istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update reference docs. (#1812)

This commit is contained in:
Martin Taillefer 2018-07-13 15:00:52 -07:00 committed by GitHub
parent f205017b12
commit 72f6f1353f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 118 additions and 2106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/blog/2018/v1alpha3-routing/index.md
View File

@ -21,9 +21,7 @@ traffic has proven to be woefully insufficient for our needs.
To address these, and other concerns, a new traffic management API, a.k.a. `v1alpha3`, is being introduced, which will
completely replace the previous API going forward. Although the `v1alpha3` model is fundamentally the same, it is not
backward compatible and will require manual conversion from the old API. A
[conversion tool](/docs/reference/commands/istioctl/#istioctl-experimental-convert-networking-config)
is included in the next few releases of Istio to help with the transition.
backward compatible and will require manual conversion from the old API.
To justify this disruption, the `v1alpha3` API has gone through a long and painstaking community
review process that has hopefully resulted in a greatly improved API that will stand the test of time. In this article,

36
content/docs/reference/commands/galley/index.html
View File

@ -21,11 +21,11 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, default, grpcAdapter, mcp, runtime, snapshot] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -45,7 +45,7 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -81,11 +81,11 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, default, grpcAdapter, mcp, runtime, snapshot] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -105,7 +105,7 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -165,11 +165,11 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, default, grpcAdapter, mcp, runtime, snapshot] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -189,7 +189,7 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -237,7 +237,7 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--healthCheckInterval &lt;duration&gt;</code></td>
<td>Configure how frequently the health check file specified by --healthCheckFile should be updated (default `0s`)</td>
<td>Configure how frequently the health check file specified by --healhCheckFile should be updated (default `0s`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
@ -249,11 +249,11 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, default, grpcAdapter, mcp, runtime, snapshot] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -273,7 +273,7 @@ number_of_entries: 6
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -284,6 +284,10 @@ number_of_entries: 6
<td>Name of the mixer webhook entry in the webhook config. (default `mixer.validation.istio.io`)</td>
</tr>
<tr>
<td><code>--monitoringPort &lt;uint&gt;</code></td>
<td>Port to use for the exposing self-monitoring information (default `9093`)</td>
</tr>
<tr>
<td><code>--pilot-webhook-name &lt;string&gt;</code></td>
<td>Name of the pilot webhook entry in the webhook config. (default `pilot.validation.istio.io`)</td>
</tr>
@ -333,12 +337,12 @@ number_of_entries: 6
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [attributes, default, grpcAdapter, mcp, runtime, snapshot] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -363,7 +367,7 @@ number_of_entries: 6
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, mcp, rbac, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [attributes, default, grpcAdapter, mcp, runtime, snapshot] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>

2
content/docs/reference/commands/istio_ca/index.html
View File

@ -39,7 +39,7 @@ number_of_entries: 4
</tr>
<tr>
<td><code>--grpc-hostname &lt;string&gt;</code></td>
<td>DEPRECATED, use --grpc-host-identities. (default `istio-ca`)</td>
<td>DEPRECATED, use --grpc-host-identites. (default `istio-ca`)</td>
</tr>
<tr>
<td><code>--grpc-port &lt;int&gt;</code></td>

