istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Automator: update istio.io@ reference docs (#9420)

This commit is contained in:
Istio Automation 2021-03-29 19:43:53 -07:00 committed by GitHub
parent a0364f6af7
commit 73bf189c4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 138 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
content/en/docs/reference/commands/istioctl/index.html
View File

@ -1653,116 +1653,6 @@ or release tar URL (e.g. https://github.com/istio/istio/releases/download/1.10/i
istioctl --kubeconfig=c0.yaml x create-remote-secret --name c0 --auth-type=plugin --auth-plugin-name=gcp \
| kubectl --kubeconfig=c1.yaml apply -f -
</code></pre>
<h2 id="istioctl-experimental-debug">istioctl experimental debug</h2>
<p>
Retrieves the debug information from Istiod or Pods in the mesh using the service account from the pod if --cert-dir is empty.
By default it will use the default serviceAccount from (istio-system) namespace if the pod is not specified.</p>
<p>
THIS COMMAND IS UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.</p>
<pre class="language-bash"><code>istioctl experimental debug [&lt;type&gt;/]&lt;name&gt;[.&lt;namespace&gt;] [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--authority &lt;string&gt;</code></td>
<td></td>
<td>XDS Subject Alternative Name (for example istiod.istio-system.svc) (default ``)</td>
</tr>
<tr>
<td><code>--cert-dir &lt;string&gt;</code></td>
<td></td>
<td>XDS Endpoint certificate directory (default ``)</td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--insecure</code></td>
<td></td>
<td>Skip server certificate and domain verification. (NOT SECURE!) </td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--plaintext</code></td>
<td></td>
<td>Use plain-text HTTP/2 when connecting to server (no TLS). </td>
</tr>
<tr>
<td><code>--revision &lt;string&gt;</code></td>
<td><code>-r</code></td>
<td>Control plane revision (default ``)</td>
</tr>
<tr>
<td><code>--timeout &lt;duration&gt;</code></td>
<td></td>
<td>The duration to wait before failing (default `30s`)</td>
</tr>
<tr>
<td><code>--xds-address &lt;string&gt;</code></td>
<td></td>
<td>XDS Endpoint (default ``)</td>
</tr>
<tr>
<td><code>--xds-label &lt;string&gt;</code></td>
<td></td>
<td>Istiod pod label selector (default ``)</td>
</tr>
<tr>
<td><code>--xds-port &lt;int&gt;</code></td>
<td></td>
<td>Istiod pod port (default `15012`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-debug Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve sync status for all Envoys in a mesh
istioctl x debug syncz
# Retrieve sync diff for a single Envoy and Istiod
istioctl x debug syncz istio-egressgateway-59585c5b9c-ndc59.istio-system
# SECURITY OPTIONS
# Retrieve syncz debug information directly from the control plane, using token security
# (This is the usual way to get the debug information with an out-of-cluster control plane.)
istioctl x debug syncz --xds-address istio.cloudprovider.example.com:15012
# Retrieve syncz debug information via Kubernetes config, using token security
# (This is the usual way to get the debug information with an in-cluster control plane.)
istioctl x debug syncz
# Retrieve syncz debug information directly from the control plane, using RSA certificate security
# (Certificates must be obtained before this step. The --cert-dir flag lets istioctl bypass the Kubernetes API server.)
istioctl x debug syncz --xds-address istio.example.com:15012 --cert-dir ~/.istio-certs
# Retrieve syncz information via XDS from specific control plane in multi-control plane in-cluster configuration
# (Select a specific control plane in an in-cluster canary Istio configuration.)
istioctl x debug syncz --xds-label istio.io/rev=default
</code></pre>
<h2 id="istioctl-experimental-describe">istioctl experimental describe</h2>
<p>Describe resource and related Istio configuration</p>
<pre class="language-bash"><code>istioctl experimental describe [flags]
@ -1969,6 +1859,116 @@ the configuration objects that affect that service.</p>
</table>
<h3 id="istioctl-experimental-injector-list Examples">Examples</h3>
<pre class="language-bash"><code> istioctl experimental injector list
</code></pre>
<h2 id="istioctl-experimental-internal-debug">istioctl experimental internal-debug</h2>
<p>
Retrieves the debug information from Istiod or Pods in the mesh using the service account from the pod if --cert-dir is empty.
By default it will use the default serviceAccount from (istio-system) namespace if the pod is not specified.</p>
<p>
THIS COMMAND IS UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.</p>
<pre class="language-bash"><code>istioctl experimental internal-debug [&lt;type&gt;/]&lt;name&gt;[.&lt;namespace&gt;] [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--authority &lt;string&gt;</code></td>
<td></td>
<td>XDS Subject Alternative Name (for example istiod.istio-system.svc) (default ``)</td>
</tr>
<tr>
<td><code>--cert-dir &lt;string&gt;</code></td>
<td></td>
<td>XDS Endpoint certificate directory (default ``)</td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--insecure</code></td>
<td></td>
<td>Skip server certificate and domain verification. (NOT SECURE!) </td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--plaintext</code></td>
<td></td>
<td>Use plain-text HTTP/2 when connecting to server (no TLS). </td>
</tr>
<tr>
<td><code>--revision &lt;string&gt;</code></td>
<td><code>-r</code></td>
<td>Control plane revision (default ``)</td>
</tr>
<tr>
<td><code>--timeout &lt;duration&gt;</code></td>
<td></td>
<td>The duration to wait before failing (default `30s`)</td>
</tr>
<tr>
<td><code>--xds-address &lt;string&gt;</code></td>
<td></td>
<td>XDS Endpoint (default ``)</td>
</tr>
<tr>
<td><code>--xds-label &lt;string&gt;</code></td>
<td></td>
<td>Istiod pod label selector (default ``)</td>
</tr>
<tr>
<td><code>--xds-port &lt;int&gt;</code></td>
<td></td>
<td>Istiod pod port (default `15012`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-internal-debug Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve sync status for all Envoys in a mesh
istioctl x internal-debug syncz
# Retrieve sync diff for a single Envoy and Istiod
istioctl x internal-debug syncz istio-egressgateway-59585c5b9c-ndc59.istio-system
# SECURITY OPTIONS
# Retrieve syncz debug information directly from the control plane, using token security
# (This is the usual way to get the debug information with an out-of-cluster control plane.)
istioctl x internal-debug syncz --xds-address istio.cloudprovider.example.com:15012
# Retrieve syncz debug information via Kubernetes config, using token security
# (This is the usual way to get the debug information with an in-cluster control plane.)
istioctl x internal-debug syncz
# Retrieve syncz debug information directly from the control plane, using RSA certificate security
# (Certificates must be obtained before this step. The --cert-dir flag lets istioctl bypass the Kubernetes API server.)
istioctl x internal-debug syncz --xds-address istio.example.com:15012 --cert-dir ~/.istio-certs
# Retrieve syncz information via XDS from specific control plane in multi-control plane in-cluster configuration
# (Select a specific control plane in an in-cluster canary Istio configuration.)
istioctl x internal-debug syncz --xds-label istio.io/rev=default
</code></pre>
<h2 id="istioctl-experimental-kube-uninject">istioctl experimental kube-uninject</h2>
<p>

