | &quot;&quot;
-  parentSpanId: request.headers[&quot;x-b3-parentspanid&quot;] | &quot;&quot;
-  spanName: request.path | &quot;/&quot;
-  startTime: request.time
-  endTime: response.time
-  spanTags:
-    http.method: request.method | &quot;&quot;
-    http.status_code: response.code | 200
-    http.url: request.path | &quot;&quot;
-    request.size: request.size | 0
-    response.size: response.size | 0
-    source.ip: source.ip | ip(&quot;0.0.0.0&quot;)
-    source.service: source.service | &quot;&quot;
-    source.user: source.user | &quot;&quot;
-    source.version: source.labels[&quot;version&quot;] | &quot;&quot;
-</code></pre>
-
-<p>See also: <a href="/docs/tasks/telemetry/distributed-tracing/">Distributed Tracing</a>
-for information on tracing within Istio.</p>
-
-<h2 id="Template">Template</h2>
-<section>
-<p>TraceSpan represents an individual span within a distributed trace.</p>
-
-<p>When writing the configuration, the value for the fields associated with this template can either be a
-literal or an <a href="/docs/reference//config/policy-and-telemetry/expression-language/">expression</a>. Please note that if the datatype of a field is not istio.policy.v1beta1.Value,
-then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetry/expression-language/#type-checking">inferred type</a> must match the datatype of the field.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="Template-trace_id">
-<td><code>traceId</code></td>
-<td><code>string</code></td>
-<td>
-<p>Trace ID is the unique identifier for a trace. All spans from the same
-trace share the same Trace ID.</p>
-
-<p>Required.</p>
-
-</td>
-</tr>
-<tr id="Template-span_id">
-<td><code>spanId</code></td>
-<td><code>string</code></td>
-<td>
-<p>Span ID is the unique identifier for a span within a trace. It is assigned
-when the span is created.</p>
-
-<p>Optional.</p>
-
-</td>
-</tr>
-<tr id="Template-parent_span_id">
-<td><code>parentSpanId</code></td>
-<td><code>string</code></td>
-<td>
-<p>Parent Span ID is the unique identifier for a parent span of this span
-instance. If this is a root span, then this field MUST be empty.</p>
-
-<p>Optional.</p>
-
-</td>
-</tr>
-<tr id="Template-span_name">
-<td><code>spanName</code></td>
-<td><code>string</code></td>
-<td>
-<p>Span name is a description of the span&rsquo;s operation.</p>
-
-<p>For example, the name can be a qualified method name or a file name
-and a line number where the operation is called. A best practice is to use
-the same display name within an application and at the same call point.
-This makes it easier to correlate spans in different traces.</p>
-
-<p>Required.</p>
-
-</td>
-</tr>
-<tr id="Template-start_time">
-<td><code>startTime</code></td>
-<td><code><a href="#istio-policy-v1beta1-TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
-<td>
-<p>The start time of the span.</p>
-
-<p>Required.</p>
-
-</td>
-</tr>
-<tr id="Template-end_time">
-<td><code>endTime</code></td>
-<td><code><a href="#istio-policy-v1beta1-TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
-<td>
-<p>The end time of the span.</p>
-
-<p>Required.</p>
-
-</td>
-</tr>
-<tr id="Template-span_tags">
-<td><code>spanTags</code></td>
-<td><code>map&lt;string,&nbsp;<a href="#istio-policy-v1beta1-Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
-<td>
-<p>Span tags are a set of &lt; key, value &gt; pairs that provide metadata for the
-entire span. The values can be specified in the form of expressions.</p>
-
-<p>Optional.</p>
-
-</td>
-</tr>
-<tr id="Template-httpStatusCode">
-<td><code>httpStatusCode</code></td>
-<td><code>int64</code></td>
-<td>
-<p>HTTP status code used to set the span status. If unset or set to 0, the
-span status will be assumed to be successful.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="istio-policy-v1beta1-TimeStamp">istio.policy.v1beta1.TimeStamp</h2>
-<section>
-<p>An instance field of type TimeStamp denotes that the expression for the field must evalaute to
-<em>ValueType.TIMESTAMP</em></p>
-