104
content/docs/reference/commands/istioctl/index.html
View File

@ -2,7 +2,7 @@
title: istioctl
description: Istio control interface
generator: pkg-collateral-docs
number_of_entries: 26
number_of_entries: 25
---
<p>
Istio configuration command line utility.</p>
@ -10,8 +10,6 @@ Istio configuration command line utility.</p>
system.</p>
<p>Available routing and traffic management configuration types:</p>
<p> [virtualservice gateway destinationrule serviceentry httpapispec httpapispecbinding quotaspec quotaspecbinding servicerole servicerolebinding policy]</p>
<p>Legacy routing and traffic management configuration types:</p>
<p> [routerule egressrule destinationpolicy]</p>
<p>See https://istio.io/docs/reference/ for an overview of Istio routing.</p>
<p></p>
<table class="command-flags">
@ -720,102 +718,6 @@ istioctl delete virtualservice bookinfo
</tr>
</tbody>
</table>
<h2 id="istioctl-experimental-convert-networking-config">istioctl experimental convert-networking-config</h2>
<p>Converts sets of v1alpha1 configs to v1alpha3 equivalents on a best effort basis. The output should be considered a starting point for your v1alpha3 configs and probably require some minor modification. Warnings will (hopefully) be generated where configs cannot be converted perfectly, or in certain edge cases. The input must be the set of configs that would be in place in an environment at a given time. This allows the command to attempt to create and merge output configs intelligently.Output configs are given the namespace and domain of the first input config so it is recommended that input configs be part of the same namespace and domain.</p>
<pre class="language-bash"><code>istioctl experimental convert-networking-config [flags]
</code></pre>
<table class="command-flags">
<thead>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--filenames &lt;stringSlice&gt;</code></td>
<td><code>-f</code></td>
<td>Input filenames (default `[]`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_as_json</code></td>
<td></td>
<td>Whether to format output as JSON or in plain console-friendly format </td>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, rbac] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, default, rbac] and level can be one of [debug, info, warn, error, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
<td></td>
<td>The path for the optional rotating log file (default ``)</td>
</tr>
<tr>
<td><code>--log_rotate_max_age &lt;int&gt;</code></td>
<td></td>
<td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td>
</tr>
<tr>
<td><code>--log_rotate_max_backups &lt;int&gt;</code></td>
<td></td>
<td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td>
</tr>
<tr>
<td><code>--log_rotate_max_size &lt;int&gt;</code></td>
<td></td>
<td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [ads, default, rbac] and level can be one of [debug, info, warn, error, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
<td></td>
<td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output filename (default `-`)</td>
</tr>
<tr>
<td><code>--platform &lt;string&gt;</code></td>
<td><code>-p</code></td>
<td>Istio host platform (default `kube`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-convert-networking-config Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental convert-networking-config -f v1alpha1/default-route.yaml -f v1alpha1/header-delay.yaml
</code></pre>
<h2 id="istioctl-experimental-metrics">istioctl experimental metrics</h2>
<p>
Prints the metrics for the specified service(s) when running in Kubernetes.</p>
@ -1350,7 +1252,7 @@ run kube-inject over a single file that contains multiple Service,
ConfigMap, Deployment, etc. definitions for a complex application. Its
best to do this when the resource is initially created.</p>
<p>k8s.io/docs/concepts/workloads/pods/pod-overview/#pod-templates is
updated for Job, DaemonSet, ReplicaSet, and Deployment YAML resource
updated for Job, DaemonSet, ReplicaSet, Pod and Deployment YAML resource
documents. Support for additional pod-based resource types can be
added as necessary.</p>
<p>The Istio project is continually evolving so the Istio sidecar
@ -1777,7 +1679,7 @@ istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConf
<tr>
<td><code>--subset &lt;string&gt;</code></td>
<td></td>
<td>Filter clusters by substring of Subset field (default ``)</td>
<td>Filter clusters by subtring of Subset field (default ``)</td>
</tr>
</tbody>
</table>

2
content/docs/reference/commands/pilot-agent/index.html
View File

@ -173,7 +173,7 @@ number_of_entries: 5
</tr>
<tr>
<td><code>--serviceregistry &lt;string&gt;</code></td>
<td>Select the platform for service registry, options are {Kubernetes, Consul, Eureka, CloudFoundry, Mock, Config} (default `Kubernetes`)</td>
<td>Select the platform for service registry, options are {Kubernetes, Consul, CloudFoundry, Mock, Config} (default `Kubernetes`)</td>
</tr>
<tr>
<td><code>--statsdUdpAddress &lt;string&gt;</code></td>

