istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update reference docs. (#5269)

This commit is contained in:
Martin Taillefer 2019-10-28 14:42:16 -07:00 committed by GitHub
parent 1b10a13ea2
commit 68c6ee0b84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 1611 additions and 1111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1499
content/en/docs/reference/commands/istioctl/index.html
View File

File diff suppressed because it is too large Load Diff

6
content/en/docs/reference/commands/pilot-agent/index.html
View File

@ -382,6 +382,12 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
<td></td>
</tr>
<tr>
<td><code>ISTIO_AUTO_MTLS_ENABLED</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>If true, auto mTLS is enabled, sidecar checks key/cert if SDS is not enabled.</td>
</tr>
<tr>
<td><code>ISTIO_BOOTSTRAP</code></td>
<td>String</td>
<td><code></code></td>

8
content/en/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html
View File

@ -141,7 +141,7 @@ No
</tr>
<tr id="AccessRule-constraints">
<td><code>constraints</code></td>
<td><code><a href="#AccessRule-Constraint">AccessRule.Constraint[]</a></code></td>
<td><code><a href="#AccessRule-Constraint">Constraint[]</a></code></td>
<td>
<p>Optional. Extra constraints in the ServiceRole specification.</p>
@ -227,7 +227,7 @@ spec:
<tbody>
<tr id="RbacConfig-mode">
<td><code>mode</code></td>
<td><code><a href="#RbacConfig-Mode">RbacConfig.Mode</a></code></td>
<td><code><a href="#RbacConfig-Mode">Mode</a></code></td>
<td>
<p>Istio RBAC mode.</p>
@ -238,7 +238,7 @@ No
</tr>
<tr id="RbacConfig-inclusion">
<td><code>inclusion</code></td>
<td><code><a href="#RbacConfig-Target">RbacConfig.Target</a></code></td>
<td><code><a href="#RbacConfig-Target">Target</a></code></td>
<td>
<p>A list of services or namespaces that should be enforced by Istio RBAC policies. Note: This field have
effect only when mode is ON<em>WITH</em>INCLUSION and will be ignored for any other modes.</p>
@ -250,7 +250,7 @@ No
</tr>
<tr id="RbacConfig-exclusion">
<td><code>exclusion</code></td>
<td><code><a href="#RbacConfig-Target">RbacConfig.Target</a></code></td>
<td><code><a href="#RbacConfig-Target">Target</a></code></td>
<td>
<p>A list of services or namespaces that should not be enforced by Istio RBAC policies. Note: This field have
effect only when mode is ON<em>WITH</em>EXCLUSION and will be ignored for any other modes.</p>

4
content/en/docs/reference/config/istio.authentication.v1alpha1/index.html
View File

@ -180,7 +180,7 @@ No
</tr>
<tr id="Jwt-trigger_rules">
<td><code>triggerRules</code></td>
<td><code><a href="#Jwt-TriggerRule">Jwt.TriggerRule[]</a></code></td>
<td><code><a href="#Jwt-TriggerRule">TriggerRule[]</a></code></td>
<td>
<p>List of trigger rules to decide if this JWT should be used to validate the
request. The JWT validation happens if any one of the rules matched.
@ -271,7 +271,7 @@ No
</tr>
<tr id="MutualTls-mode">
<td><code>mode</code></td>
<td><code><a href="#MutualTls-Mode">MutualTls.Mode</a></code></td>
<td><code><a href="#MutualTls-Mode">Mode</a></code></td>
<td>
<p>Defines the mode of mTLS authentication.</p>

52
content/en/docs/reference/config/istio.mesh.v1alpha1/index.html
View File

@ -136,7 +136,7 @@ No
</tr>
<tr id="ConfigSource-tls_settings">
<td><code>tlsSettings</code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#TLSSettings">istio.networking.v1alpha3.TLSSettings</a></code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#TLSSettings">TLSSettings</a></code></td>
<td>
<p>Use the tls<em>settings to specify the tls mode to use. If the MCP server
uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS
@ -222,7 +222,7 @@ and similarly us-west should failover to us-east.</p>
<tbody>
<tr id="LocalityLoadBalancerSetting-distribute">
<td><code>distribute</code></td>
<td><code><a href="#LocalityLoadBalancerSetting-Distribute">LocalityLoadBalancerSetting.Distribute[]</a></code></td>
<td><code><a href="#LocalityLoadBalancerSetting-Distribute">Distribute[]</a></code></td>
<td>
<p>Optional: only one of distribute or failover can be set.
Explicitly specify loadbalancing weight across different zones and geographical locations.
@ -236,7 +236,7 @@ No
</tr>
<tr id="LocalityLoadBalancerSetting-failover">
<td><code>failover</code></td>
<td><code><a href="#LocalityLoadBalancerSetting-Failover">LocalityLoadBalancerSetting.Failover[]</a></code></td>
<td><code><a href="#LocalityLoadBalancerSetting-Failover">Failover[]</a></code></td>
<td>
<p>Optional: only failover or distribute can be set.
Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy.
@ -458,7 +458,7 @@ No
</tr>
<tr id="MeshConfig-connect_timeout">
<td><code>connectTimeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Connection timeout used by Envoy. (MUST BE &gt;=1ms)</p>
@ -469,7 +469,7 @@ No
</tr>
<tr id="MeshConfig-protocol_detection_timeout">
<td><code>protocolDetectionTimeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Automatic protocol detection uses a set of heuristics to
determine whether the connection is using TLS or not (on the
@ -488,7 +488,7 @@ No
</tr>
<tr id="MeshConfig-tcp_keepalive">
<td><code>tcpKeepalive</code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#ConnectionPoolSettings-TCPSettings-TcpKeepalive">istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive</a></code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#ConnectionPoolSettings-TCPSettings-TcpKeepalive">TcpKeepalive</a></code></td>
<td>
<p>If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.</p>
@ -523,7 +523,7 @@ No
</tr>
<tr id="MeshConfig-ingress_controller_mode">
<td><code>ingressControllerMode</code></td>
<td><code><a href="#MeshConfig-IngressControllerMode">MeshConfig.IngressControllerMode</a></code></td>
<td><code><a href="#MeshConfig-IngressControllerMode">IngressControllerMode</a></code></td>
<td>
<p>Defines whether to use Istio ingress controller for annotated or all ingress resources.</p>
@ -570,7 +570,7 @@ No
</tr>
<tr id="MeshConfig-access_log_encoding">
<td><code>accessLogEncoding</code></td>
<td><code><a href="#MeshConfig-AccessLogEncoding">MeshConfig.AccessLogEncoding</a></code></td>
<td><code><a href="#MeshConfig-AccessLogEncoding">AccessLogEncoding</a></code></td>
<td>
<p>Encoding for the proxy access log (text or json).
Default value is text.</p>
@ -610,7 +610,7 @@ No
</tr>
<tr id="MeshConfig-outbound_traffic_policy">
<td><code>outboundTrafficPolicy</code></td>
<td><code><a href="#MeshConfig-OutboundTrafficPolicy">MeshConfig.OutboundTrafficPolicy</a></code></td>
<td><code><a href="#MeshConfig-OutboundTrafficPolicy">OutboundTrafficPolicy</a></code></td>
<td>
<p>Set the default behavior of the sidecar for handling outbound traffic
from the application. If your application uses one or more external
@ -664,7 +664,7 @@ No
</tr>
<tr id="MeshConfig-enable_auto_mtls">
<td><code>enableAutoMtls</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">BoolValue</a></code></td>
<td>
<p>This flag is used to enable mutual TLS automatically for service to service communication
within the mesh, default false.
@ -811,7 +811,7 @@ No
</tr>
<tr id="MeshConfig-dns_refresh_rate">
<td><code>dnsRefreshRate</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Configures DNS refresh rate for Envoy clusters of type STRICT_DNS</p>
@ -847,7 +847,7 @@ No
</tr>
<tr id="MeshConfig-report_batch_max_time">
<td><code>reportBatchMaxTime</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>When disable<em>report</em>batch is false, this value specifies the maximum elapsed
time a batched report will be sent after a user request is processed. If left
@ -861,7 +861,7 @@ No
</tr>
<tr id="MeshConfig-h2_upgrade_policy">
<td><code>h2UpgradePolicy</code></td>
<td><code><a href="#MeshConfig-H2UpgradePolicy">MeshConfig.H2UpgradePolicy</a></code></td>
<td><code><a href="#MeshConfig-H2UpgradePolicy">H2UpgradePolicy</a></code></td>
<td>
<p>Specify if http1.1 connections should be upgraded to http2 by default.
if sidecar is installed on all pods in the mesh, then this should be set to UPGRADE.
@ -1042,7 +1042,7 @@ cloud-provided ingress controller).</p>
<tbody>
<tr id="MeshConfig-OutboundTrafficPolicy-mode">
<td><code>mode</code></td>
<td><code><a href="#MeshConfig-OutboundTrafficPolicy-Mode">MeshConfig.OutboundTrafficPolicy.Mode</a></code></td>
<td><code><a href="#MeshConfig-OutboundTrafficPolicy-Mode">Mode</a></code></td>
<td>
</td>
<td>
@ -1148,7 +1148,7 @@ registry.</p>
<tbody>
<tr id="Network-endpoints">
<td><code>endpoints</code></td>
<td><code><a href="#Network-NetworkEndpoints">Network.NetworkEndpoints[]</a></code></td>
<td><code><a href="#Network-NetworkEndpoints">NetworkEndpoints[]</a></code></td>
<td>
<p>The list of endpoints in the network (obtained through the
constituent service registries or from CIDR ranges). All endpoints in
@ -1161,7 +1161,7 @@ Yes
</tr>
<tr id="Network-gateways">
<td><code>gateways</code></td>
<td><code><a href="#Network-IstioNetworkGateway">Network.IstioNetworkGateway[]</a></code></td>
<td><code><a href="#Network-IstioNetworkGateway">IstioNetworkGateway[]</a></code></td>
<td>
<p>Set of gateways associated with the network.</p>
@ -1368,7 +1368,7 @@ No
</tr>
<tr id="ProxyConfig-drain_duration">
<td><code>drainDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The time in seconds that Envoy will drain connections during a hot
restart. MUST be &gt;=1s (e.g., <em>1s/1m/1h</em>)</p>
@ -1380,7 +1380,7 @@ No
</tr>
<tr id="ProxyConfig-parent_shutdown_duration">
<td><code>parentShutdownDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The time in seconds that Envoy will wait before shutting down the
parent process during a hot restart. MUST be &gt;=1s (e.g., <em>1s/1m/1h</em>).
@ -1404,7 +1404,7 @@ No
</tr>
<tr id="ProxyConfig-connect_timeout">
<td><code>connectTimeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Connection timeout used by Envoy for supporting services. (MUST BE &gt;=1ms)</p>
@ -1498,7 +1498,7 @@ No
</tr>
<tr id="ProxyConfig-interception_mode">
<td><code>interceptionMode</code></td>
<td><code><a href="#ProxyConfig-InboundInterceptionMode">ProxyConfig.InboundInterceptionMode</a></code></td>
<td><code><a href="#ProxyConfig-InboundInterceptionMode">InboundInterceptionMode</a></code></td>
<td>
<p>The mode used to redirect inbound traffic to Envoy.</p>
@ -1633,7 +1633,7 @@ No
</tr>
<tr id="RemoteService-tls_settings">
<td><code>tlsSettings</code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#TLSSettings">istio.networking.v1alpha3.TLSSettings</a></code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#TLSSettings">TLSSettings</a></code></td>
<td>
<p>Use the tls_settings to specify the tls mode to use. If the remote service
uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS
@ -1646,7 +1646,7 @@ No
</tr>
<tr id="RemoteService-tcp_keepalive">
<td><code>tcpKeepalive</code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#ConnectionPoolSettings-TCPSettings-TcpKeepalive">istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive</a></code></td>
<td><code><a href="/docs/reference/config/networking/destination-rule.html#ConnectionPoolSettings-TCPSettings-TcpKeepalive">TcpKeepalive</a></code></td>
<td>
<p>If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.</p>
@ -1739,7 +1739,7 @@ No
<tbody>
<tr id="Tracing-zipkin" class="oneof oneof-start">
<td><code>zipkin</code></td>
<td><code><a href="#Tracing-Zipkin">Tracing.Zipkin (oneof)</a></code></td>
<td><code><a href="#Tracing-Zipkin">Zipkin (oneof)</a></code></td>
<td>
<p>Use a Zipkin tracer.</p>
@ -1750,7 +1750,7 @@ Yes
</tr>
<tr id="Tracing-lightstep" class="oneof">
<td><code>lightstep</code></td>
<td><code><a href="#Tracing-Lightstep">Tracing.Lightstep (oneof)</a></code></td>
<td><code><a href="#Tracing-Lightstep">Lightstep (oneof)</a></code></td>
<td>
<p>Use a LightStep tracer.</p>
@ -1761,7 +1761,7 @@ Yes
</tr>
<tr id="Tracing-datadog" class="oneof">
<td><code>datadog</code></td>
<td><code><a href="#Tracing-Datadog">Tracing.Datadog (oneof)</a></code></td>
<td><code><a href="#Tracing-Datadog">Datadog (oneof)</a></code></td>
<td>
<p>Use a Datadog tracer.</p>
@ -1772,7 +1772,7 @@ Yes
</tr>
<tr id="Tracing-stackdriver" class="oneof">
<td><code>stackdriver</code></td>
<td><code><a href="#Tracing-Stackdriver">Tracing.Stackdriver (oneof)</a></code></td>
<td><code><a href="#Tracing-Stackdriver">Stackdriver (oneof)</a></code></td>
<td>
<p>Use a Stackdriver tracer.</p>

227
content/en/docs/reference/config/istio.operator.v1alpha12.pb/index.html
View File