41
content/en/docs/reference/config/networking/virtual-service/index.html
View File

@ -701,13 +701,19 @@ No
<td><code><a href="#Delegate">Delegate</a></code></td>
<td>
<p>Delegate is used to specify the particular VirtualService which
can be used to define delegate HTTPRoute.
It can be set only when <code>Route</code> and <code>Redirect</code> are empty, and the route rules of the
delegate VirtualService will be merged with that in the current one.
<strong>NOTE</strong>:
1. Only one level delegation is supported.
2. The delegate&rsquo;s HTTPMatchRequest must be a strict subset of the root&rsquo;s,
otherwise there is a conflict and the HTTPRoute will not take effect.</p>
can be used to define delegate HTTPRoute.</p>
<p>It can be set only when <code>Route</code> and <code>Redirect</code> are empty, and the route
rules of the delegate VirtualService will be merged with that in the
current one.</p>
<p><strong>NOTE</strong>:</p>
<ol>
<li>Only one level delegation is supported.</li>
<li>The delegate&rsquo;s HTTPMatchRequest must be a strict subset of the root&rsquo;s,
otherwise there is a conflict and the HTTPRoute will not take effect.</li>
</ol>
</td>
<td>
@ -1470,14 +1476,19 @@ No
<td>
<p>Query parameters for matching.</p>
<p>Ex:
- For a query parameter like &ldquo;?key=true&rdquo;, the map key would be &ldquo;key&rdquo; and
the string match could be defined as <code>exact: &quot;true&quot;</code>.
- For a query parameter like &ldquo;?key&rdquo;, the map key would be &ldquo;key&rdquo; and the
string match could be defined as <code>exact: &quot;&quot;</code>.
- For a query parameter like &ldquo;?key=123&rdquo;, the map key would be &ldquo;key&rdquo; and the
string match could be defined as <code>regex: &quot;\d+$&quot;</code>. Note that this
configuration will only match values like &ldquo;123&rdquo; but not &ldquo;a123&rdquo; or &ldquo;123a&rdquo;.</p>
<p>Ex:</p>
<ul>
<li><p>For a query parameter like &ldquo;?key=true&rdquo;, the map key would be &ldquo;key&rdquo; and
the string match could be defined as <code>exact: &quot;true&quot;</code>.</p></li>
<li><p>For a query parameter like &ldquo;?key&rdquo;, the map key would be &ldquo;key&rdquo; and the
string match could be defined as <code>exact: &quot;&quot;</code>.</p></li>
<li><p>For a query parameter like &ldquo;?key=123&rdquo;, the map key would be &ldquo;key&rdquo; and the
string match could be defined as <code>regex: &quot;\d+$&quot;</code>. Note that this
configuration will only match values like &ldquo;123&rdquo; but not &ldquo;a123&rdquo; or &ldquo;123a&rdquo;.</p></li>
</ul>
<p><strong>Note:</strong> <code>prefix</code> matching is currently not supported.</p>

3
content/en/docs/reference/config/security/peer_authentication/index.html
View File

@ -130,7 +130,8 @@ No
<td><code>portLevelMtls</code></td>
<td><code>map&lt;uint32,&nbsp;<a href="#PeerAuthentication-MutualTLS">MutualTLS</a>&gt;</code></td>
<td>
<p>Port specific mutual TLS settings.</p>
<p>Port specific mutual TLS settings. These only apply when a workload selector
is specified.</p>
</td>
<td>