14
content/docs/reference/commands/pilot-discovery/index.html
View File

@ -124,16 +124,6 @@ number_of_entries: 5
<td>DNS domain suffix (default `cluster.local`)</td>
</tr>
<tr>
<td><code>--eurekaserverInterval &lt;duration&gt;</code></td>
<td></td>
<td>Interval (in seconds) for polling the Eureka service registry (default `2s`)</td>
</tr>
<tr>
<td><code>--eurekaserverURL &lt;string&gt;</code></td>
<td></td>
<td>URL for the Eureka server (default ``)</td>
</tr>
<tr>
<td><code>--grpcAddr &lt;string&gt;</code></td>
<td></td>
<td>Discovery service grpc address (default `:15010`)</td>
@ -211,7 +201,7 @@ number_of_entries: 5
<tr>
<td><code>--plugins &lt;stringSlice&gt;</code></td>
<td></td>
<td>comma separated list of networking plugins to enable (default `[authn,authz,envoyfilter,health,mixer]`)</td>
<td>comma separated list of networking plugins to enable (default `[authn,authz,health,mixer,envoyfilter]`)</td>
</tr>
<tr>
<td><code>--profile</code></td>
@ -221,7 +211,7 @@ number_of_entries: 5
<tr>
<td><code>--registries &lt;stringSlice&gt;</code></td>
<td></td>
<td>Comma separated list of platform service registries to read from (choose one or more from {Kubernetes, Consul, Eureka, CloudFoundry, Mock, Config}) (default `[Kubernetes]`)</td>
<td>Comma separated list of platform service registries to read from (choose one or more from {Kubernetes, Consul, CloudFoundry, Mock, Config}) (default `[Kubernetes]`)</td>
</tr>
<tr>
<td><code>--resync &lt;duration&gt;</code></td>

101
content/docs/reference/config/istio.rbac.v1alpha1/index.html → content/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html
View File