@ -6,7 +6,7 @@ description: Configuration for Istio control plane installation through the Oper
location: https://istio.io/docs/reference/config/istio.operator.v1alpha12.pb.html
layout: protoc-gen-docs
generator: protoc-gen-docs
number_of_entries: 55
number_of_entries: 56
---
<p>IstioControlPlane is a schema for both defining and customizing Istio control plane installations.
Running the operator with an empty user defined InstallSpec results in an control plane with default values, using the
@ -47,95 +47,94 @@ customization at the lowest level and eliminates the need to create ad-hoc templ
<ol>
<li><p>Default Istio install</p>
<pre><code class="language-yaml">spec:
</code></pre>
<ol>
<pre><code>spec:
</code></pre></li>
<li><p>Default minimal profile install</p>
<pre><code>spec:
profile: minimal
profile: minimal
</code></pre></li>
<li><p>Default install with telemetry disabled</p>
<pre><code>spec:
telemetry:
enabled: false
telemetry:
enabled: false
</code></pre></li>
<li><p>Default install with each feature installed to different namespace and security components in separate namespaces</p>
<pre><code>spec:
traffic_management:
components:
namespace: istio-traffic-management
policy:
components:
namespace: istio-policy
telemetry:
components:
namespace: istio-telemetry
config_management:
components:
namespace: istio-config-management
security:
components:
citadel:
namespace: istio-citadel
cert_manager:
namespace: istio-cert-manager
node_agent:
namespace: istio-node-agent
traffic_management:
components:
namespace: istio-traffic-management
policy:
components:
namespace: istio-policy
telemetry:
components:
namespace: istio-telemetry
config_management:
components:
namespace: istio-config-management
security:
components:
citadel:
namespace: istio-citadel
cert_manager:
namespace: istio-cert-manager
node_agent:
namespace: istio-node-agent
</code></pre></li>
<li><p>Default install with specialized k8s settings for pilot</p>
<pre><code>spec:
traffic_management:
components:
pilot:
k8s:
resources:
limits:
cpu: 444m
memory: 333Mi
requests:
cpu: 222m
memory: 111Mi
readinessProbe:
failureThreshold: 44
initialDelaySeconds: 11
periodSeconds: 22
successThreshold: 33
traffic_management:
components:
pilot:
k8s:
resources:
limits:
cpu: 444m
memory: 333Mi
requests:
cpu: 222m
memory: 111Mi
readinessProbe:
failureThreshold: 44
initialDelaySeconds: 11
periodSeconds: 22
successThreshold: 33
</code></pre></li>
<li><p>Default install with values.yaml customizations for proxy</p>
<pre><code>spec:
traffic_management:
components:
proxy:
values:
- global.proxy.enableCoreDump: true
- global.proxy.dnsRefreshRate: 10s
traffic_management:
components:
proxy:
values:
- global.proxy.enableCoreDump: true
- global.proxy.dnsRefreshRate: 10s
</code></pre></li>
<li><p>Default install with modification to container flag in galley</p>
<pre><code>spec:
configuration_management:
components:
galley:
k8s:
overlays:
- apiVersion: extensions/v1beta1
kind: Deployment
name: istio-galley
patches:
- path: spec.template.spec.containers.[name:galley].command.[--livenessProbeInterval]
value: --livenessProbeInterval=123s
configuration_management:
components:
galley:
k8s:
overlays:
- apiVersion: extensions/v1beta1
kind: Deployment
name: istio-galley
patches:
- path: spec.template.spec.containers.[name:galley].command.[--livenessProbeInterval]
value: --livenessProbeInterval=123s
</code></pre></li>
</ol></li>
</ol>
<h2 id="AutoInjectionFeatureSpec">AutoInjectionFeatureSpec</h2>
@ -154,7 +153,7 @@ components:
<tbody>
<tr id="AutoInjectionFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether auto injection feature is installed. Must be set for any sub-component to be installed.</p>
@ -165,7 +164,7 @@ No
</tr>
<tr id="AutoInjectionFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#AutoInjectionFeatureSpec-Components">AutoInjectionFeatureSpec.Components</a></code></td>
<td><code><a href="#AutoInjectionFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -226,7 +225,7 @@ No
<tbody>
<tr id="CNIComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -270,7 +269,7 @@ No
<tbody>
<tr id="CNIFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether gateway feature is installed. Must be set for any sub-component to be installed.</p>
@ -281,7 +280,7 @@ No
</tr>
<tr id="CNIFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#CNIFeatureSpec-Components">CNIFeatureSpec.Components</a></code></td>
<td><code><a href="#CNIFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -342,7 +341,7 @@ No
<tbody>
<tr id="CertManagerComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -386,7 +385,7 @@ No
<tbody>
<tr id="CitadelComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -430,7 +429,7 @@ No
<tbody>
<tr id="ConfigManagementFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether config management feature is installed. Must be set for any sub-component to be installed.</p>
@ -441,7 +440,7 @@ No
</tr>
<tr id="ConfigManagementFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#ConfigManagementFeatureSpec-Components">ConfigManagementFeatureSpec.Components</a></code></td>
<td><code><a href="#ConfigManagementFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -537,7 +536,7 @@ No
<tbody>
<tr id="EgressGatewayComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -607,7 +606,7 @@ No
<tbody>
<tr id="GalleyComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -651,7 +650,7 @@ No
<tbody>
<tr id="GatewayFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether gateway feature is installed. Must be set for any sub-component to be installed.</p>
@ -662,7 +661,7 @@ No
</tr>
<tr id="GatewayFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#GatewayFeatureSpec-Components">GatewayFeatureSpec.Components</a></code></td>
<td><code><a href="#GatewayFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -831,7 +830,7 @@ No
<tbody>
<tr id="IngressGatewayComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -875,7 +874,7 @@ No
<tbody>
<tr id="InstallStatus-status">
<td><code>status</code></td>
<td><code>map&lt;string,&nbsp;<a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#InstallStatus-VersionStatus">VersionStatus</a>&gt;</code></td>
<td>
</td>
<td>
@ -946,7 +945,16 @@ No
</tr>
<tr id="InstallStatus-VersionStatus-status">
<td><code>status</code></td>
<td><code><a href="#InstallStatus-Status">InstallStatus.Status</a></code></td>
<td><code><a href="#InstallStatus-Status">Status</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
<tr id="InstallStatus-VersionStatus-statusString">
<td><code>statusString</code></td>
<td><code>string</code></td>
<td>
</td>
<td>
@ -1228,7 +1236,7 @@ No
<tbody>
<tr id="KubernetesResourcesSpec-affinity">
<td><code>affinity</code></td>
<td><code><a href="#k8s-io-api-core-v1-Affinity">k8s.io.api.core.v1.Affinity</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-Affinity">Affinity</a></code></td>
<td>
<p>k8s affinity.
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity</p>
@ -1240,7 +1248,7 @@ No
</tr>
<tr id="KubernetesResourcesSpec-env">
<td><code>env</code></td>
<td><code><a href="#k8s-io-api-core-v1-EnvVar">k8s.io.api.core.v1.EnvVar[]</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-EnvVar">EnvVar[]</a></code></td>
<td>
<p>Deployment environment variables.
https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/</p>
@ -1252,7 +1260,7 @@ No
</tr>
<tr id="KubernetesResourcesSpec-hpa_spec">
<td><code>hpaSpec</code></td>
<td><code><a href="#k8s-io-api-autoscaling-v2beta1-HorizontalPodAutoscalerSpec">k8s.io.api.autoscaling.v2beta1.HorizontalPodAutoscalerSpec</a></code></td>
<td><code><a href="#k8s-io-api-autoscaling-v2beta1-HorizontalPodAutoscalerSpec">HorizontalPodAutoscalerSpec</a></code></td>
<td>
<p>k8s HorizontalPodAutoscaler settings.
https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/</p>
@ -1361,7 +1369,7 @@ No
</tr>
<tr id="KubernetesResourcesSpec-service">
<td><code>service</code></td>
<td><code><a href="#k8s-io-api-core-v1-ServiceSpec">k8s.io.api.core.v1.ServiceSpec</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-ServiceSpec">ServiceSpec</a></code></td>
<td>
<p>k8s Service settings.
https://kubernetes.io/docs/concepts/services-networking/service/</p>
@ -1385,7 +1393,7 @@ No
</tr>
<tr id="KubernetesResourcesSpec-tolerations">
<td><code>tolerations</code></td>
<td><code><a href="#k8s-io-api-core-v1-Toleration">k8s.io.api.core.v1.Toleration[]</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-Toleration">Toleration[]</a></code></td>
<td>
<p>k8s toleration
https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/</p>
@ -1425,7 +1433,7 @@ No
<tbody>
<tr id="NodeAgentComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -1504,7 +1512,7 @@ No
<tbody>
<tr id="PilotComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -1557,7 +1565,7 @@ No
</tr>
<tr id="PodDisruptionBudgetSpec-selector">
<td><code>selector</code></td>
<td><code><a href="#k8s-io-apimachinery-pkg-apis-meta-v1-LabelSelector">k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector</a></code></td>
<td><code><a href="#k8s-io-apimachinery-pkg-apis-meta-v1-LabelSelector">LabelSelector</a></code></td>
<td>
</td>
<td>
@ -1592,7 +1600,7 @@ No
<tbody>
<tr id="PolicyComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -1636,7 +1644,7 @@ No
<tbody>
<tr id="PolicyFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether policy is installed.
Must be enabled to enable any sub-component.</p>
@ -1648,7 +1656,7 @@ No
</tr>
<tr id="PolicyFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#PolicyFeatureSpec-Components">PolicyFeatureSpec.Components</a></code></td>
<td><code><a href="#PolicyFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -1711,7 +1719,7 @@ No
<tbody>
<tr id="ProxyComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -1914,7 +1922,7 @@ No
<tbody>
<tr id="SecurityFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether security feature is installed. Must be set for any sub-component to be installed.</p>
@ -1925,7 +1933,7 @@ No
</tr>
<tr id="SecurityFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#SecurityFeatureSpec-Components">SecurityFeatureSpec.Components</a></code></td>
<td><code><a href="#SecurityFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -2004,7 +2012,7 @@ No
<tbody>
<tr id="SidecarInjectorComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -2083,7 +2091,7 @@ No
<tbody>
<tr id="TelemetryComponentSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
</td>
<td>
@ -2127,7 +2135,7 @@ No
<tbody>
<tr id="TelemetryFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether telemetry is installed.
Must be enabled to enable any sub-component.</p>
@ -2139,7 +2147,7 @@ No
</tr>
<tr id="TelemetryFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#TelemetryFeatureSpec-Components">TelemetryFeatureSpec.Components</a></code></td>
<td><code><a href="#TelemetryFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -2202,7 +2210,7 @@ No
<tbody>
<tr id="TrafficManagementFeatureSpec-enabled">
<td><code>enabled</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="#TypeBoolValueForPB">TypeBoolValueForPB</a></code></td>
<td>
<p>Selects whether traffic management is installed.
Must be enabled to enable any sub-component.</p>
@ -2214,7 +2222,7 @@ No
</tr>
<tr id="TrafficManagementFeatureSpec-components">
<td><code>components</code></td>
<td><code><a href="#TrafficManagementFeatureSpec-Components">TrafficManagementFeatureSpec.Components</a></code></td>
<td><code><a href="#TrafficManagementFeatureSpec-Components">Components</a></code></td>
<td>
</td>
<td>
@ -2269,6 +2277,11 @@ No
</tr>
</tbody>
</table>
</section>
<h2 id="TypeBoolValueForPB">TypeBoolValueForPB</h2>
<section>
<p>GOTYPE: *BoolValueForPB</p>
</section>
<h2 id="TypeIntOrStringForPB">TypeIntOrStringForPB</h2>
<section>
@ -2301,7 +2314,7 @@ No
<tbody>
<tr id="k8s-io-api-autoscaling-v2beta1-HorizontalPodAutoscalerSpec-scaleTargetRef">
<td><code>scaleTargetRef</code></td>
<td><code><a href="#k8s-io-api-autoscaling-v2beta1-CrossVersionObjectReference">k8s.io.api.autoscaling.v2beta1.CrossVersionObjectReference</a></code></td>
<td><code><a href="#k8s-io-api-autoscaling-v2beta1-CrossVersionObjectReference">CrossVersionObjectReference</a></code></td>
<td>
<p>scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics
should be collected, as well as to actually change the replica count.</p>
@ -2341,7 +2354,7 @@ No
</tr>
<tr id="k8s-io-api-autoscaling-v2beta1-HorizontalPodAutoscalerSpec-metrics">
<td><code>metrics</code></td>
<td><code><a href="#k8s-io-api-autoscaling-v2beta1-MetricSpec">k8s.io.api.autoscaling.v2beta1.MetricSpec[]</a></code></td>
<td><code><a href="#k8s-io-api-autoscaling-v2beta1-MetricSpec">MetricSpec[]</a></code></td>
<td>
<p>metrics contains the specifications for which to use to calculate the
desired replica count (the maximum replica count across all metrics will
@ -2376,7 +2389,7 @@ No
<tbody>
<tr id="k8s-io-api-core-v1-Affinity-nodeAffinity">
<td><code>nodeAffinity</code></td>
<td><code><a href="#k8s-io-api-core-v1-NodeAffinity">k8s.io.api.core.v1.NodeAffinity</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-NodeAffinity">NodeAffinity</a></code></td>
<td>
<p>Describes node affinity scheduling rules for the pod.
+optional</p>
@ -2388,7 +2401,7 @@ No
</tr>
<tr id="k8s-io-api-core-v1-Affinity-podAffinity">
<td><code>podAffinity</code></td>
<td><code><a href="#k8s-io-api-core-v1-PodAffinity">k8s.io.api.core.v1.PodAffinity</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-PodAffinity">PodAffinity</a></code></td>
<td>
<p>Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+optional</p>
@ -2400,7 +2413,7 @@ No
</tr>
<tr id="k8s-io-api-core-v1-Affinity-podAntiAffinity">
<td><code>podAntiAffinity</code></td>
<td><code><a href="#k8s-io-api-core-v1-PodAntiAffinity">k8s.io.api.core.v1.PodAntiAffinity</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-PodAntiAffinity">PodAntiAffinity</a></code></td>
<td>
<p>Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+optional</p>
@ -2459,7 +2472,7 @@ No
</tr>
<tr id="k8s-io-api-core-v1-EnvVar-valueFrom">
<td><code>valueFrom</code></td>
<td><code><a href="#k8s-io-api-core-v1-EnvVarSource">k8s.io.api.core.v1.EnvVarSource</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-EnvVarSource">EnvVarSource</a></code></td>
<td>
<p>Source for the environment variable&rsquo;s value. Cannot be used if value is not empty.
+optional</p>
@ -2488,7 +2501,7 @@ No
<tbody>
<tr id="k8s-io-api-core-v1-ServiceSpec-ports">
<td><code>ports</code></td>
<td><code><a href="#k8s-io-api-core-v1-ServicePort">k8s.io.api.core.v1.ServicePort[]</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-ServicePort">ServicePort[]</a></code></td>
<td>
<p>The list of ports that are exposed by this service.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
@ -2695,7 +2708,7 @@ No
</tr>
<tr id="k8s-io-api-core-v1-ServiceSpec-sessionAffinityConfig">
<td><code>sessionAffinityConfig</code></td>
<td><code><a href="#k8s-io-api-core-v1-SessionAffinityConfig">k8s.io.api.core.v1.SessionAffinityConfig</a></code></td>
<td><code><a href="#k8s-io-api-core-v1-SessionAffinityConfig">SessionAffinityConfig</a></code></td>
<td>
<p>sessionAffinityConfig contains the configurations of session affinity.
+optional</p>
@ -2845,7 +2858,7 @@ No
</tr>
<tr id="k8s-io-apimachinery-pkg-apis-meta-v1-LabelSelector-matchExpressions">
<td><code>matchExpressions</code></td>
<td><code><a href="#k8s-io-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement">k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement[]</a></code></td>
<td><code><a href="#k8s-io-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement">LabelSelectorRequirement[]</a></code></td>
<td>
<p>matchExpressions is a list of label selector requirements. The requirements are ANDed.
+optional</p>
@ -2908,7 +2921,7 @@ No
</tr>
<tr id="k8sObjectOverlay-patches">
<td><code>patches</code></td>
<td><code><a href="#k8sObjectOverlay-PathValue">k8sObjectOverlay.PathValue[]</a></code></td>
<td><code><a href="#k8sObjectOverlay-PathValue">PathValue[]</a></code></td>
<td>
<p>List of patches to apply to resource.</p>