-<p>Objects of type TimeStamp are also passed to the adapters during request-time for the instance fields of
-type TimeStamp</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="istio-policy-v1beta1-TimeStamp-value">
-<td><code>value</code></td>
-<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp">google.protobuf.Timestamp</a></code></td>
-<td>
-<p>TimeStamp encoded as google.protobuf.Timestamp.</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>
-<h2 id="istio-policy-v1beta1-Value">istio.policy.v1beta1.Value</h2>
-<section>
-<p>An instance field of type Value denotes that the expression for the field is of dynamic type and can evalaute to any
-<em>ValueType</em> enum values. For example, when
-authoring an instance configuration for a template that has a field <code>data</code> of type <code>istio.policy.v1beta1.Value</code>,
-both of the following expressions are valid <code>data: source.ip | ip(&quot;0.0.0.0&quot;)</code>, <code>data: request.id | &quot;&quot;</code>;
-the resulting type is either ValueType.IP_ADDRESS or ValueType.STRING for the two cases respectively.</p>
-
-<p>Objects of type Value are also passed to the adapters during request-time. There is a 1:1 mapping between
-oneof fields in <code>Value</code> and enum values inside <code>ValueType</code>. Depending on the expression&rsquo;s evaluated <code>ValueType</code>,
-the equivalent oneof field in <code>Value</code> is populated by Mixer and passed to the adapters.</p>
-
-<table class="message-fields">
-<thead>
-<tr>
-<th>Field</th>
-<th>Type</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr id="istio-policy-v1beta1-Value-string_value" class="oneof oneof-start">
-<td><code>stringValue</code></td>
-<td><code>string (oneof)</code></td>
-<td>
-<p>Used for values of type STRING</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-int64_value" class="oneof">
-<td><code>int64Value</code></td>
-<td><code>int64 (oneof)</code></td>
-<td>
-<p>Used for values of type INT64</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-double_value" class="oneof">
-<td><code>doubleValue</code></td>
-<td><code>double (oneof)</code></td>
-<td>
-<p>Used for values of type DOUBLE</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-bool_value" class="oneof">
-<td><code>boolValue</code></td>
-<td><code>bool (oneof)</code></td>
-<td>
-<p>Used for values of type BOOL</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-ip_address_value" class="oneof">
-<td><code>ipAddressValue</code></td>
-<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress (oneof)</a></code></td>
-<td>
-<p>Used for values of type IPAddress</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-timestamp_value" class="oneof">
-<td><code>timestampValue</code></td>
-<td><code><a href="#istio-policy-v1beta1-TimeStamp">istio.policy.v1beta1.TimeStamp (oneof)</a></code></td>
-<td>
-<p>Used for values of type TIMESTAMP</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-duration_value" class="oneof">
-<td><code>durationValue</code></td>
-<td><code><a href="#istio-policy-v1beta1-Duration">istio.policy.v1beta1.Duration (oneof)</a></code></td>
-<td>
-<p>Used for values of type DURATION</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-email_address_value" class="oneof">
-<td><code>emailAddressValue</code></td>
-<td><code><a href="#istio-policy-v1beta1-EmailAddress">istio.policy.v1beta1.EmailAddress (oneof)</a></code></td>
-<td>
-<p>Used for values of type EmailAddress</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-dns_name_value" class="oneof">
-<td><code>dnsNameValue</code></td>
-<td><code><a href="#istio-policy-v1beta1-DNSName">istio.policy.v1beta1.DNSName (oneof)</a></code></td>
-<td>
-<p>Used for values of type DNSName</p>
-
-</td>
-</tr>
-<tr id="istio-policy-v1beta1-Value-uri_value" class="oneof">
-<td><code>uriValue</code></td>
-<td><code><a href="#istio-policy-v1beta1-Uri">istio.policy.v1beta1.Uri (oneof)</a></code></td>
-<td>
-<p>Used for values of type Uri</p>
-
-</td>
-</tr>
-</tbody>
-</table>
-</section>