@ -1,7 +1,7 @@
---
title: RBAC
description: Configuration for Role Based Access Control
location: https://istio.io/docs/reference/config/istio.rbac.v1alpha1.html
location: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html
layout: protoc-gen-docs
generator: protoc-gen-docs
number_of_entries: 9
@ -10,44 +10,23 @@ number_of_entries: 9
objects.</p>
<p>A ServiceRole specification includes a list of rules (permissions). Each rule has
the following standard fields:
* services: a list of services.
* methods: HTTP methods. In the case of gRPC, this field is ignored because the value is always &ldquo;POST&rdquo;.
* paths: HTTP paths or gRPC methods. Note that gRPC methods should be
presented in the form of &ldquo;packageName.serviceName/methodName&rdquo;.</p>
the following standard fields:</p>
<p>In addition to the standard fields, operators can use custom fields in the &ldquo;constraints&rdquo;
section. The name of a custom field must match one of the &ldquo;properties&rdquo; in the &ldquo;action&rdquo; part
of the &ldquo;authorization&rdquo; template (https://github.com/istio/istio/blob/master/mixer/template/authorization/template.proto).</p>
<ul>
<li>services: a list of services.</li>
<li>methods: HTTP methods. In the case of gRPC, this field is ignored because the value is always &ldquo;POST&rdquo;.</li>
<li>paths: HTTP paths or gRPC methods. Note that gRPC methods should be
presented in the form of &ldquo;packageName.serviceName/methodName&rdquo;.</li>
</ul>
<p>For example, suppose we define an instance of the &ldquo;authorization&rdquo; template, named &ldquo;requestcontext&rdquo;.</p>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha1&quot;
kind: authorization
metadata:
name: requestcontext
namespace: istio-system
spec:
subject:
user: source.user | &quot;&quot;
groups: &quot;&quot;
properties:
service: source.service | &quot;&quot;
namespace: source.namespace | &quot;&quot;
action:
namespace: destination.namespace | &quot;&quot;
service: destination.service | &quot;&quot;
method: request.method | &quot;&quot;
path: request.path | &quot;&quot;
properties:
version: request.headers[&quot;version&quot;] | &quot;&quot;
</code></pre>
<p>In addition to the standard fields, operators can also use custom keys in the <code>constraints</code> field,
the supported keys are listed in the &ldquo;constraints and properties&rdquo; page.</p>
<p>Below is an example of ServiceRole object &ldquo;product-viewer&rdquo;, which has &ldquo;read&rdquo; (&ldquo;GET&rdquo; and &ldquo;HEAD&rdquo;)
access to &ldquo;products.svc.cluster.local&rdquo; service at versions &ldquo;v1&rdquo; and &ldquo;v2&rdquo;. &ldquo;path&rdquo; is not specified,
so it applies to any path in the service.</p>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha1&quot;
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: ServiceRole
metadata:
name: products-viewer
@ -57,24 +36,29 @@ spec:
- services: [&quot;products.svc.cluster.local&quot;]
methods: [&quot;GET&quot;, &quot;HEAD&quot;]
constraints:
- key: &quot;version&quot;
- key: &quot;destination.labels[version]&quot;
value: [&quot;v1&quot;, &quot;v2&quot;]
</code></pre>
<p>A ServiceRoleBinding specification includes two parts:
* &ldquo;roleRef&rdquo; refers to a ServiceRole object in the same namespace.
* A list of &ldquo;subjects&rdquo; that are assigned the roles.</p>
<p>A ServiceRoleBinding specification includes two parts:</p>
<p>A subject is represented with a set of &ldquo;properties&rdquo;. The name of a property must match one of
the fields (&ldquo;user&rdquo; or &ldquo;groups&rdquo; or one of the &ldquo;properties&rdquo;) in the &ldquo;subject&rdquo; part of the &ldquo;authorization&rdquo;
template (https://github.com/istio/istio/blob/master/mixer/template/authorization/template.proto).</p>
<ul>
<li>The <code>roleRef</code> field that refers to a ServiceRole object in the same namespace.</li>
<li>A list of <code>subjects</code> that are assigned the roles.</li>
</ul>
<p>In addition to a simple <code>user</code> field, operators can also use custom keys in the <code>properties</code> field,
the supported keys are listed in the &ldquo;constraints and properties&rdquo; page.</p>
<p>Below is an example of ServiceRoleBinding object &ldquo;test-binding-products&rdquo;, which binds two subjects
to ServiceRole &ldquo;product-viewer&rdquo;:
* User &ldquo;alice@yahoo.com&rdquo;
* &ldquo;reviews&rdquo; service in &ldquo;abc&rdquo; namespace.</p>
to ServiceRole &ldquo;product-viewer&rdquo;:</p>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha1&quot;
<ul>
<li>User &ldquo;alice@yahoo.com&rdquo;</li>
<li>Services in &ldquo;abc&rdquo; namespace.</li>
</ul>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: ServiceRoleBinding
metadata:
name: test-binding-products
@ -83,8 +67,7 @@ spec:
subjects:
- user: alice@yahoo.com
- properties:
service: &quot;reviews&quot;
namespace: &quot;abc&quot;
source.namespace: &quot;abc&quot;
roleRef:
kind: ServiceRole
name: &quot;products-viewer&quot;
@ -146,7 +129,7 @@ If set to [&ldquo;*&rdquo;] or not specified, it applies to any method.</p>
<td><code><a href="#AccessRule-Constraint">AccessRule.Constraint[]</a></code></td>
<td>
<p>Optional. Extra constraints in the ServiceRole specification.
The above ServiceRole examples shows an example of constraint &ldquo;version&rdquo;.</p>
The above ServiceRole example shows an example of constraint &ldquo;version&rdquo;.</p>
</td>
</tr>
@ -155,9 +138,7 @@ The above ServiceRole examples shows an example of constraint &ldquo;version&rdq
</section>
<h2 id="AccessRule-Constraint">AccessRule.Constraint</h2>
<section>
<p>Definition of a custom constraint. The key of a custom constraint must match
one of the &ldquo;properties&rdquo; in the &ldquo;action&rdquo; part of the &ldquo;authorization&rdquo; template
(https://github.com/istio/istio/blob/master/mixer/template/authorization/template.proto).</p>
<p>Definition of a custom constraint. The supported keys are listed in the &ldquo;constraint and properties&rdquo; page.</p>
<table class="message-fields">
<thead>
@ -202,10 +183,10 @@ existing one, the user should either delete the existing one or change the exist
<p>Below is an example of RbacConfig object &ldquo;istio-rbac-config&rdquo; which enables Istio RBAC for all
services in the default namespace.</p>
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha1&quot;
<pre><code class="language-yaml">apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: RbacConfig
metadata:
name: istio-rbac-config
name: default
namespace: istio-system
spec:
mode: ON_WITH_INCLUSION
@ -425,10 +406,8 @@ object.</p>
</section>
<h2 id="Subject">Subject</h2>
<section>
<p>Subject defines an identity or a group of identities. The identity is either a user or
a group or identified by a set of &ldquo;properties&rdquo;. The name of the &ldquo;properties&rdquo; must match
the &ldquo;properties&rdquo; in the &ldquo;subject&rdquo; part of the &ldquo;authorization&rdquo; template
(https://github.com/istio/istio/blob/master/mixer/template/authorization/template.proto).</p>
<p>Subject defines an identity. The identity is either a user or identified by a set of <code>properties</code>.
The supported keys in <code>properties</code> are listed in &ldquo;constraint and properties&rdquo; page.</p>
<table class="message-fields">
<thead>
@ -445,14 +424,6 @@ the &ldquo;properties&rdquo; in the &ldquo;subject&rdquo; part of the &ldquo;aut
<td>
<p>Optional. The user name/ID that the subject represents.</p>
</td>
</tr>
<tr id="Subject-group">
<td><code>group</code></td>
<td><code>string</code></td>
<td>
<p>Optional. The group that the subject belongs to.</p>
</td>
</tr>
<tr id="Subject-properties">
@ -460,9 +431,7 @@ the &ldquo;properties&rdquo; in the &ldquo;subject&rdquo; part of the &ldquo;aut
<td><code>map&lt;string,&nbsp;string&gt;</code></td>
<td>
<p>Optional. The set of properties that identify the subject.
In the above ServiceRoleBinding example, the second subject has two properties:
service: &ldquo;reviews&rdquo;
namespace: &ldquo;abc&rdquo;</p>
The above ServiceRoleBinding example shows an example of property &ldquo;source.namespace&rdquo;.</p>
</td>
</tr>