44
content/en/docs/reference/config/networking/destination-rule/index.html
View File

@ -116,7 +116,7 @@ spec:
<tbody>
<tr id="ConnectionPoolSettings-tcp">
<td><code>tcp</code></td>
<td><code><a href="#ConnectionPoolSettings-TCPSettings">ConnectionPoolSettings.TCPSettings</a></code></td>
<td><code><a href="#ConnectionPoolSettings-TCPSettings">TCPSettings</a></code></td>
<td>
<p>Settings common to both HTTP and TCP upstream connections.</p>
@ -127,7 +127,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-http">
<td><code>http</code></td>
<td><code><a href="#ConnectionPoolSettings-HTTPSettings">ConnectionPoolSettings.HTTPSettings</a></code></td>
<td><code><a href="#ConnectionPoolSettings-HTTPSettings">HTTPSettings</a></code></td>
<td>
<p>HTTP connection pool settings.</p>
@ -202,7 +202,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-idle_timeout">
<td><code>idleTimeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests.
If not set, there is no idle timeout. When the idle timeout is reached the connection will be closed.
@ -215,7 +215,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-h2_upgrade_policy">
<td><code>h2UpgradePolicy</code></td>
<td><code><a href="#ConnectionPoolSettings-HTTPSettings-H2UpgradePolicy">ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy</a></code></td>
<td><code><a href="#ConnectionPoolSettings-HTTPSettings-H2UpgradePolicy">H2UpgradePolicy</a></code></td>
<td>
<p>Specify if http1.1 connection should be upgraded to http2 for the associated destination.</p>
@ -292,7 +292,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-connect_timeout">
<td><code>connectTimeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>TCP connection timeout.</p>
@ -303,7 +303,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-tcp_keepalive">
<td><code>tcpKeepalive</code></td>
<td><code><a href="#ConnectionPoolSettings-TCPSettings-TcpKeepalive">ConnectionPoolSettings.TCPSettings.TcpKeepalive</a></code></td>
<td><code><a href="#ConnectionPoolSettings-TCPSettings-TcpKeepalive">TcpKeepalive</a></code></td>
<td>
<p>If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.</p>
@ -344,7 +344,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-TcpKeepalive-time">
<td><code>time</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The time duration a connection needs to be idle before keep-alive
probes start being sent. Default is to use the OS level configuration
@ -357,7 +357,7 @@ No
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-TcpKeepalive-interval">
<td><code>interval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The time duration between keep-alive probes.
Default is to use the OS level configuration
@ -517,7 +517,7 @@ the User cookie as the hash key.</p>
<tbody>
<tr id="LoadBalancerSettings-simple" class="oneof oneof-start">
<td><code>simple</code></td>
<td><code><a href="#LoadBalancerSettings-SimpleLB">LoadBalancerSettings.SimpleLB (oneof)</a></code></td>
<td><code><a href="#LoadBalancerSettings-SimpleLB">SimpleLB (oneof)</a></code></td>
<td>
</td>
<td>
@ -526,7 +526,7 @@ Yes
</tr>
<tr id="LoadBalancerSettings-consistent_hash" class="oneof">
<td><code>consistentHash</code></td>
<td><code><a href="#LoadBalancerSettings-ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB (oneof)</a></code></td>
<td><code><a href="#LoadBalancerSettings-ConsistentHashLB">ConsistentHashLB (oneof)</a></code></td>
<td>
</td>
<td>
@ -568,7 +568,7 @@ Yes
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-http_cookie" class="oneof">
<td><code>httpCookie</code></td>
<td><code><a href="#LoadBalancerSettings-ConsistentHashLB-HTTPCookie">LoadBalancerSettings.ConsistentHashLB.HTTPCookie (oneof)</a></code></td>
<td><code><a href="#LoadBalancerSettings-ConsistentHashLB-HTTPCookie">HTTPCookie (oneof)</a></code></td>
<td>
<p>Hash based on HTTP cookie.</p>
@ -646,7 +646,7 @@ No
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-HTTPCookie-ttl">
<td><code>ttl</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Lifetime of the cookie.</p>
@ -721,11 +721,11 @@ consecutive errors metric. See Envoy&rsquo;s <a href="https://www.envoyproxy.io/
detection</a>
for more details.</p>
<p>The following rule sets a connection pool size of 100 connections and
1000 concurrent HTTP2 requests, with no more than 10 req/connection to
&ldquo;reviews&rdquo; service. In addition, it configures upstream hosts to be
scanned every 5 mins, such that any host that fails 7 consecutive times
with 5XX error code will be ejected for 15 minutes.</p>
<p>The following rule sets a connection pool size of 100 HTTP1 connections
with no more than 10 req/connection to the &ldquo;reviews&rdquo; service. In addition,
it sets a limit of 1000 concurrent HTTP2 requests and configures upstream
hosts to be scanned every 5 mins so that any host that fails 7 consecutive
times with a 502, 503, or 504 error code will be ejected for 15 minutes.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
@ -762,7 +762,7 @@ spec:
<td>
<p>Number of errors before a host is ejected from the connection
pool. Defaults to 5. When the upstream host is accessed over HTTP, a
502, 503 or 504 return code qualifies as an error. When the upstream host
502, 503, or 504 return code qualifies as an error. When the upstream host
is accessed over an opaque TCP connection, connect timeouts and
connection error/failure events qualify as an error.</p>
@ -773,7 +773,7 @@ No
</tr>
<tr id="OutlierDetection-interval">
<td><code>interval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Time interval between ejection sweep analysis. format:
1h/1m/1s/1ms. MUST BE &gt;=1ms. Default is 10s.</p>
@ -785,7 +785,7 @@ No
</tr>
<tr id="OutlierDetection-base_ejection_time">
<td><code>baseEjectionTime</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Minimum ejection duration. A host will remain ejected for a period
equal to the product of minimum ejection duration and the number of
@ -982,7 +982,7 @@ spec:
<tbody>
<tr id="TLSSettings-mode">
<td><code>mode</code></td>
<td><code><a href="#TLSSettings-TLSmode">TLSSettings.TLSmode</a></code></td>
<td><code><a href="#TLSSettings-TLSmode">TLSmode</a></code></td>
<td>
<p>Indicates whether connections to this port should be secured
using TLS. The value of this field determines how TLS is enforced.</p>
@ -1170,7 +1170,7 @@ No
</tr>
<tr id="TrafficPolicy-port_level_settings">
<td><code>portLevelSettings</code></td>
<td><code><a href="#TrafficPolicy-PortTrafficPolicy">TrafficPolicy.PortTrafficPolicy[]</a></code></td>
<td><code><a href="#TrafficPolicy-PortTrafficPolicy">PortTrafficPolicy[]</a></code></td>
<td>
<p>Traffic policies specific to individual ports. Note that port level
settings will override the destination-level settings. Traffic

34
content/en/docs/reference/config/networking/envoy-filter/index.html
View File

@ -217,7 +217,7 @@ No
</tr>
<tr id="EnvoyFilter-config_patches">
<td><code>configPatches</code></td>
<td><code><a href="#EnvoyFilter-EnvoyConfigObjectPatch">EnvoyFilter.EnvoyConfigObjectPatch[]</a></code></td>
<td><code><a href="#EnvoyFilter-EnvoyConfigObjectPatch">EnvoyConfigObjectPatch[]</a></code></td>
<td>
<p>One or more patches with match conditions.</p>
@ -475,7 +475,7 @@ to the generated configuration for a given proxy.</p>
<tbody>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-context">
<td><code>context</code></td>
<td><code><a href="#EnvoyFilter-PatchContext">EnvoyFilter.PatchContext</a></code></td>
<td><code><a href="#EnvoyFilter-PatchContext">PatchContext</a></code></td>
<td>
<p>The specific config generation context to match on. Istio Pilot
generates envoy configuration in the context of a gateway,
@ -488,7 +488,7 @@ No
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-proxy">
<td><code>proxy</code></td>
<td><code><a href="#EnvoyFilter-ProxyMatch">EnvoyFilter.ProxyMatch</a></code></td>
<td><code><a href="#EnvoyFilter-ProxyMatch">ProxyMatch</a></code></td>
<td>
<p>Match on properties associated with a proxy.</p>
@ -499,7 +499,7 @@ No
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-listener" class="oneof oneof-start">
<td><code>listener</code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch">EnvoyFilter.ListenerMatch (oneof)</a></code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch">ListenerMatch (oneof)</a></code></td>
<td>
<p>Match on envoy listener attributes.</p>
@ -510,7 +510,7 @@ Yes
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-route_configuration" class="oneof">
<td><code>routeConfiguration</code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch">EnvoyFilter.RouteConfigurationMatch (oneof)</a></code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch">RouteConfigurationMatch (oneof)</a></code></td>
<td>
<p>Match on envoy HTTP route configuration attributes.</p>
@ -521,7 +521,7 @@ Yes
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-cluster" class="oneof">
<td><code>cluster</code></td>
<td><code><a href="#EnvoyFilter-ClusterMatch">EnvoyFilter.ClusterMatch (oneof)</a></code></td>
<td><code><a href="#EnvoyFilter-ClusterMatch">ClusterMatch (oneof)</a></code></td>
<td>
<p>Match on envoy cluster attributes.</p>
@ -549,7 +549,7 @@ Yes
<tbody>
<tr id="EnvoyFilter-EnvoyConfigObjectPatch-apply_to">
<td><code>applyTo</code></td>
<td><code><a href="#EnvoyFilter-ApplyTo">EnvoyFilter.ApplyTo</a></code></td>
<td><code><a href="#EnvoyFilter-ApplyTo">ApplyTo</a></code></td>
<td>
<p>Specifies where in the Envoy configuration, the patch should be
applied. The match is expected to select the appropriate
@ -568,7 +568,7 @@ No
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectPatch-match">
<td><code>match</code></td>
<td><code><a href="#EnvoyFilter-EnvoyConfigObjectMatch">EnvoyFilter.EnvoyConfigObjectMatch</a></code></td>
<td><code><a href="#EnvoyFilter-EnvoyConfigObjectMatch">EnvoyConfigObjectMatch</a></code></td>
<td>
<p>Match on listener/route configuration/cluster.</p>
@ -579,7 +579,7 @@ No
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectPatch-patch">
<td><code>patch</code></td>
<td><code><a href="#EnvoyFilter-Patch">EnvoyFilter.Patch</a></code></td>
<td><code><a href="#EnvoyFilter-Patch">Patch</a></code></td>
<td>
<p>The patch to apply along with the operation.</p>
@ -700,7 +700,7 @@ No
</tr>
<tr id="EnvoyFilter-ListenerMatch-filter_chain">
<td><code>filterChain</code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch-FilterChainMatch">EnvoyFilter.ListenerMatch.FilterChainMatch</a></code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch-FilterChainMatch">FilterChainMatch</a></code></td>
<td>
<p>Match a specific filter chain in a listener. If specified, the
patch will be applied to the filter chain (and a specific
@ -809,7 +809,7 @@ No
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterChainMatch-filter">
<td><code>filter</code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch-FilterMatch">EnvoyFilter.ListenerMatch.FilterMatch</a></code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch-FilterMatch">FilterMatch</a></code></td>
<td>
<p>The name of a specific filter to apply the patch to. Set this
to envoy.http<em>connection</em>manager to add a filter or apply a
@ -850,7 +850,7 @@ No
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterMatch-sub_filter">
<td><code>subFilter</code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch-SubFilterMatch">EnvoyFilter.ListenerMatch.SubFilterMatch</a></code></td>
<td><code><a href="#EnvoyFilter-ListenerMatch-SubFilterMatch">SubFilterMatch</a></code></td>
<td>
<p>The next level filter within this filter to match
upon. Typically used for HTTP Connection Manager filters and
@ -911,7 +911,7 @@ No
<tbody>
<tr id="EnvoyFilter-Patch-operation">
<td><code>operation</code></td>
<td><code><a href="#EnvoyFilter-Patch-Operation">EnvoyFilter.Patch.Operation</a></code></td>
<td><code><a href="#EnvoyFilter-Patch-Operation">Operation</a></code></td>
<td>
<p>Determines how the patch should be applied.</p>
@ -922,7 +922,7 @@ No
</tr>
<tr id="EnvoyFilter-Patch-value">
<td><code>value</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">google.protobuf.Struct</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">Struct</a></code></td>
<td>
<p>The JSON config of the object being patched. This will be merged using
json merge semantics with the existing proto in the path.</p>
@ -1165,7 +1165,7 @@ No
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-vhost">
<td><code>vhost</code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch-VirtualHostMatch">EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch</a></code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch-VirtualHostMatch">VirtualHostMatch</a></code></td>
<td>
<p>Match a specific virtual host in a route configuration and
apply the patch to the virtual host.</p>
@ -1221,7 +1221,7 @@ No
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-RouteMatch-action">
<td><code>action</code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch-RouteMatch-Action">EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action</a></code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch-RouteMatch-Action">Action</a></code></td>
<td>
<p>Match a route with specific action type.</p>
@ -1306,7 +1306,7 @@ No
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-VirtualHostMatch-route">
<td><code>route</code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch-RouteMatch">EnvoyFilter.RouteConfigurationMatch.RouteMatch</a></code></td>
<td><code><a href="#EnvoyFilter-RouteConfigurationMatch-RouteMatch">RouteMatch</a></code></td>
<td>
<p>Match a specific route within the virtual host.</p>

8
content/en/docs/reference/config/networking/gateway/index.html
View File

@ -397,7 +397,7 @@ Yes
</tr>
<tr id="Server-tls">
<td><code>tls</code></td>
<td><code><a href="#Server-TLSOptions">Server.TLSOptions</a></code></td>
<td><code><a href="#Server-TLSOptions">TLSOptions</a></code></td>
<td>
<p>Set of TLS related options that govern the server&rsquo;s behavior. Use
these options to control if all http requests should be redirected to
@ -450,7 +450,7 @@ No
</tr>
<tr id="Server-TLSOptions-mode">
<td><code>mode</code></td>
<td><code><a href="#Server-TLSOptions-TLSmode">Server.TLSOptions.TLSmode</a></code></td>
<td><code><a href="#Server-TLSOptions-TLSmode">TLSmode</a></code></td>
<td>
<p>Optional: Indicates whether connections to this port should be
secured using TLS. The value of this field determines how TLS is
@ -569,7 +569,7 @@ No
</tr>
<tr id="Server-TLSOptions-min_protocol_version">
<td><code>minProtocolVersion</code></td>
<td><code><a href="#Server-TLSOptions-TLSProtocol">Server.TLSOptions.TLSProtocol</a></code></td>
<td><code><a href="#Server-TLSOptions-TLSProtocol">TLSProtocol</a></code></td>
<td>
<p>Optional: Minimum TLS protocol version.</p>
@ -580,7 +580,7 @@ No
</tr>
<tr id="Server-TLSOptions-max_protocol_version">
<td><code>maxProtocolVersion</code></td>
<td><code><a href="#Server-TLSOptions-TLSProtocol">Server.TLSOptions.TLSProtocol</a></code></td>
<td><code><a href="#Server-TLSOptions-TLSProtocol">TLSProtocol</a></code></td>
<td>
<p>Optional: Maximum TLS protocol version.</p>