content/docs/reference/config/policy-and-telemetry/templates/tracespan/index.html

@@ -0,0 +1,158 @@
+---
+title: Trace Span
+description: A template that represents\ an individual span within a distributed trace.
+location: https://istio.io/docs/reference/config/policy-and-telemetry/templates/tracespan.html
+layout: protoc-gen-docs
+generator: protoc-gen-docs
+number_of_entries: 1
+---
+<p>The <code>tracespan</code> template represents an individual span within a distributed trace.</p>
+
+<p>Example config:</p>
+
+<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
+kind: tracespan
+metadata:
+  name: default
+  namespace: istio-system
+spec:
+  traceId: request.headers[&quot;x-b3-traceid&quot;]
+  spanId: request.headers[&quot;x-b3-spanid&quot;] | &quot;&quot;
+  parentSpanId: request.headers[&quot;x-b3-parentspanid&quot;] | &quot;&quot;
+  spanName: request.path | &quot;/&quot;
+  startTime: request.time
+  endTime: response.time
+  client_span: !context.reporter.local
+  spanTags:
+    http.method: request.method | &quot;&quot;
+    http.status_code: response.code | 200
+    http.url: request.path | &quot;&quot;
+    request.size: request.size | 0
+    response.size: response.size | 0
+    source.ip: source.ip | ip(&quot;0.0.0.0&quot;)
+    source.service: source.service | &quot;&quot;
+    source.user: source.user | &quot;&quot;
+    source.version: source.labels[&quot;version&quot;] | &quot;&quot;
+</code></pre>
+
+<p>See also: <a href="/docs/tasks/telemetry/distributed-tracing/">Distributed Tracing</a>
+for information on tracing within Istio.</p>
+
+<h2 id="Template">Template</h2>
+<section>
+<p>TraceSpan represents an individual span within a distributed trace.</p>
+
+<p>When writing the configuration, the value for the fields associated with this template can either be a
+literal or an <a href="/docs/reference//config/policy-and-telemetry/expression-language/">expression</a>. Please note that if the datatype of a field is not istio.policy.v1beta1.Value,
+then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetry/expression-language/#type-checking">inferred type</a> must match the datatype of the field.</p>
+
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="Template-trace_id">
+<td><code>traceId</code></td>
+<td><code>string</code></td>
+<td>
+<p>Trace ID is the unique identifier for a trace. All spans from the same
+trace share the same Trace ID.</p>
+
+<p>Required.</p>
+
+</td>
+</tr>
+<tr id="Template-span_id">
+<td><code>spanId</code></td>
+<td><code>string</code></td>
+<td>
+<p>Span ID is the unique identifier for a span within a trace. It is assigned
+when the span is created.</p>
+
+<p>Optional.</p>
+
+</td>
+</tr>
+<tr id="Template-parent_span_id">
+<td><code>parentSpanId</code></td>
+<td><code>string</code></td>
+<td>
+<p>Parent Span ID is the unique identifier for a parent span of this span
+instance. If this is a root span, then this field MUST be empty.</p>
+
+<p>Optional.</p>
+
+</td>
+</tr>
+<tr id="Template-span_name">
+<td><code>spanName</code></td>
+<td><code>string</code></td>
+<td>
+<p>Span name is a description of the span&rsquo;s operation.</p>
+
+<p>For example, the name can be a qualified method name or a file name
+and a line number where the operation is called. A best practice is to use
+the same display name within an application and at the same call point.
+This makes it easier to correlate spans in different traces.</p>
+
+<p>Required.</p>
+
+</td>
+</tr>
+<tr id="Template-start_time">
+<td><code>startTime</code></td>
+<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
+<td>
+<p>The start time of the span.</p>
+
+<p>Required.</p>
+
+</td>
+</tr>
+<tr id="Template-end_time">
+<td><code>endTime</code></td>
+<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
+<td>
+<p>The end time of the span.</p>
+
+<p>Required.</p>
+
+</td>
+</tr>
+<tr id="Template-span_tags">
+<td><code>spanTags</code></td>
+<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
+<td>
+<p>Span tags are a set of &lt; key, value &gt; pairs that provide metadata for the
+entire span. The values can be specified in the form of expressions.</p>
+
+<p>Optional.</p>
+
+</td>
+</tr>
+<tr id="Template-httpStatusCode">
+<td><code>httpStatusCode</code></td>
+<td><code>int64</code></td>
+<td>
+<p>HTTP status code used to set the span status. If unset or set to 0, the
+span status will be assumed to be successful.</p>
+
+</td>
+</tr>
+<tr id="Template-client_span">
+<td><code>clientSpan</code></td>
+<td><code>bool</code></td>
+<td>
+<p>client_span indicates the span kind. True for client spans and False or
+not provided for server spans.
+Optional</p>
+
+</td>
+</tr>
+</tbody>
+</table>
+</section>

scripts/grab_reference_docs.sh

@@ -34,7 +34,7 @@ cd ..
 popd
 
 # Given the name of a .pb.html file, extracts the $location marker and then proceeds to
-# copy the file to that location in the _docs hierarchy.
+# copy the file to the corresponding content/docs/ hierarchy.
 locate_file() {
     FILENAME=$1
 
@@ -47,8 +47,10 @@ locate_file() {
     fi
     FNP=${LOCATION:31}
     FN=$(echo $FNP | rev | cut -d'/' -f1 | rev)
+    FN=${FN%.html}
     PP=$(echo $FNP | rev | cut -d'/' -f2- | rev)
-    sed -e 's/href="https:\/\/istio.io/href="/g' ${FILENAME} >content/docs${PP}/${FN}
+    mkdir -p content/docs${PP}/${FN}
+    sed -e 's/href="https:\/\/istio.io/href="/g' ${FILENAME} >content/docs${PP}/${FN}/index.html
 }
 
 # Given the path and name to an Istio command, builds the command and then
@@ -63,7 +65,9 @@ get_command_doc() {
 
     pushd $COMMAND_PATH
     go build
-    ./$COMMAND collateral -o $COMMAND_DIR --jekyll_html
+    mkdir -p $COMMAND_DIR/$COMMAND
+    ./$COMMAND collateral -o $COMMAND_DIR/$COMMAND --jekyll_html
+    mv $COMMAND_DIR/$COMMAND/$COMMAND.html $COMMAND_DIR/$COMMAND/index.html
     rm $COMMAND 2>/dev/null
     popd
 }
@@ -91,7 +95,7 @@ get_command_doc $WORK_DIR/istio/pilot/cmd/pilot-discovery pilot-discovery
 get_command_doc $WORK_DIR/istio/pilot/cmd/sidecar-injector sidecar-injector
 get_command_doc $WORK_DIR/istio/security/cmd/istio_ca istio_ca
 get_command_doc $WORK_DIR/istio/security/cmd/node_agent node_agent
-get_command_doc $WORK_DIR/istio/galley/cmd/gals gals
+get_command_doc $WORK_DIR/istio/galley/cmd/galley galley
 
 # Copy all the example files over into the examples directory
 # cp $WORK_DIR/istio/Makefile examples/Makefile