23
content/docs/reference/config/istio.networking.v1alpha3/index.html
View File

@ -1172,9 +1172,9 @@ spec:
</code></pre>
<p>The following VirtualService forwards traffic arriving at (external)
port 27017 from &ldquo;172.17.16.0/24&rdquo; subnet to internal Mongo server on port
5555. This rule is not applicable internally in the mesh as the gateway
list omits the reserved name <code>mesh</code>.</p>
port 27017 to internal Mongo server on port 5555. This rule is not
applicable internally in the mesh as the gateway list omits the
reserved name <code>mesh</code>.</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
@ -1188,7 +1188,6 @@ spec:
tcp:
- match:
- port: 27017
sourceSubnet: &quot;172.17.16.0/24&quot;
route:
- destination:
host: mongo.prod.svc.cluster.local
@ -1860,12 +1859,10 @@ is incomplete.</p>
<tbody>
<tr id="L4MatchAttributes-destination_subnet">
<td><code>destinationSubnet</code></td>
<td><code>string</code></td>
<td><code>string[]</code></td>
<td>
<p>IPv4 or IPv6 ip address of destination with optional subnet. E.g.,
a.b.c.d/xx form or just a.b.c.d. This is only valid when the
destination service has several IPs and the application explicitly
specifies a particular IP.</p>
<p>IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
a.b.c.d/xx form or just a.b.c.d.</p>
</td>
</tr>
@ -3169,12 +3166,10 @@ as well as example.com.</p>
</tr>
<tr id="TLSMatchAttributes-destination_subnet">
<td><code>destinationSubnet</code></td>
<td><code>string</code></td>
<td><code>string[]</code></td>
<td>
<p>IPv4 or IPv6 ip address of destination with optional subnet. E.g.,
a.b.c.d/xx form or just a.b.c.d. This is only valid when the
destination service has several IPs and the application explicitly
specifies a particular IP.</p>
<p>IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
a.b.c.d/xx form or just a.b.c.d.</p>
</td>
</tr>

1837
content/docs/reference/config/istio.routing.v1alpha1/index.html
View File

File diff suppressed because it is too large Load Diff

6
content/docs/reference/config/policy-and-telemetry/adapters/apigee/index.html
View File

@ -30,7 +30,7 @@ spec:
temp_dir: &quot;/tmp/apigee-istio&quot;
client_timeout: 30s
products:
refresh_rate: 60s
refresh_rate: 2m
analytics:
legacy_endpoint: false
file_limit: 1024
@ -122,7 +122,7 @@ Optional. Default: &ldquo;/tmp/apigee-istio&rdquo;.</p>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td>
<p>The timeout to be used for adapter requests to Apigee servers.
Optional. Default: &ldquo;30s&rdquo;.</p>
Optional. Default: &ldquo;30s&rdquo; (30 seconds).</p>
</td>
</tr>
@ -206,7 +206,7 @@ Optional. Default: 1024.</p>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td>
<p>The rate at which the list of products is refreshed from Apigee.
Optional. Default: &ldquo;60s&rdquo;.</p>
Optional. Default: &ldquo;2m&rdquo; (2 minutes).</p>
</td>
</tr>

62
content/docs/reference/config/policy-and-telemetry/templates/kubernetes/index.html
View File