6
content/en/docs/reference/config/networking/service-entry/index.html
View File

@ -386,7 +386,7 @@ Yes
</tr>
<tr id="ServiceEntry-location">
<td><code>location</code></td>
<td><code><a href="#ServiceEntry-Location">ServiceEntry.Location</a></code></td>
<td><code><a href="#ServiceEntry-Location">Location</a></code></td>
<td>
<p>Specify whether the service should be considered external to the mesh
or part of the mesh.</p>
@ -398,7 +398,7 @@ No
</tr>
<tr id="ServiceEntry-resolution">
<td><code>resolution</code></td>
<td><code><a href="#ServiceEntry-Resolution">ServiceEntry.Resolution</a></code></td>
<td><code><a href="#ServiceEntry-Resolution">Resolution</a></code></td>
<td>
<p>Service discovery mode for the hosts. Care must be taken
when setting the resolution mode to NONE for a TCP port without
@ -412,7 +412,7 @@ Yes
</tr>
<tr id="ServiceEntry-endpoints">
<td><code>endpoints</code></td>
<td><code><a href="#ServiceEntry-Endpoint">ServiceEntry.Endpoint[]</a></code></td>
<td><code><a href="#ServiceEntry-Endpoint">Endpoint[]</a></code></td>
<td>
<p>One or more endpoints associated with the service.</p>

148
content/en/docs/reference/config/networking/sidecar/index.html
View File

@ -14,38 +14,38 @@ inbound and outbound communication to the workload instance it is attached to. B
default, Istio will program all sidecar proxies in the mesh with the
necessary configuration required to reach every workload instance in the mesh, as
well as accept traffic on all the ports associated with the
workload. The Sidecar resource provides a way to fine tune the set of
workload. The <code>Sidecar</code> configuration provides a way to fine tune the set of
ports, protocols that the proxy will accept when forwarding traffic to
and from the workload. In addition, it is possible to restrict the set
of services that the proxy can reach when forwarding outbound traffic
from workload instances.</p>
<p>Services and configuration in a mesh are organized into one or more
namespaces (e.g., a Kubernetes namespace or a CF org/space). A Sidecar
resource in a namespace will apply to one or more workload instances in the same
namespace, selected using the workloadSelector. In the absence of a
workloadSelector, it will apply to all workload instances in the same
namespace. When determining the Sidecar resource to be applied to a
namespaces (e.g., a Kubernetes namespace or a CF org/space). A <code>Sidecar</code>
configuration in a namespace will apply to one or more workload instances in the same
namespace, selected using the <code>workloadSelector</code> field. In the absence of a
<code>workloadSelector</code>, it will apply to all workload instances in the same
namespace. When determining the <code>Sidecar</code> configuration to be applied to a
workload instance, preference will be given to the resource with a
workloadSelector that selects this workload instance, over a Sidecar resource
without any workloadSelector.</p>
<code>workloadSelector</code> that selects this workload instance, over a <code>Sidecar</code> configuration
without any <code>workloadSelector</code>.</p>
<p>NOTE 1: <em><em>Each namespace can have only one Sidecar resource without any
workload selector</em></em>. The behavior of the system is undefined if more
than one selector-less Sidecar resources exist in a given namespace. The
behavior of the system is undefined if two or more Sidecar resources
with a workload selector select the same workload instance.</p>
<p>NOTE 1: <em><em>Each namespace can have only one <code>Sidecar</code> configuration without any
<code>workloadSelector</code></em></em>. The behavior of the system is undefined if more
than one selector-less <code>Sidecar</code> configurations exist in a given namespace. The
behavior of the system is undefined if two or more <code>Sidecar</code> configurations
with a <code>workloadSelector</code> select the same workload instance.</p>
<p>NOTE 2: <em><em>A sidecar resource in the config <a href="/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig">root
namespace</a>
will be applied by default to all namespaces without a sidecar
resource.</em></em>. This global default sidecar resource should not have
any workload selector.</p>
<p>NOTE 2: <em><em>A <code>Sidecar</code> configuration in the <code>MeshConfig</code>
<a href="/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig">root namespace</a>
will be applied by default to all namespaces without a <code>Sidecar</code>
configuration</em></em>. This global default <code>Sidecar</code> configuration should not have
any <code>workloadSelector</code>.</p>
<p>The example below declares a global default Sidecar resource in the
<p>The example below declares a global default <code>Sidecar</code> configuration in the
root namespace called <code>istio-config</code>, that configures sidecars in
all namespaces to allow egress traffic only to other workloads in
the same namespace, and to services in the istio-system namespace.</p>
the same namespace, and to services in the <code>istio-system</code> namespace.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
@ -59,10 +59,10 @@ spec:
- &quot;istio-system/*&quot;
</code></pre>
<p>The example below declares a Sidecar resource in the prod-us1
<p>The example below declares a <code>Sidecar</code> configuration in the <code>prod-us1</code>
namespace that overrides the global default defined above, and
configures the sidecars in the namespace to allow egress traffic to
public services in the prod-us1, prod-apis, and the istio-system
public services in the <code>prod-us1</code>, <code>prod-apis</code>, and the <code>istio-system</code>
namespaces.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
@ -78,12 +78,12 @@ spec:
- &quot;istio-system/*&quot;
</code></pre>
<p>The example below declares a Sidecar resource in the prod-us1 namespace
<p>The example below declares a <code>Sidecar</code> configuration in the <code>prod-us1</code> namespace
that accepts inbound HTTP traffic on port 9080 and forwards
it to the attached workload instance listening on a Unix domain socket. In the
egress direction, in addition to the istio-system namespace, the sidecar
egress direction, in addition to the <code>istio-system</code> namespace, the sidecar
proxies only HTTP traffic bound for port 9080 for services in the
prod-us1 namespace.</p>
<code>prod-us1</code> namespace.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
@ -108,18 +108,18 @@ spec:
- &quot;istio-system/*&quot;
</code></pre>
<p>If the workload is deployed without IPTables based traffic capture, the
Sidecar resource is the only way to configure the ports on the proxy
attached to the workload instance. The following example declares a Sidecar
resource in the prod-us1 namespace for all pods with labels &ldquo;app:
productpage&rdquo; belonging to the productpage.prod-us1 service. Assuming
that these pods are deployed without IPtable rules (i.e. the Istio init
container) and the proxy metadata ISTIO<em>META</em>INTERCEPTION_MODE is set to
NONE, the specification below allows such pods to receive HTTP traffic
<p>If the workload is deployed without IPTables-based traffic capture, the
<code>Sidecar</code> configuration is the only way to configure the ports on the proxy
attached to the workload instance. The following example declares a <code>Sidecar</code>
configuration in the <code>prod-us1</code> namespace for all pods with labels
<code>app: productpage</code> belonging to the <code>productpage.prod-us1</code> service. Assuming
that these pods are deployed without IPtable rules (i.e. the <code>istio-init</code>
container) and the proxy metadata <code>ISTIO_META_INTERCEPTION_MODE</code> is set to
<code>NONE</code>, the specification, below, allows such pods to receive HTTP traffic
on port 9080 and forward it to the application listening on
127.0.0.1:8080. It also allows the application to communicate with a
backing MySQL database on 127.0.0.1:3306, that then gets proxied to the
externally hosted MySQL service at mysql.foo.com:3306.</p>
<code>127.0.0.1:8080</code>. It also allows the application to communicate with a
backing MySQL database on <code>127.0.0.1:3306</code>, that then gets proxied to the
externally hosted MySQL service at <code>mysql.foo.com:3306</code>.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
@ -148,7 +148,7 @@ spec:
- &quot;*/mysql.foo.com&quot;
</code></pre>
<p>And the associated service entry for routing to mysql.foo.com:3306</p>
<p>And the associated service entry for routing to <code>mysql.foo.com:3306</code></p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
@ -168,14 +168,14 @@ spec:
<p>It is also possible to mix and match traffic capture modes in a single
proxy. For example, consider a setup where internal services are on the
192.168.0.0/16 subnet. So, IP tables are setup on the VM to capture all
outbound traffic on 192.168.0.0/16 subnet. Assume that the VM has an
additional network interface on 172.16.0.0/16 subnet for inbound
traffic. The following Sidecar configuration allows the VM to expose a
listener on 172.16.1.32:80 (the VM&rsquo;s IP) for traffic arriving from the
172.16.0.0/16 subnet. Note that in this scenario, the
ISTIO<em>META</em>INTERCEPTION_MODE metadata on the proxy in the VM should
contain &ldquo;REDIRECT&rdquo; or &ldquo;TPROXY&rdquo; as its value, implying that IP tables
<code>192.168.0.0/16</code> subnet. So, IP tables are setup on the VM to capture all
outbound traffic on <code>192.168.0.0/16</code> subnet. Assume that the VM has an
additional network interface on <code>172.16.0.0/16</code> subnet for inbound
traffic. The following <code>Sidecar</code> configuration allows the VM to expose a
listener on <code>172.16.1.32:80</code> (the VM&rsquo;s IP) for traffic arriving from the
<code>172.16.0.0/16</code> subnet. Note that in this scenario, the
<code>ISTIO_META_INTERCEPTION_MODE</code> metadata on the proxy in the VM should
contain <code>REDIRECT</code> or <code>TPROXY</code> as its value, implying that IP tables
based traffic capture is active.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
@ -207,7 +207,7 @@ spec:
<h2 id="CaptureMode">CaptureMode</h2>
<section>
<p>CaptureMode describes how traffic to a listener is expected to be
<p><code>CaptureMode</code> describes how traffic to a listener is expected to be
captured. Applicable only when the listener is bound to an IP.</p>
<table class="enum-values">
@ -221,23 +221,23 @@ captured. Applicable only when the listener is bound to an IP.</p>
<tr id="CaptureMode-DEFAULT">
<td><code>DEFAULT</code></td>
<td>
<p>The default capture mode defined by the environment</p>
<p>The default capture mode defined by the environment.</p>
</td>
</tr>
<tr id="CaptureMode-IPTABLES">
<td><code>IPTABLES</code></td>
<td>
<p>Capture traffic using IPtables redirection</p>
<p>Capture traffic using IPtables redirection.</p>
</td>
</tr>
<tr id="CaptureMode-NONE">
<td><code>NONE</code></td>
<td>
<p>No traffic capture. When used in egress listener, the application is
expected to explicitly communicate with the listener port/unix
domain socket. When used in ingress listener, care needs to be taken
<p>No traffic capture. When used in an egress listener, the application is
expected to explicitly communicate with the listener port or Unix
domain socket. When used in an ingress listener, care needs to be taken
to ensure that the listener port is not in use by other processes on
the host.</p>
@ -248,7 +248,7 @@ the host.</p>
</section>
<h2 id="IstioEgressListener">IstioEgressListener</h2>
<section>
<p>IstioEgressListener specifies the properties of an outbound traffic
<p><code>IstioEgressListener</code> specifies the properties of an outbound traffic
listener on the sidecar proxy attached to a workload instance.</p>
<table class="message-fields">
@ -284,12 +284,12 @@ No
<td><code>bind</code></td>
<td><code>string</code></td>
<td>
<p>The ip or the Unix domain socket to which the listener should be bound
<p>The IP or the Unix domain socket to which the listener should be bound
to. Port MUST be specified if bind is not empty. Format: <code>x.x.x.x</code> or
<code>unix:///path/to/uds</code> or <code>unix://@foobar</code> (Linux abstract namespace). If
omitted, Istio will automatically configure the defaults based on imported
services, the workload instances to which this configuration is applied to and
the captureMode. If captureMode is NONE, bind will default to
the captureMode. If captureMode is <code>NONE</code>, bind will default to
127.0.0.1.</p>
</td>
@ -303,7 +303,7 @@ No
<td>
<p>When the bind address is an IP, the captureMode option dictates
how traffic to the listener is expected to be captured (or not).
captureMode must be DEFAULT or NONE for Unix domain socket binds.</p>
captureMode must be DEFAULT or <code>NONE</code> for Unix domain socket binds.</p>
</td>
<td>
@ -361,7 +361,7 @@ Yes
</section>
<h2 id="IstioIngressListener">IstioIngressListener</h2>
<section>
<p>IstioIngressListener specifies the properties of an inbound
<p><code>IstioIngressListener</code> specifies the properties of an inbound
traffic listener on the sidecar proxy attached to a workload instance.</p>
<table class="message-fields">
@ -389,7 +389,7 @@ Yes
<td><code>bind</code></td>
<td><code>string</code></td>
<td>
<p>The ip to which the listener should be bound. Must be in the
<p>The IP to which the listener should be bound. Must be in the
format <code>x.x.x.x</code>. Unix domain socket addresses are not allowed in
the bind field for ingress listeners. If omitted, Istio will
automatically configure the defaults based on imported services
@ -419,9 +419,9 @@ No
<td>
<p>The loopback IP endpoint or Unix domain socket to which
traffic should be forwarded to. This configuration can be used to
redirect traffic arriving at the bind IP:Port on the sidecar to a localhost:port
redirect traffic arriving at the bind <code>IP:Port</code> on the sidecar to a <code>localhost:port</code>
or Unix domain socket where the application workload instance is listening for
connections. Format should be 127.0.0.1:PORT or <code>unix:///path/to/socket</code></p>
connections. Format should be <code>127.0.0.1:PORT</code> or <code>unix:///path/to/socket</code></p>
</td>
<td>
@ -433,14 +433,14 @@ Yes
</section>
<h2 id="OutboundTrafficPolicy">OutboundTrafficPolicy</h2>
<section>
<p>OutboundTrafficPolicy sets the default behavior of the sidecar for
<p><code>OutboundTrafficPolicy</code> sets the default behavior of the sidecar for
handling outbound traffic from the application.
If your application uses one or more external
services that are not known apriori, setting the policy to ALLOW<em>ANY
services that are not known apriori, setting the policy to <code>ALLOW_ANY</code>
will cause the sidecars to route any unknown traffic originating from
the application to its requested destination. Users are strongly
encouraged to use ServiceEntries to explicitly declare any external
dependencies, instead of using allow</em>any, so that traffic to these
encouraged to use <code>ServiceEntry</code> configurations to explicitly declare any external
dependencies, instead of using <code>ALLOW_ANY</code>, so that traffic to these
services can be monitored.</p>
<table class="message-fields">
@ -455,7 +455,7 @@ services can be monitored.</p>
<tbody>
<tr id="OutboundTrafficPolicy-mode">
<td><code>mode</code></td>
<td><code><a href="#OutboundTrafficPolicy-Mode">OutboundTrafficPolicy.Mode</a></code></td>
<td><code><a href="#OutboundTrafficPolicy-Mode">Mode</a></code></td>
<td>
</td>
<td>
@ -478,16 +478,16 @@ No
<tr id="OutboundTrafficPolicy-Mode-REGISTRY_ONLY">
<td><code>REGISTRY_ONLY</code></td>
<td>
<p>outbound traffic will be restricted to services defined in the
service registry as well as those defined through ServiceEntries</p>
<p>Outbound traffic will be restricted to services defined in the
service registry as well as those defined through <code>ServiceEntry</code> configurations.</p>
</td>
</tr>
<tr id="OutboundTrafficPolicy-Mode-ALLOW_ANY">
<td><code>ALLOW_ANY</code></td>
<td>
<p>outbound traffic to unknown destinations will be allowed, in case
there are no services or ServiceEntries for the destination port</p>
<p>Outbound traffic to unknown destinations will be allowed, in case
there are no services or <code>ServiceEntry</code> configurations for the destination port.</p>
</td>
</tr>
@ -496,7 +496,7 @@ there are no services or ServiceEntries for the destination port</p>
</section>
<h2 id="Sidecar">Sidecar</h2>
<section>
<p>Sidecar describes the configuration of the sidecar proxy that mediates
<p><code>Sidecar</code> describes the configuration of the sidecar proxy that mediates
inbound and outbound communication of the workload instance to which it is
attached.</p>
@ -515,7 +515,7 @@ attached.</p>
<td><code><a href="#WorkloadSelector">WorkloadSelector</a></code></td>
<td>
<p>Criteria used to select the specific set of pods/VMs on which this
sidecar configuration should be applied. If omitted, the sidecar
<code>Sidecar</code> configuration should be applied. If omitted, the <code>Sidecar</code>
configuration will be applied to all workload instances in the same namespace.</p>
</td>
@ -558,7 +558,7 @@ Yes
<td>
<p>This allows to configure the outbound traffic policy.
If your application uses one or more external
services that are not known apriori, setting the policy to ALLOW_ANY
services that are not known apriori, setting the policy to <code>ALLOW_ANY</code>
will cause the sidecars to route any unknown traffic originating from
the application to its requested destination.</p>
@ -572,8 +572,8 @@ No
</section>
<h2 id="WorkloadSelector">WorkloadSelector</h2>
<section>
<p>WorkloadSelector specifies the criteria used to determine if the Gateway,
Sidecar, or EnvoyFilter resource can be applied to a proxy. The matching criteria
<p><code>WorkloadSelector</code> specifies the criteria used to determine if the <code>Gateway</code>,
<code>Sidecar</code>, or <code>EnvoyFilter</code> configuration can be applied to a proxy. The matching criteria
includes the metadata associated with a proxy, workload instance info such as
labels attached to the pod/VM, or any other info that the proxy provides
to Istio during the initial handshake. If multiple conditions are
@ -595,7 +595,7 @@ selected. Currently, only label based selection mechanism is supported.</p>
<td><code>map&lt;string,&nbsp;string&gt;</code></td>
<td>
<p>One or more labels that indicate a specific set of pods/VMs
on which this sidecar configuration should be applied. The scope of
on which this <code>Sidecar</code> configuration should be applied. The scope of
label search is restricted to the configuration namespace in which the
the resource is present.</p>