@ -4,7 +4,7 @@ description: A template that is used to control the production of Kubernetes-spe
location: https://istio.io/docs/reference/config/policy-and-telemetry/templates/kubernetes.html
layout: protoc-gen-docs
generator: protoc-gen-docs
number_of_entries: 3
number_of_entries: 2
---
<p>The <code>kubernetes</code> template holds data that controls the production of Kubernetes-specific
attributes.</p>
@ -41,7 +41,7 @@ spec:
<section>
<p>OutputTemplate refers to the output from the adapter. It is used inside the attribute_binding section of the config
to assign values to the generated attributes using the <code>$out.&lt;field name of the OutputTemplate&gt;</code> syntax.
Next ID: 31</p>
Next ID: 33</p>
<table class="message-fields">
<thead>
@ -52,9 +52,18 @@ Next ID: 31</p>
</tr>
</thead>
<tbody>
<tr id="OutputTemplate-source_pod_uid">
<td><code>sourcePodUid</code></td>
<td><code>string</code></td>
<td>
<p>Refers to the source.uid for a pod. This is for TCP use cases where the attribute is not present.
attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
</td>
</tr>
<tr id="OutputTemplate-source_pod_ip">
<td><code>sourcePodIp</code></td>
<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td>
<p>Refers to source pod ip address. attribute<em>bindings can refer to this field using $out.source</em>pod_ip</p>
@ -94,7 +103,7 @@ Next ID: 31</p>
</tr>
<tr id="OutputTemplate-source_host_ip">
<td><code>sourceHostIp</code></td>
<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td>
<p>Refers to source pod host ip address. attribute<em>bindings can refer to this field using $out.source</em>host_ip</p>
@ -130,11 +139,20 @@ Next ID: 31</p>
<td>
<p>Refers to the (controlling) owner of the source pod. Attribute<em>bindings can refer to this field using $out.source</em>owner</p>
</td>
</tr>
<tr id="OutputTemplate-destination_pod_uid">
<td><code>destinationPodUid</code></td>
<td><code>string</code></td>
<td>
<p>Refers to the destination.uid for a pod. This is for TCP use cases where the attribute is not present.
attribute<em>bindings can refer to this field using $out.destination</em>pod_uid</p>
</td>
</tr>
<tr id="OutputTemplate-destination_pod_ip">
<td><code>destinationPodIp</code></td>
<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td>
<p>Refers to destination pod ip address. attribute<em>bindings can refer to this field using $out.destination</em>pod_ip</p>
@ -182,7 +200,7 @@ Next ID: 31</p>
</tr>
<tr id="OutputTemplate-destination_host_ip">
<td><code>destinationHostIp</code></td>
<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td>
<p>Refers to destination pod host ip address. attribute<em>bindings can refer to this field using $out.destination</em>host_ip</p>
@ -250,7 +268,7 @@ Next ID: 8</p>
</tr>
<tr id="Template-source_ip">
<td><code>sourceIp</code></td>
<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td>
<p>Source pod&rsquo;s ip.</p>
@ -266,7 +284,7 @@ Next ID: 8</p>
</tr>
<tr id="Template-destination_ip">
<td><code>destinationIp</code></td>
<td><code><a href="#istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td><code><a href="/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html#IPAddress">istio.policy.v1beta1.IPAddress</a></code></td>
<td>
<p>Destination pod&rsquo;s ip.</p>
@ -283,31 +301,3 @@ Next ID: 8</p>
</tbody>
</table>
</section>
<h2 id="istio-policy-v1beta1-IPAddress">istio.policy.v1beta1.IPAddress</h2>
<section>
<p>An instance field of type IPAddress denotes that the expression for the field must evalaute to
<em>ValueType.IP_ADDRESS</em></p>
<p>Objects of type IPAddress are also passed to the adapters during request-time for the instance fields of
type IPAddress</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="istio-policy-v1beta1-IPAddress-value">
<td><code>value</code></td>
<td><code>bytes</code></td>
<td>
<p>IPAddress encoded as bytes.</p>
</td>
</tr>
</tbody>
</table>
</section>