20
content/en/docs/reference/config/networking/virtual-service/index.html
View File

@ -192,7 +192,7 @@ No
</tr>
<tr id="CorsPolicy-max_age">
<td><code>maxAge</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Specifies how long the results of a preflight request can be
cached. Translates to the <code>Access-Control-Max-Age</code> header.</p>
@ -204,7 +204,7 @@ No
</tr>
<tr id="CorsPolicy-allow_credentials">
<td><code>allowCredentials</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">BoolValue</a></code></td>
<td>
<p>Indicates whether the caller is allowed to send the actual request
(not the preflight) using credentials. Translates to
@ -430,7 +430,7 @@ both are specified simultaneously.</p>
<tbody>
<tr id="HTTPFaultInjection-delay">
<td><code>delay</code></td>
<td><code><a href="#HTTPFaultInjection-Delay">HTTPFaultInjection.Delay</a></code></td>
<td><code><a href="#HTTPFaultInjection-Delay">Delay</a></code></td>
<td>
<p>Delay requests before forwarding, emulating various failures such as
network issues, overloaded upstream service, etc.</p>
@ -442,7 +442,7 @@ No
</tr>
<tr id="HTTPFaultInjection-abort">
<td><code>abort</code></td>
<td><code><a href="#HTTPFaultInjection-Abort">HTTPFaultInjection.Abort</a></code></td>
<td><code><a href="#HTTPFaultInjection-Abort">Abort</a></code></td>
<td>
<p>Abort Http request attempts and return error codes back to downstream
service, giving the impression that the upstream service is faulty.</p>
@ -578,7 +578,7 @@ percentage of requests. If left unspecified, all request will be delayed.</p>
<tbody>
<tr id="HTTPFaultInjection-Delay-fixed_delay" class="oneof oneof-start">
<td><code>fixedDelay</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration (oneof)</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration (oneof)</a></code></td>
<td>
<p>Add a fixed delay before forwarding the request. Format:
1h/1m/1s/1ms. MUST be &gt;=1ms.</p>
@ -965,7 +965,7 @@ Yes
</tr>
<tr id="HTTPRetry-per_try_timeout">
<td><code>perTryTimeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms.</p>
@ -1140,7 +1140,7 @@ No
</tr>
<tr id="HTTPRoute-timeout">
<td><code>timeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Timeout for HTTP requests.</p>
@ -1191,7 +1191,7 @@ No
</tr>
<tr id="HTTPRoute-mirror_percent">
<td><code>mirrorPercent</code></td>
<td><code><a href="#google-protobuf-UInt32Value">google.protobuf.UInt32Value</a></code></td>
<td><code><a href="#google-protobuf-UInt32Value">UInt32Value</a></code></td>
<td>
<p>Percentage of the traffic to be mirrored by the <code>mirror</code> field.
If this field is absent, all the traffic (100%) will be mirrored.
@ -1442,7 +1442,7 @@ spec:
<tbody>
<tr id="Headers-request">
<td><code>request</code></td>
<td><code><a href="#Headers-HeaderOperations">Headers.HeaderOperations</a></code></td>
<td><code><a href="#Headers-HeaderOperations">HeaderOperations</a></code></td>
<td>
<p>Header manipulation rules to apply before forwarding a request
to the destination service</p>
@ -1454,7 +1454,7 @@ No
</tr>
<tr id="Headers-response">
<td><code>response</code></td>
<td><code><a href="#Headers-HeaderOperations">Headers.HeaderOperations</a></code></td>
<td><code><a href="#Headers-HeaderOperations">HeaderOperations</a></code></td>
<td>
<p>Header manipulation rules to apply before returning a response
to the caller</p>

6
content/en/docs/reference/config/policy-and-telemetry/adapters/circonus/index.html
View File

@ -43,7 +43,7 @@ No
</tr>
<tr id="Params-submission_interval">
<td><code>submissionInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
</td>
<td>
@ -52,7 +52,7 @@ No
</tr>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code><a href="#Params-MetricInfo">Params.MetricInfo[]</a></code></td>
<td><code><a href="#Params-MetricInfo">MetricInfo[]</a></code></td>
<td>
</td>
<td>
@ -89,7 +89,7 @@ No
</tr>
<tr id="Params-MetricInfo-type">
<td><code>type</code></td>
<td><code><a href="#Params-MetricInfo-Type">Params.MetricInfo.Type</a></code></td>
<td><code><a href="#Params-MetricInfo-Type">Type</a></code></td>
<td>
</td>
<td>

6
content/en/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/index.html
View File

@ -52,7 +52,7 @@ No
</tr>
<tr id="Params-metric_info">
<td><code>metricInfo</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricDatum">Params.MetricDatum</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricDatum">MetricDatum</a>&gt;</code></td>
<td>
<p>A map of Istio metric name to CloudWatch metric info.</p>
@ -85,7 +85,7 @@ No
</tr>
<tr id="Params-logs">
<td><code>logs</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-LogInfo">Params.LogInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-LogInfo">LogInfo</a>&gt;</code></td>
<td>
<p>A map of Istio logentry name to CloudWatch logentry info.</p>
@ -140,7 +140,7 @@ No
<tbody>
<tr id="Params-MetricDatum-unit">
<td><code>unit</code></td>
<td><code><a href="#Params-MetricDatum-Unit">Params.MetricDatum.Unit</a></code></td>
<td><code><a href="#Params-MetricDatum-Unit">Unit</a></code></td>
<td>
<p>The unit of the metric. Must be valid cloudwatch unit value.
<a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html">CloudWatch docs</a></p>

4
content/en/docs/reference/config/policy-and-telemetry/adapters/datadog/index.html
View File

@ -96,7 +96,7 @@ No
</tr>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">Params.MetricInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">MetricInfo</a>&gt;</code></td>
<td>
<p>Map of a specific metric instance name -&gt; info. If a metric&rsquo;s instance name is not in the map then the metric will not be exported to DataDog.</p>
@ -135,7 +135,7 @@ No
</tr>
<tr id="Params-MetricInfo-type">
<td><code>type</code></td>
<td><code><a href="#Params-MetricInfo-Type">Params.MetricInfo.Type</a></code></td>
<td><code><a href="#Params-MetricInfo-Type">Type</a></code></td>
<td>
<p>The type of metric</p>

6
content/en/docs/reference/config/policy-and-telemetry/adapters/denier/index.html
View File

@ -34,7 +34,7 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/quota/">q
<tbody>
<tr id="Params-status">
<td><code>status</code></td>
<td><code><a href="#google-rpc-Status">google.rpc.Status</a></code></td>
<td><code><a href="#google-rpc-Status">Status</a></code></td>
<td>
<p>The error to return when denying a request.</p>
@ -45,7 +45,7 @@ No
</tr>
<tr id="Params-valid_duration">
<td><code>validDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The duration for which the denial is valid.</p>
@ -166,7 +166,7 @@ No
</tr>
<tr id="google-rpc-Status-details">
<td><code>details</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">google.protobuf.Any[]</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">Any[]</a></code></td>
<td>
<p>A list of messages that carry the error details. There is a common set of
message types for APIs to use.</p>

4
content/en/docs/reference/config/policy-and-telemetry/adapters/fluentd/index.html
View File

@ -94,7 +94,7 @@ No
</tr>
<tr id="Params-push_interval_duration">
<td><code>pushIntervalDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Duration interval for pushing batched data to the fluentd backend. At least once every duration,
the handler will attempt to push data.
@ -107,7 +107,7 @@ No
</tr>
<tr id="Params-push_timeout_duration">
<td><code>pushTimeoutDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Timeout duration for pushing batched data to the fluentd backend. If a request takes longer than
the configured timeout, the request will be cancelled and dropped.

2
content/en/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/index.html
View File

@ -62,7 +62,7 @@ No
</tr>
<tr id="Params-cache_refresh_duration">
<td><code>cacheRefreshDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Controls the resync period of the Kubernetes cluster info cache.
The cache will watch for events and every so often completely resync.

8
content/en/docs/reference/config/policy-and-telemetry/adapters/list/index.html
View File

@ -45,7 +45,7 @@ No
</tr>
<tr id="Params-refresh_interval">
<td><code>refreshInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Determines how often the provider is polled for
an updated list</p>
@ -57,7 +57,7 @@ No
</tr>
<tr id="Params-ttl">
<td><code>ttl</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Indicates how long to keep a list before discarding it.
Typically, the TTL value should be set to noticeably longer (&gt; 2x) than the
@ -71,7 +71,7 @@ No
</tr>
<tr id="Params-caching_interval">
<td><code>cachingInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Indicates the amount of time a caller of this adapter can cache an answer
before it should ask the adapter again.</p>
@ -106,7 +106,7 @@ No
</tr>
<tr id="Params-entry_type">
<td><code>entryType</code></td>
<td><code><a href="#Params-ListEntryType">Params.ListEntryType</a></code></td>
<td><code><a href="#Params-ListEntryType">ListEntryType</a></code></td>
<td>
<p>Determines the kind of list entry and overrides.</p>

10
content/en/docs/reference/config/policy-and-telemetry/adapters/memquota/index.html
View File

@ -37,7 +37,7 @@ be lost.</p>
<tbody>
<tr id="Params-quotas">
<td><code>quotas</code></td>
<td><code><a href="#Params-Quota">Params.Quota[]</a></code></td>
<td><code><a href="#Params-Quota">Quota[]</a></code></td>
<td>
<p>The set of known quotas.</p>
@ -48,7 +48,7 @@ No
</tr>
<tr id="Params-min_deduplication_duration">
<td><code>minDeduplicationDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Minimum number of seconds that deduplication is possible for a given operation.</p>
@ -100,7 +100,7 @@ No
</tr>
<tr id="Params-Override-valid_duration">
<td><code>validDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The amount of time allocated quota remains valid before it is
automatically released. This is only meaningful for rate limit
@ -152,7 +152,7 @@ No
</tr>
<tr id="Params-Quota-valid_duration">
<td><code>validDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The amount of time allocated quota remains valid before it is
automatically released. This is only meaningful for rate limit
@ -165,7 +165,7 @@ No
</tr>
<tr id="Params-Quota-overrides">
<td><code>overrides</code></td>
<td><code><a href="#Params-Override">Params.Override[]</a></code></td>
<td><code><a href="#Params-Override">Override[]</a></code></td>
<td>
<p>Overrides associated with this quota.
The first matching override is applied.</p>

18
content/en/docs/reference/config/policy-and-telemetry/adapters/prometheus/index.html
View File

@ -32,7 +32,7 @@ number_of_entries: 8
<tbody>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code><a href="#Params-MetricInfo">Params.MetricInfo[]</a></code></td>
<td><code><a href="#Params-MetricInfo">MetricInfo[]</a></code></td>
<td>
<p>The set of metrics to represent in Prometheus. If a metric is defined in Istio but doesn&rsquo;t have a corresponding
shape here, it will not be populated at runtime.</p>
@ -44,7 +44,7 @@ No
</tr>
<tr id="Params-metrics_expiration_policy">
<td><code>metricsExpirationPolicy</code></td>
<td><code><a href="#Params-MetricsExpirationPolicy">Params.MetricsExpirationPolicy</a></code></td>
<td><code><a href="#Params-MetricsExpirationPolicy">MetricsExpirationPolicy</a></code></td>
<td>
<p>Optional. The rate at which to expire metrics from the adapter. This option controls the amount of metric data
that the adapter will maintain over its lifetime.</p>
@ -136,7 +136,7 @@ No
</tr>
<tr id="Params-MetricInfo-kind">
<td><code>kind</code></td>
<td><code><a href="#Params-MetricInfo-Kind">Params.MetricInfo.Kind</a></code></td>
<td><code><a href="#Params-MetricInfo-Kind">Kind</a></code></td>
<td>
</td>
<td>
@ -145,7 +145,7 @@ No
</tr>
<tr id="Params-MetricInfo-buckets">
<td><code>buckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition">Params.MetricInfo.BucketsDefinition</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition">BucketsDefinition</a></code></td>
<td>
<p>For metrics with a metric kind of DISTRIBUTION, this provides a mechanism
for configuring the buckets that will be used to store the aggregated values.
@ -188,7 +188,7 @@ No
<tbody>
<tr id="Params-MetricInfo-BucketsDefinition-linear_buckets" class="oneof oneof-start">
<td><code>linearBuckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Linear">Params.MetricInfo.BucketsDefinition.Linear (oneof)</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Linear">Linear (oneof)</a></code></td>
<td>
<p>The linear buckets.</p>
@ -199,7 +199,7 @@ Yes
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-exponential_buckets" class="oneof">
<td><code>exponentialBuckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Exponential">Params.MetricInfo.BucketsDefinition.Exponential (oneof)</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Exponential">Exponential (oneof)</a></code></td>
<td>
<p>The exponential buckets.</p>
@ -210,7 +210,7 @@ Yes
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-explicit_buckets" class="oneof">
<td><code>explicitBuckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Explicit">Params.MetricInfo.BucketsDefinition.Explicit (oneof)</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Explicit">Explicit (oneof)</a></code></td>
<td>
<p>The explicit buckets.</p>
@ -441,7 +441,7 @@ every minute to determine whether or not they should be expired.</p>
<tbody>
<tr id="Params-MetricsExpirationPolicy-metrics_expiry_duration">
<td><code>metricsExpiryDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Required. Describes the desired lifetime of a metric. If the metric is not updated at any point during this duration, it
will be removed from the set of metrics exported by the handler.</p>
@ -453,7 +453,7 @@ No
</tr>
<tr id="Params-MetricsExpirationPolicy-expiry_check_interval_duration">
<td><code>expiryCheckIntervalDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Optional. Describes the interval in which metrics will be checked to see if they have been stale for longer that the configured
<code>metrics_expiry_duration</code>. This should be generally be set to a duration much shorter than the configured <code>metrics_expiry_duration</code>.