2
content_zh/blog/2018/v1alpha3-routing/index.md
View File

@ -12,7 +12,7 @@ keywords: [traffic-management]
虽然目前 API 的功能已被证明是 Istio 非常引人注目的一部分,但用户的反馈也表明,这个 API 确实有一些缺点,尤其是在使用它来管理包含数千个服务的非常大的应用程序,以及使用 HTTP 以外的协议时。 此外,使用 Kubernetes Ingress 资源来配置外部流量的方式已被证明不能满足需求。
为了解决上述缺陷和其他的一些问题Istio 引入了新的流量管理 API v1alpha3新版本的 API 将完全取代之前的 API。 尽管 v1alpha3 和之前的模型在本质上是基本相同的但它并不向后兼容的基于旧API的模型需要进行手动转换。 Istio 接下来的几个版本中提供一个[转换工具](/docs/reference/commands/istioctl/#istioctl-experimental-convert-networking-config)来协助新旧模型的升级。
为了解决上述缺陷和其他的一些问题Istio 引入了新的流量管理 API v1alpha3新版本的 API 将完全取代之前的 API。 尽管 v1alpha3 和之前的模型在本质上是基本相同的但它并不向后兼容的基于旧API的模型需要进行手动转换。
为了证明该非兼容升级的必要性v1alpha3 API 经历了漫长而艰苦的社区评估过程以希望新的API能够大幅改进并经得起时间考验。 在本文中,我们将介绍新的配置模型,并试图解释影响这次变化的一些动机和设计原则。

31
scripts/grab_reference_docs.sh
View File

@ -20,6 +20,8 @@ export GOPATH=$(mktemp -d)
WORK_DIR=${GOPATH}/src/istio.io
COMMAND_DIR=$ISTIO_BASE/content/docs/reference/commands
echo $WORK_DIR
# Get the source code
mkdir -p ${WORK_DIR}
pushd $WORK_DIR
@ -56,10 +58,6 @@ locate_file() {
# Given the path and name to an Istio command, builds the command and then
# runs it to extract its command-line docs
#
# TODO: Even though this CDs into the source tree we've extracted, it's not actually
# using that as input sources since imports are resolved through $GOPATH and such.
# I'm not clear what voodoo is needed so I'm leaving this as-is for the time being
get_command_doc() {
COMMAND_PATH=$1
COMMAND=$2
@ -73,9 +71,22 @@ get_command_doc() {
popd
}
# # First delete all the current generated files so that any stale files are removed
# delete all the current generated files so that any stale files are removed
find content/docs/reference -name '*.html' -type f|xargs rm 2>/dev/null
get_command_doc ${WORK_DIR}/istio/mixer/cmd/mixc mixc
get_command_doc ${WORK_DIR}/istio/mixer/cmd/mixs mixs
get_command_doc ${WORK_DIR}/istio/istioctl/cmd/istioctl istioctl
get_command_doc ${WORK_DIR}/istio/pilot/cmd/pilot-agent pilot-agent
get_command_doc ${WORK_DIR}/istio/pilot/cmd/pilot-discovery pilot-discovery
get_command_doc ${WORK_DIR}/istio/pilot/cmd/sidecar-injector sidecar-injector
get_command_doc ${WORK_DIR}/istio/security/cmd/istio_ca istio_ca
get_command_doc ${WORK_DIR}/istio/security/cmd/node_agent node_agent
get_command_doc ${WORK_DIR}/istio/galley/cmd/galley galley
# delete the vendor dir so we don't get .pb.html out of there
rm -fr $WORK_DIR/istio/vendor
for f in `find $WORK_DIR/istio -type f -name '*.pb.html'`
do
echo "processing $f"
@ -94,16 +105,6 @@ do
locate_file ${f}
done
get_command_doc ${WORK_DIR}/istio/mixer/cmd/mixc mixc
get_command_doc ${WORK_DIR}/istio/mixer/cmd/mixs mixs
get_command_doc ${WORK_DIR}/istio/istioctl/cmd/istioctl istioctl
get_command_doc ${WORK_DIR}/istio/pilot/cmd/pilot-agent pilot-agent
get_command_doc ${WORK_DIR}/istio/pilot/cmd/pilot-discovery pilot-discovery
get_command_doc ${WORK_DIR}/istio/pilot/cmd/sidecar-injector sidecar-injector
get_command_doc ${WORK_DIR}/istio/security/cmd/istio_ca istio_ca
get_command_doc ${WORK_DIR}/istio/security/cmd/node_agent node_agent
get_command_doc ${WORK_DIR}/istio/galley/cmd/galley galley
# Copy all the example files over into the examples directory
# cp $WORK_DIR/istio/Makefile examples/Makefile