10
content/en/docs/reference/config/policy-and-telemetry/adapters/redisquota/index.html
View File

@ -53,7 +53,7 @@ quotas:
<tbody>
<tr id="Params-quotas">
<td><code>quotas</code></td>
<td><code><a href="#Params-Quota">Params.Quota[]</a></code></td>
<td><code><a href="#Params-Quota">Quota[]</a></code></td>
<td>
<p>The set of known quotas. At least one quota configuration is required</p>
@ -165,7 +165,7 @@ No
</tr>
<tr id="Params-Quota-valid_duration">
<td><code>validDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The amount of time allocated quota remains valid before it is
automatically released. This is only meaningful for rate limit quotas.
@ -178,7 +178,7 @@ No
</tr>
<tr id="Params-Quota-bucket_duration">
<td><code>bucketDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>The <code>bucketDuration</code> will be ignored if <code>rateLimitAlgorithm</code> is <code>FIXED_WINDOW</code>
value should be <code>0 &lt; bucketDuration &lt; validDuration</code></p>
@ -190,7 +190,7 @@ No
</tr>
<tr id="Params-Quota-rate_limit_algorithm">
<td><code>rateLimitAlgorithm</code></td>
<td><code><a href="#Params-QuotaAlgorithm">Params.QuotaAlgorithm</a></code></td>
<td><code><a href="#Params-QuotaAlgorithm">QuotaAlgorithm</a></code></td>
<td>
<p>Quota management algorithm. The default value is <code>FIXED_WINDOW</code></p>
@ -201,7 +201,7 @@ No
</tr>
<tr id="Params-Quota-overrides">
<td><code>overrides</code></td>
<td><code><a href="#Params-Override">Params.Override[]</a></code></td>
<td><code><a href="#Params-Override">Override[]</a></code></td>
<td>
<p>Overrides associated with this quota.
The first matching override is applied.</p>

6
content/en/docs/reference/config/policy-and-telemetry/adapters/signalfx/index.html
View File

@ -86,7 +86,7 @@ spec:
<tbody>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code><a href="#Params-MetricConfig">Params.MetricConfig[]</a></code></td>
<td><code><a href="#Params-MetricConfig">MetricConfig[]</a></code></td>
<td>
<p>Required. The set of metrics to send to SignalFx. If an Istio metric is
configured to be sent to this adapter, it must have a corresponding
@ -123,7 +123,7 @@ No
</tr>
<tr id="Params-datapoint_interval">
<td><code>datapointInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Optional. Specifies how frequently to send metrics to SignalFx. Metrics
reported to this adapter are collected and reported as a timeseries.
@ -219,7 +219,7 @@ No
</tr>
<tr id="Params-MetricConfig-type">
<td><code>type</code></td>
<td><code><a href="#Params-MetricConfig-Type">Params.MetricConfig.Type</a></code></td>
<td><code><a href="#Params-MetricConfig-Type">Type</a></code></td>
<td>
<p>The metric type of the metric</p>

6
content/en/docs/reference/config/policy-and-telemetry/adapters/solarwinds/index.html
View File

@ -130,7 +130,7 @@ No
</tr>
<tr id="Params-papertrail_local_retention_duration">
<td><code>papertrailLocalRetentionDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>This is the duration for which logs will be persisted locally until it is shipped to papertrail in the event
of a network failure. Default value is 1 hour.</p>
@ -142,7 +142,7 @@ No
</tr>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">Params.MetricInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">MetricInfo</a>&gt;</code></td>
<td>
<p>A map of Istio metric name to solarwinds metric info.</p>
@ -153,7 +153,7 @@ No
</tr>
<tr id="Params-logs">
<td><code>logs</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-LogInfo">Params.LogInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-LogInfo">LogInfo</a>&gt;</code></td>
<td>
<p>A map of Istio logentry name to solarwinds log info.</p>

24
content/en/docs/reference/config/policy-and-telemetry/adapters/stackdriver/index.html
View File

@ -57,7 +57,7 @@ No
</tr>
<tr id="Params-push_interval">
<td><code>pushInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>This adapter batches the data it sends to Stackdriver; we will push to stackdriver every push_interval.
If no value is provided we default to once per minute.</p>
@ -107,7 +107,7 @@ Yes
</tr>
<tr id="Params-metric_info">
<td><code>metricInfo</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">Params.MetricInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">MetricInfo</a>&gt;</code></td>
<td>
<p>A map of Istio metric name to Stackdriver metric info.</p>
@ -118,7 +118,7 @@ No
</tr>
<tr id="Params-log_info">
<td><code>logInfo</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-LogInfo">Params.LogInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-LogInfo">LogInfo</a>&gt;</code></td>
<td>
<p>A map of Istio LogEntry name to Stackdriver log info.</p>
@ -129,7 +129,7 @@ No
</tr>
<tr id="Params-trace">
<td><code>trace</code></td>
<td><code><a href="#Params-Trace">Params.Trace</a></code></td>
<td><code><a href="#Params-Trace">Trace</a></code></td>
<td>
<p>Stackdriver Trace configuration.</p>
@ -181,7 +181,7 @@ No
</tr>
<tr id="Params-LogInfo-http_mapping">
<td><code>httpMapping</code></td>
<td><code><a href="#Params-LogInfo-HttpRequestMapping">Params.LogInfo.HttpRequestMapping</a></code></td>
<td><code><a href="#Params-LogInfo-HttpRequestMapping">HttpRequestMapping</a></code></td>
<td>
<p>If an HttpRequestMapping is provided, a HttpRequest object will be filled out for this log entry using the
variables named in the mapping to populate the fields of the request struct from the instance&rsquo;s variables.</p>
@ -193,7 +193,7 @@ No
</tr>
<tr id="Params-LogInfo-sink_info">
<td><code>sinkInfo</code></td>
<td><code><a href="#Params-LogInfo-SinkInfo">Params.LogInfo.SinkInfo</a></code></td>
<td><code><a href="#Params-LogInfo-SinkInfo">SinkInfo</a></code></td>
<td>
<p>If SinkInfo is provided, Stackriver logs would be exported to that sink.</p>
@ -464,7 +464,7 @@ See https://github.com/googleapis/googleapis/blob/master/google/api/metric.proto
<tbody>
<tr id="Params-MetricInfo-kind">
<td><code>kind</code></td>
<td><code><a href="#google-api-MetricDescriptor-MetricKind">google.api.MetricDescriptor.MetricKind</a></code></td>
<td><code><a href="#google-api-MetricDescriptor-MetricKind">MetricKind</a></code></td>
<td>
<p>The kind of measurement for a metric, which describes how the data is reported. Ex: Gauge.</p>
@ -475,7 +475,7 @@ No
</tr>
<tr id="Params-MetricInfo-value">
<td><code>value</code></td>
<td><code><a href="#google-api-MetricDescriptor-ValueType">google.api.MetricDescriptor.ValueType</a></code></td>
<td><code><a href="#google-api-MetricDescriptor-ValueType">ValueType</a></code></td>
<td>
<p>The type of the metric&rsquo;s value. Ex: Distribution.</p>
@ -486,7 +486,7 @@ No
</tr>
<tr id="Params-MetricInfo-buckets">
<td><code>buckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition">Params.MetricInfo.BucketsDefinition</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition">BucketsDefinition</a></code></td>
<td>
<p>For metrics with a metric value of DISTRIBUTION, this provides a mechanism
for configuring the buckets that will be used to store the aggregated values.
@ -533,7 +533,7 @@ dependencies it doesn&rsquo;t actually use.</p>
<tbody>
<tr id="Params-MetricInfo-BucketsDefinition-linear_buckets" class="oneof oneof-start">
<td><code>linearBuckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Linear">Params.MetricInfo.BucketsDefinition.Linear (oneof)</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Linear">Linear (oneof)</a></code></td>
<td>
<p>The linear buckets.</p>
@ -544,7 +544,7 @@ Yes
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-exponential_buckets" class="oneof">
<td><code>exponentialBuckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Exponential">Params.MetricInfo.BucketsDefinition.Exponential (oneof)</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Exponential">Exponential (oneof)</a></code></td>
<td>
<p>The exponential buckets.</p>
@ -555,7 +555,7 @@ Yes
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-explicit_buckets" class="oneof">
<td><code>explicitBuckets</code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Explicit">Params.MetricInfo.BucketsDefinition.Explicit (oneof)</a></code></td>
<td><code><a href="#Params-MetricInfo-BucketsDefinition-Explicit">Explicit (oneof)</a></code></td>
<td>
<p>The explicit buckets.</p>

6
content/en/docs/reference/config/policy-and-telemetry/adapters/statsd/index.html
View File

@ -54,7 +54,7 @@ No
</tr>
<tr id="Params-flush_duration">
<td><code>flushDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>FlushDuration controls the maximum amount of time between sending metrics to the statsd collection server.
Metrics are reported when either flush<em>bytes is full or flush</em>duration time has elapsed since the last report.</p>
@ -89,7 +89,7 @@ No
</tr>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">Params.MetricInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-MetricInfo">MetricInfo</a>&gt;</code></td>
<td>
<p>Map of metric name -&gt; info. If a metric&rsquo;s name is not in the map then the metric will not be exported to statsd.</p>
@ -117,7 +117,7 @@ No
<tbody>
<tr id="Params-MetricInfo-type">
<td><code>type</code></td>
<td><code><a href="#Params-MetricInfo-Type">Params.MetricInfo.Type</a></code></td>
<td><code><a href="#Params-MetricInfo-Type">Type</a></code></td>
<td>
</td>
<td>

8
content/en/docs/reference/config/policy-and-telemetry/adapters/stdio/index.html
View File

@ -37,7 +37,7 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/metric/">
<tbody>
<tr id="Params-log_stream">
<td><code>logStream</code></td>
<td><code><a href="#Params-Stream">Params.Stream</a></code></td>
<td><code><a href="#Params-Stream">Stream</a></code></td>
<td>
<p>Selects which standard stream to write to for log entries.
STDERR is the default Stream.</p>
@ -49,7 +49,7 @@ No
</tr>
<tr id="Params-severity_levels">
<td><code>severityLevels</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-Level">Params.Level</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#Params-Level">Level</a>&gt;</code></td>
<td>
<p>Maps from severity strings as specified in LogEntry instances to
the set of levels supported by this adapter. This defaults to a map of</p>
@ -77,7 +77,7 @@ No
</tr>
<tr id="Params-metric_level">
<td><code>metricLevel</code></td>
<td><code><a href="#Params-Level">Params.Level</a></code></td>
<td><code><a href="#Params-Level">Level</a></code></td>
<td>
<p>The level to assign to metrics being output. Defaults to INFO.</p>
@ -99,7 +99,7 @@ No
</tr>
<tr id="Params-output_level">
<td><code>outputLevel</code></td>
<td><code><a href="#Params-Level">Params.Level</a></code></td>
<td><code><a href="#Params-Level">Level</a></code></td>
<td>
<p>The minimum level to output, anything less than this level is ignored. Defaults to INFO (everything).</p>

32
content/en/docs/reference/config/policy-and-telemetry/istio.mixer.v1.config.client/index.html
View File

@ -193,7 +193,7 @@ spec:
<tbody>
<tr id="HTTPAPISpec-attributes">
<td><code>attributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>List of attributes that are generated when <em>any</em> of the HTTP
patterns match. This list typically includes the &ldquo;api.service&rdquo;
@ -321,7 +321,7 @@ generated.</p>
<tbody>
<tr id="HTTPAPISpecPattern-attributes">
<td><code>attributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>List of attributes that are generated if the HTTP request matches
the specified http<em>method and uri</em>template. This typically
@ -485,7 +485,7 @@ No
</tr>
<tr id="HttpClientConfig-mixer_attributes">
<td><code>mixerAttributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>Default attributes to send to Mixer in both Check and
Report. This typically includes &ldquo;destination.ip&rdquo; and
@ -498,7 +498,7 @@ No
</tr>
<tr id="HttpClientConfig-forward_attributes">
<td><code>forwardAttributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>Default attributes to forward to upstream. This typically
includes the &ldquo;source.ip&rdquo; and &ldquo;source.uid&rdquo; attributes.</p>
@ -617,7 +617,7 @@ No
<tbody>
<tr id="NetworkFailPolicy-policy">
<td><code>policy</code></td>
<td><code><a href="#NetworkFailPolicy-FailPolicy">NetworkFailPolicy.FailPolicy</a></code></td>
<td><code><a href="#NetworkFailPolicy-FailPolicy">FailPolicy</a></code></td>
<td>
<p>Specifies the behavior when the client is unable to connect to Mixer.</p>
@ -639,7 +639,7 @@ No
</tr>
<tr id="NetworkFailPolicy-base_retry_wait">
<td><code>baseRetryWait</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Base time to wait between retries. Will be adjusted by exponential
backoff and jitter.</p>
@ -651,7 +651,7 @@ No
</tr>
<tr id="NetworkFailPolicy-max_retry_wait">
<td><code>maxRetryWait</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Max time to wait between retries.</p>
@ -829,7 +829,7 @@ Yes
</tr>
<tr id="QuotaSpecBinding-quota_specs">
<td><code>quotaSpecs</code></td>
<td><code><a href="#QuotaSpecBinding-QuotaSpecReference">QuotaSpecBinding.QuotaSpecReference[]</a></code></td>
<td><code><a href="#QuotaSpecBinding-QuotaSpecReference">QuotaSpecReference[]</a></code></td>
<td>
<p>One or more QuotaSpec references that should be mapped to
the specified service(s). The aggregate collection of match
@ -923,7 +923,7 @@ No
</tr>
<tr id="ServiceConfig-mixer_attributes">
<td><code>mixerAttributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>Send these attributes to Mixer in both Check and Report. This
typically includes the &ldquo;destination.service&rdquo; attribute.
@ -973,7 +973,7 @@ No
</tr>
<tr id="ServiceConfig-forward_attributes">
<td><code>forwardAttributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>Default attributes to forward to upstream. This typically
includes the &ldquo;source.ip&rdquo; and &ldquo;source.uid&rdquo; attributes.
@ -1077,7 +1077,7 @@ No
</tr>
<tr id="TcpClientConfig-mixer_attributes">
<td><code>mixerAttributes</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>Default attributes to send to Mixer in both Check and
Report. This typically includes &ldquo;destination.ip&rdquo; and
@ -1124,7 +1124,7 @@ No
</tr>
<tr id="TcpClientConfig-report_interval">
<td><code>reportInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Specify report interval to send periodical reports for long TCP
connections. If not specified, the interval is 10 seconds. This interval
@ -1199,7 +1199,7 @@ No
</tr>
<tr id="TransportConfig-stats_update_interval">
<td><code>statsUpdateInterval</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Specify refresh interval to write Mixer client statistics to Envoy share
memory. If not specified, the interval is 10 seconds.</p>
@ -1247,7 +1247,7 @@ No
</tr>
<tr id="TransportConfig-attributes_for_mixer_proxy">
<td><code>attributesForMixerProxy</code></td>
<td><code><a href="#istio-mixer-v1-Attributes">istio.mixer.v1.Attributes</a></code></td>
<td><code><a href="#istio-mixer-v1-Attributes">Attributes</a></code></td>
<td>
<p>Default attributes to forward to Mixer upstream. This typically
includes the &ldquo;source.ip&rdquo; and &ldquo;source.uid&rdquo; attributes. These
@ -1274,7 +1274,7 @@ No
</tr>
<tr id="TransportConfig-report_batch_max_time">
<td><code>reportBatchMaxTime</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>When disable<em>report</em>batch is false, this value specifies the maximum elapsed
time a batched report will be sent after a user request is processed. If left
@ -1338,7 +1338,7 @@ Following places may use this message:
<tbody>
<tr id="istio-mixer-v1-Attributes-attributes">
<td><code>attributes</code></td>
<td><code>map&lt;string,&nbsp;<a href="#istio-mixer-v1-Attributes-AttributeValue">istio.mixer.v1.Attributes.AttributeValue</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#istio-mixer-v1-Attributes-AttributeValue">AttributeValue</a>&gt;</code></td>
<td>
<p>A map of attribute name to its value.</p>

20
content/en/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html
View File

@ -113,7 +113,7 @@ Yes
</tr>
<tr id="AttributeManifest-attributes">
<td><code>attributes</code></td>
<td><code>map&lt;string,&nbsp;<a href="#AttributeManifest-AttributeInfo">AttributeManifest.AttributeInfo</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="#AttributeManifest-AttributeInfo">AttributeInfo</a>&gt;</code></td>
<td>
<p>The set of attributes this Istio component will be responsible for producing at runtime.
We map from attribute name to the attribute&rsquo;s specification. The name of an attribute,
@ -287,7 +287,7 @@ No
</tr>
<tr id="Connection-timeout">
<td><code>timeout</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Timeout for remote calls to the backend.</p>
@ -414,7 +414,7 @@ type Duration</p>
<tbody>
<tr id="Duration-value">
<td><code>value</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></code></td>
<td>
<p>Duration encoded as google.protobuf.Duration.</p>
@ -602,7 +602,7 @@ No
</tr>
<tr id="Handler-params">
<td><code>params</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">google.protobuf.Struct</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">Struct</a></code></td>
<td>
<p>Depends on adapter implementation. Struct representation of a
proto defined by the adapter implementation; this varies depending on the value of field <code>adapter</code>.</p>
@ -1039,7 +1039,7 @@ No
</tr>
<tr id="Instance-params">
<td><code>params</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">google.protobuf.Struct</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct">Struct</a></code></td>
<td>
<p>Depends on referenced template. Struct representation of a
proto defined by the template; this varies depending on the value of field <code>template</code>.</p>
@ -1276,7 +1276,7 @@ No
</tr>
<tr id="Rule-request_header_operations">
<td><code>requestHeaderOperations</code></td>
<td><code><a href="#Rule-HeaderOperationTemplate">Rule.HeaderOperationTemplate[]</a></code></td>
<td><code><a href="#Rule-HeaderOperationTemplate">HeaderOperationTemplate[]</a></code></td>
<td>
<p>Templatized operations on the request headers using values produced by the
rule actions. Require the check action result to be OK.</p>
@ -1288,7 +1288,7 @@ No
</tr>
<tr id="Rule-response_header_operations">
<td><code>responseHeaderOperations</code></td>
<td><code><a href="#Rule-HeaderOperationTemplate">Rule.HeaderOperationTemplate[]</a></code></td>
<td><code><a href="#Rule-HeaderOperationTemplate">HeaderOperationTemplate[]</a></code></td>
<td>
<p>Templatized operations on the response headers using values produced by the
rule actions. Require the check action result to be OK.</p>
@ -1352,7 +1352,7 @@ No
</tr>
<tr id="Rule-HeaderOperationTemplate-operation">
<td><code>operation</code></td>
<td><code><a href="#Rule-HeaderOperationTemplate-Operation">Rule.HeaderOperationTemplate.Operation</a></code></td>
<td><code><a href="#Rule-HeaderOperationTemplate-Operation">Operation</a></code></td>
<td>
<p>Header operation type. Default operation is to replace the value of the header by name.</p>
@ -1452,7 +1452,7 @@ type TimeStamp</p>
<tbody>
<tr id="TimeStamp-value">
<td><code>value</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp">google.protobuf.Timestamp</a></code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp">Timestamp</a></code></td>
<td>
<p>TimeStamp encoded as google.protobuf.Timestamp.</p>
@ -1516,7 +1516,7 @@ Yes
</tr>
<tr id="Tls-auth_header" class="oneof oneof-start">
<td><code>authHeader</code></td>
<td><code><a href="#Tls-AuthHeader">Tls.AuthHeader (oneof)</a></code></td>
<td><code><a href="#Tls-AuthHeader">AuthHeader (oneof)</a></code></td>
<td>
<p>Access token is passed as authorization header.</p>

2
content/en/docs/reference/config/policy-and-telemetry/templates/apikey/index.html
View File

@ -89,7 +89,7 @@ No
</tr>
<tr id="Template-timestamp">
<td><code>timestamp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">TimeStamp</a></code></td>
<td>
<p>Timestamp of API call.</p>

4
content/en/docs/reference/config/policy-and-telemetry/templates/authorization/index.html
View File

@ -97,7 +97,7 @@ No
</tr>
<tr id="Action-properties">
<td><code>properties</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>Additional data about the action for use in policy.</p>
@ -151,7 +151,7 @@ No
</tr>
<tr id="Subject-properties">
<td><code>properties</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>Additional attributes about the subject.</p>

2
content/en/docs/reference/config/policy-and-telemetry/templates/edge/index.html
View File

@ -59,7 +59,7 @@ spec:
<tbody>
<tr id="Template-timestamp">
<td><code>timestamp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">TimeStamp</a></code></td>
<td>
<p>Timestamp of the edge</p>

12
content/en/docs/reference/config/policy-and-telemetry/templates/kubernetes/index.html
View File

@ -69,7 +69,7 @@ No
</tr>
<tr id="OutputTemplate-source_pod_ip">
<td><code>sourcePodIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Refers to source pod ip address. attribute<em>bindings can refer to this field using $out.source</em>pod_ip</p>
@ -124,7 +124,7 @@ No
</tr>
<tr id="OutputTemplate-source_host_ip">
<td><code>sourceHostIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Refers to source pod host ip address. attribute<em>bindings can refer to this field using $out.source</em>host_ip</p>
@ -191,7 +191,7 @@ No
</tr>
<tr id="OutputTemplate-destination_pod_ip">
<td><code>destinationPodIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Refers to destination pod ip address. attribute<em>bindings can refer to this field using $out.destination</em>pod_ip</p>
@ -257,7 +257,7 @@ No
</tr>
<tr id="OutputTemplate-destination_host_ip">
<td><code>destinationHostIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Refers to destination pod host ip address. attribute<em>bindings can refer to this field using $out.destination</em>host_ip</p>
@ -344,7 +344,7 @@ No
</tr>
<tr id="Template-source_ip">
<td><code>sourceIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Source pod&rsquo;s ip.</p>
@ -366,7 +366,7 @@ No
</tr>
<tr id="Template-destination_ip">
<td><code>destinationIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Destination pod&rsquo;s ip.</p>

2
content/en/docs/reference/config/policy-and-telemetry/templates/listentry/index.html
View File

@ -47,7 +47,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<tbody>
<tr id="Template-value">
<td><code>value</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a></code></td>
<td>
<p>Specifies the entry to verify in the list. This value can either be a string or an IP address.</p>

6
content/en/docs/reference/config/policy-and-telemetry/templates/logentry/index.html
View File

@ -58,7 +58,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<tbody>
<tr id="Template-variables">
<td><code>variables</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>Variables that are delivered for each log entry.</p>
@ -69,7 +69,7 @@ No
</tr>
<tr id="Template-timestamp">
<td><code>timestamp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">TimeStamp</a></code></td>
<td>
<p>Timestamp is the time value for the log entry</p>
@ -104,7 +104,7 @@ No
</tr>
<tr id="Template-monitored_resource_dimensions">
<td><code>monitoredResourceDimensions</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>Optional. A set of expressions that will form the dimensions of the monitored resource this log entry is being
recorded on. If the logging backend supports monitored resources, these fields are used to populate that resource.

6
content/en/docs/reference/config/policy-and-telemetry/templates/metric/index.html
View File

@ -52,7 +52,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<tbody>
<tr id="Template-value">
<td><code>value</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a></code></td>
<td>
<p>The value being reported.</p>
@ -63,7 +63,7 @@ No
</tr>
<tr id="Template-dimensions">
<td><code>dimensions</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>The unique identity of the particular metric to report.</p>
@ -87,7 +87,7 @@ No
</tr>
<tr id="Template-monitored_resource_dimensions">
<td><code>monitoredResourceDimensions</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>Optional. A set of expressions that will form the dimensions of the monitored resource this metric is being reported on.
If the metric backend supports monitored resources, these fields are used to populate that resource. Otherwise

2
content/en/docs/reference/config/policy-and-telemetry/templates/quota/index.html
View File

@ -49,7 +49,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<tbody>
<tr id="Template-dimensions">
<td><code>dimensions</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>The unique identity of the particular quota to manipulate.</p>

10
content/en/docs/reference/config/policy-and-telemetry/templates/tracespan/index.html
View File

@ -121,7 +121,7 @@ No
</tr>
<tr id="Template-start_time">
<td><code>startTime</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">TimeStamp</a></code></td>
<td>
<p>The start time of the span.</p>
@ -134,7 +134,7 @@ No
</tr>
<tr id="Template-end_time">
<td><code>endTime</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">istio.policy.v1beta1.TimeStamp</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#TimeStamp">TimeStamp</a></code></td>
<td>
<p>The end time of the span.</p>
@ -147,7 +147,7 @@ No
</tr>
<tr id="Template-span_tags">
<td><code>spanTags</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">istio.policy.v1beta1.Value</a>&gt;</code></td>
<td><code>map&lt;string,&nbsp;<a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#Value">Value</a>&gt;</code></td>
<td>
<p>Span tags are a set of &lt; key, value &gt; pairs that provide metadata for the
entire span. The values can be specified in the form of expressions.</p>
@ -220,7 +220,7 @@ No
</tr>
<tr id="Template-source_ip">
<td><code>sourceIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Client IP address. Should usually be set to <code>source.ip</code>.</p>
@ -247,7 +247,7 @@ No
</tr>
<tr id="Template-destination_ip">
<td><code>destinationIp</code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">IPAddress</a></code></td>
<td>
<p>Server IP address. Should usually be set to <code>destination.ip</code>.</p>

6
content/en/docs/reference/config/security/v1beta1/authorization-policy/index.html
View File

@ -146,7 +146,7 @@ spec:
<tbody>
<tr id="AuthorizationPolicy-selector">
<td><code>selector</code></td>
<td><code><a href="/docs/reference/config/type/v1beta1/workload-selector.html#WorkloadSelector">istio.type.v1beta1.WorkloadSelector</a></code></td>
<td><code><a href="/docs/reference/config/type/v1beta1/workload-selector.html#WorkloadSelector">WorkloadSelector</a></code></td>
<td>
<p>Optional. Workload selector decides where to apply the authorization policy.
If not set, the authorization policy will be applied to all workloads in the
@ -307,7 +307,7 @@ the condition is matched.</p>
<tbody>
<tr id="Rule-from">
<td><code>from</code></td>
<td><code><a href="#Rule-From">Rule.From[]</a></code></td>
<td><code><a href="#Rule-From">From[]</a></code></td>
<td>
<p>Optional. from specifies the source of a request.</p>
@ -320,7 +320,7 @@ No
</tr>
<tr id="Rule-to">
<td><code>to</code></td>
<td><code><a href="#Rule-To">Rule.To[]</a></code></td>
<td><code><a href="#Rule-To">To[]</a></code></td>
<td>
<p>Optional. to specifies the operation of a request.</p>

2
content/en/docs/setup/install/operator/index.md
View File

@ -60,7 +60,7 @@ $ istioctl manifest apply --set profile=demo
{{< /text >}}
In the example above, `demo` is one of the profile names from the output of
the [`istioctl profile list`](/docs/reference/commands/istioctl/#istioctl-experimental-profile-list) command.
the [`istioctl profile list`](/docs/reference/commands/istioctl/#istioctl-profile-list) command.
## Display the profile list

4
content/en/news/2019/announcing-1.3/change-notes/index.md
View File

@ -67,8 +67,8 @@ aliases:
## `istioctl`
- **Added** [`istioctl experimental manifest`](/docs/reference/commands/istioctl/#istioctl-experimental-manifest) to manage the new experimental install manifests.
- **Added** [`istioctl experimental profile`](/docs/reference/commands/istioctl/#istioctl-experimental-profile) to manage the new experimental install profiles.
- **Added** [`istioctl experimental manifest`](/docs/reference/commands/istioctl/#istioctl-manifest) to manage the new experimental install manifests.
- **Added** [`istioctl experimental profile`](/docs/reference/commands/istioctl/#istioctl-profile) to manage the new experimental install profiles.
- **Added** [`istioctl experimental metrics`](/docs/reference/commands/istioctl/#istioctl-experimental-metrics)
- **Added** [`istioctl experimental describe pod`](/docs/reference/commands/istioctl/#istioctl-experimental-describe-pod) to describe an Istio pod's configuration.
- **Added** [`istioctl experimental add-to-mesh`](/docs/reference/commands/istioctl/#istioctl-experimental-add-to-mesh) to add Kubernetes services or virtual machines to an existing Istio service mesh.

16
data/analysis.yaml
View File

@ -95,10 +95,10 @@ messages:
- name: "SchemaValidationError"
code: IST0106
level: Error
description: "The resource has one or more schema validation errors."
template: "The resource has one or more schema validation errors: %v"
description: "The resource has a schema validation error."
template: "Schema validation error: %v"
args:
- name: combinedErr
- name: err
type: error
- name: "MisplacedAnnotation"
@ -121,3 +121,13 @@ messages:
- name: annotation
type: string
- name: "ConflictingMeshGatewayVirtualServiceHosts"
code: IST0109
level: Error
description: "Conflicting hosts on VirtualServices associated with mesh gateway"
template: "The VirtualServices %s associated with mesh gateway define the same host %s which can lead to undefined behavior. This can be fixed by merging the conflicting VirtualServices into a single resource."
args:
- name: virtualServices
type: string
- name: host
type: string

157
examples/tasks__security__authorization_for_http_services.snippets.txt Normal file
View File

@ -0,0 +1,157 @@
# Created by TestAuthorizationForHTTPServices. DO NOT EDIT THIS FILE MANUALLY!
$snippet enabling_istio_authorization.sh syntax="bash"
$ kubectl apply -f @samples/bookinfo/platform/kube/rbac/rbac-config-ON.yaml@
$endsnippet
$snippet enforcing_namespace_level_access_control_apply.sh syntax="bash"
$ kubectl apply -f @samples/bookinfo/platform/kube/rbac/namespace-policy.yaml@
$endsnippet
$snippet enforcing_namespace_level_access_control_apply.sh_output.txt syntax="text"
servicerole.rbac.istio.io/service-viewer created
servicerolebinding.rbac.istio.io/bind-service-viewer created
$endsnippet
$snippet enforcing_namespace_level_access_control_delete.sh syntax="bash"
$ kubectl delete -f @samples/bookinfo/platform/kube/rbac/namespace-policy.yaml@
$endsnippet
$snippet enforcing_service_level_access_control_step1_apply.sh syntax="bash"
$ kubectl apply -f @samples/bookinfo/platform/kube/rbac/productpage-policy.yaml@
$endsnippet
$snippet enforcing_service_level_access_control_step2_apply.sh syntax="bash"
$ kubectl apply -f @samples/bookinfo/platform/kube/rbac/details-reviews-policy.yaml@
$endsnippet
$snippet enforcing_service_level_access_control_step3_apply.sh syntax="bash"
$ kubectl apply -f @samples/bookinfo/platform/kube/rbac/ratings-policy.yaml@
$endsnippet
$snippet remove_istio_authorization_policy.sh syntax="bash"
$ kubectl delete -f @samples/bookinfo/platform/kube/rbac/ratings-policy.yaml@
$ kubectl delete -f @samples/bookinfo/platform/kube/rbac/details-reviews-policy.yaml@
$ kubectl delete -f @samples/bookinfo/platform/kube/rbac/productpage-policy.yaml@
$endsnippet
$snippet remove_istio_authorization_policy_alternative.sh syntax="bash"
$ kubectl delete servicerole --all
$ kubectl delete servicerolebinding --all
$endsnippet
$snippet disabling_istio_authorization.sh syntax="bash"
$ kubectl delete -f @samples/bookinfo/platform/kube/rbac/rbac-config-ON.yaml@
$endsnippet
$snippet enforcing_namespace_level_access_control_service-viewer.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: service-viewer
namespace: default
spec:
rules:
- services: ["*"]
methods: ["GET"]
constraints:
- key: "destination.labels[app]"
values: ["productpage", "details", "reviews", "ratings"]
$endsnippet
$snippet enforcing_namespace_level_access_control_bind-service-viewer.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: bind-service-viewer
namespace: default
spec:
subjects:
- properties:
source.namespace: "istio-system"
- properties:
source.namespace: "default"
roleRef:
kind: ServiceRole
name: "service-viewer"
$endsnippet
$snippet enforcing_service_level_access_control_step1_productpage-viewer.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: productpage-viewer
namespace: default
spec:
rules:
- services: ["productpage.default.svc.cluster.local"]
methods: ["GET"]
$endsnippet
$snippet enforcing_service_level_access_control_step1_bind-productpage-viewer.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: bind-productpage-viewer
namespace: default
spec:
subjects:
- user: "*"
roleRef:
kind: ServiceRole
name: "productpage-viewer"
$endsnippet
$snippet enforcing_service_level_access_control_step2_details-reviews-viewer.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: details-reviews-viewer
namespace: default
spec:
rules:
- services: ["details.default.svc.cluster.local", "reviews.default.svc.cluster.local"]
methods: ["GET"]
$endsnippet
$snippet enforcing_service_level_access_control_step2_bind-details-reviews.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: bind-details-reviews
namespace: default
spec:
subjects:
- user: "cluster.local/ns/default/sa/bookinfo-productpage"
roleRef:
kind: ServiceRole
name: "details-reviews-viewer"
$endsnippet
$snippet enforcing_service_level_access_control_step3_ratings-viewer.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: ratings-viewer
namespace: default
spec:
rules:
- services: ["ratings.default.svc.cluster.local"]
methods: ["GET"]
$endsnippet
$snippet enforcing_service_level_access_control_step3_bind-ratings.yaml syntax="yaml"
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: bind-ratings
namespace: default
spec:
subjects:
- user: "cluster.local/ns/default/sa/bookinfo-reviews"
roleRef:
kind: ServiceRole
name: "ratings-viewer"
$endsnippet

214
examples/tasks__traffic_management__mirroring.snippets.txt Normal file
View File

@ -0,0 +1,214 @@
# Created by TestMirror. DO NOT EDIT THIS FILE MANUALLY!
$snippet httpbin_deployment_v1.sh syntax="bash"
$ cat <<EOF | istioctl kube-inject -f - | kubectl -n istio-io-mirror create -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin-v1
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
command: ["gunicorn", "--access-logfile", "-", "-b", "0.0.0.0:80", "httpbin:app"]
ports:
- containerPort: 80
EOF
$endsnippet
$snippet httpbin_deployment_v2.sh syntax="bash"
$ cat <<EOF | istioctl kube-inject -f - | kubectl -n istio-io-mirror create -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin-v2
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v2
template:
metadata:
labels:
app: httpbin
version: v2
spec:
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
command: ["gunicorn", "--access-logfile", "-", "-b", "0.0.0.0:80", "httpbin:app"]
ports:
- containerPort: 80
EOF
$endsnippet
$snippet httpbin_service.sh syntax="bash"
$ kubectl -n istio-io-mirror create -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
EOF
$endsnippet
$snippet sleep_deployment.sh syntax="bash"
$ cat <<EOF | istioctl kube-inject -f - | kubectl -n istio-io-mirror create -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: sleep
spec:
replicas: 1
selector:
matchLabels:
app: sleep
template:
metadata:
labels:
app: sleep
spec:
containers:
- name: sleep
image: tutum/curl
command: ["/bin/sleep","infinity"]
imagePullPolicy: IfNotPresent
EOF
$endsnippet
$snippet httpbin_policy.sh syntax="bash"
$ kubectl -n istio-io-mirror apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- httpbin
http:
- route:
- destination:
host: httpbin
subset: v1
weight: 100
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: httpbin
spec:
host: httpbin
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
EOF
$endsnippet
$snippet generate_traffic_1.sh syntax="bash"
$ export SLEEP_POD=$(kubectl -n istio-io-mirror get pod -l app=sleep -o jsonpath={.items..metadata.name})
$ kubectl -n istio-io-mirror exec ${SLEEP_POD} -c sleep -- curl -o /dev/null -s -w "%%{http_code}\n" http://httpbin:8000/ISTIO_IO_MIRROR_TEST_1
$endsnippet
$snippet check_logs_v1_1.sh syntax="bash" outputis="text"
$ export V1_POD=$(kubectl -n istio-io-mirror get pod -l app=httpbin,version=v1 -o jsonpath={.items..metadata.name})
$ kubectl -n istio-io-mirror logs ${V1_POD} -c httpbin
[2019-10-28 19:49:55 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2019-10-28 19:49:55 +0000] [1] [INFO] Listening at: http://0.0.0.0:80 (1)
[2019-10-28 19:49:55 +0000] [1] [INFO] Using worker: sync
[2019-10-28 19:49:55 +0000] [8] [INFO] Booting worker with pid: 8
127.0.0.1 - - [28/Oct/2019:19:50:16 +0000] "GET /ISTIO_IO_MIRROR_TEST_1 HTTP/1.1" 404 233 "-" "curl/7.35.0"
$endsnippet
$snippet check_logs_v2_1.sh syntax="bash" outputis="text"
$ export V2_POD=$(kubectl -n istio-io-mirror get pod -l app=httpbin,version=v2 -o jsonpath={.items..metadata.name})
$ kubectl -n istio-io-mirror logs ${V2_POD} -c httpbin
[2019-10-28 19:49:54 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2019-10-28 19:49:54 +0000] [1] [INFO] Listening at: http://0.0.0.0:80 (1)
[2019-10-28 19:49:54 +0000] [1] [INFO] Using worker: sync
[2019-10-28 19:49:54 +0000] [10] [INFO] Booting worker with pid: 10
$endsnippet
$snippet mirror_vs.sh syntax="bash"
$ kubectl -n istio-io-mirror apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- httpbin
http:
- route:
- destination:
host: httpbin
subset: v1
weight: 100
mirror:
host: httpbin
subset: v2
mirror_percent: 100
EOF
$endsnippet
$snippet generate_traffic_2.sh syntax="bash"
$ export SLEEP_POD=$(kubectl -n istio-io-mirror get pod -l app=sleep -o jsonpath={.items..metadata.name})
$ kubectl -n istio-io-mirror exec ${SLEEP_POD} -c sleep -- curl -o /dev/null -s -w "%%{http_code}\n" http://httpbin:8000/ISTIO_IO_MIRROR_TEST_2
$endsnippet
$snippet check_logs_v1_2.sh syntax="bash" outputis="text"
$ export V1_POD=$(kubectl -n istio-io-mirror get pod -l app=httpbin,version=v1 -o jsonpath={.items..metadata.name})
$ kubectl -n istio-io-mirror logs ${V1_POD} -c httpbin
[2019-10-28 19:49:55 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2019-10-28 19:49:55 +0000] [1] [INFO] Listening at: http://0.0.0.0:80 (1)
[2019-10-28 19:49:55 +0000] [1] [INFO] Using worker: sync
[2019-10-28 19:49:55 +0000] [8] [INFO] Booting worker with pid: 8
127.0.0.1 - - [28/Oct/2019:19:50:16 +0000] "GET /ISTIO_IO_MIRROR_TEST_1 HTTP/1.1" 404 233 "-" "curl/7.35.0"
127.0.0.1 - - [28/Oct/2019:19:50:27 +0000] "GET /ISTIO_IO_MIRROR_TEST_2 HTTP/1.1" 404 233 "-" "curl/7.35.0"
$endsnippet
$snippet check_logs_v2_2.sh syntax="bash" outputis="text"
$ export V2_POD=$(kubectl -n istio-io-mirror get pod -l app=httpbin,version=v2 -o jsonpath={.items..metadata.name})
$ kubectl -n istio-io-mirror logs ${V2_POD} -c httpbin
[2019-10-28 19:49:54 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2019-10-28 19:49:54 +0000] [1] [INFO] Listening at: http://0.0.0.0:80 (1)
[2019-10-28 19:49:54 +0000] [1] [INFO] Using worker: sync
[2019-10-28 19:49:54 +0000] [10] [INFO] Booting worker with pid: 10
127.0.0.1 - - [28/Oct/2019:19:50:27 +0000] "GET /ISTIO_IO_MIRROR_TEST_2 HTTP/1.1" 404 233 "-" "curl/7.35.0"
$endsnippet
$snippet remove_rules.sh syntax="bash"
$ kubectl delete virtualservice httpbin
$ kubectl delete destinationrule httpbin
$endsnippet
$snippet remove_httpbin.sh syntax="bash"
$ kubectl delete deploy httpbin-v1 httpbin-v2 sleep
$ kubectl delete svc httpbin
$endsnippet

3
static/operator-profile-default.yaml
View File

@ -4,5 +4,6 @@ metadata:
namespace: istio-operator
name: example-istiocontrolplane
spec:
profile: default
profile: demo
---
---

1
static/operator-profile-demo.yaml
View File

@ -6,3 +6,4 @@ metadata:
spec:
profile: demo
---
---

3
static/operator-profile-minimal.yaml
View File

@ -4,5 +4,6 @@ metadata:
namespace: istio-operator
name: example-istiocontrolplane
spec:
profile: minimal
profile: demo
---
---

3
static/operator-profile-sds.yaml
View File

@ -4,5 +4,6 @@ metadata:
namespace: istio-operator
name: example-istiocontrolplane
spec:
profile: sds
profile: demo
---
---

35
static/operator.yaml
View File

@ -3,6 +3,7 @@ kind: Namespace
metadata:
name: istio-operator
---
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -25,24 +26,35 @@ spec:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: 'Metadata about the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata'
type: object
spec:
description: 'Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
status:
description: 'Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/operator/blob/master/pkg/apis/istio/v1alpha2/v1alpha2.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
---
apiVersion: install.istio.io/v1alpha2
kind: IstioControlPlane
metadata:
@ -52,12 +64,14 @@ spec:
profile: demo
---
---
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: istio-operator
name: istio-operator
---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -159,7 +173,7 @@ rules:
- apiGroups:
- ""
resources:
- configmaps
- configmaps
- endpoints
- events
- namespaces
@ -167,10 +181,11 @@ rules:
- persistentvolumeclaims
- secrets
- services
- serviceaccounts
- serviceaccounts
verbs:
- '*'
---
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@ -184,6 +199,7 @@ roleRef:
name: istio-operator
apiGroup: rbac.authorization.k8s.io
---
---
apiVersion: v1
kind: Service
metadata:
@ -199,6 +215,7 @@ spec:
selector:
name: istio-operator
---
---
apiVersion: apps/v1
kind: Deployment
metadata:
@ -222,9 +239,16 @@ spec:
- istio-operator
- server
imagePullPolicy: Always
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
env:
- name: WATCH_NAMESPACE
value: "istio-operator"
value: ""
- name: LEADER_ELECTION_NAMESPACE
valueFrom:
fieldRef:
@ -236,3 +260,4 @@ spec:
- name: OPERATOR_NAME
value: "istio-operator"
---
---