mirror of https://github.com/istio/istio.io.git
Update reference docs. (#5110)
This commit is contained in:
Martin Taillefer
GitHub
parent
03469d0ad9
commit
74559202aa
|
|
@ -199,7 +199,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--disableResourceReadyCheck</code></td>
|
||||
<td></td>
|
||||
<td>Disable resource readiness checks. This allows Galley to start if not all resource types are supported </td>
|
||||
<td>(DEPRECATED) Disable resource readiness checks. This allows Galley to start if not all resource types are supported </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--domain <string></code></td>
|
||||
|
|
@ -222,6 +222,11 @@ number_of_entries: 5
|
|||
<td>Run galley validation mode </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enableAnalysis</code></td>
|
||||
<td></td>
|
||||
<td>Enable config analysis service </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--enableProfiling</code></td>
|
||||
<td></td>
|
||||
<td>Enable profiling for Galley </td>
|
||||
|
|
@ -234,7 +239,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--excludedResourceKinds <stringSlice></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Namespace,Node,Pod,Service]`)</td>
|
||||
<td>(DEPRECATED) Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Namespace,Node,Pod,Service]`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--insecure</code></td>
|
||||
|
|
|
|||
|
|
@ -83,11 +83,11 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -107,7 +107,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -135,7 +135,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--read-signing-cert-only</code></td>
|
||||
<td>When set, Citadel only reads the self-signed signing key and cert from Kubernetes secret without generating one (if not exist). This flag avoids racing condition between multiple Citadels generating self-signed key and cert. Please make sure one and only one Citadel instance has this flag set to false. </td>
|
||||
<td>When set, Citadel only reads the self-signed signing cert and key from Kubernetes secret without generating one (if not exist). This flag avoids racing condition between multiple Citadels generating self-signed key and cert. Please make sure one and only one Citadel instance has this flag set to false. </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--requested-ca-cert-ttl <duration></code></td>
|
||||
|
|
@ -154,10 +154,6 @@ number_of_entries: 4
|
|||
<td>Indicates whether to use auto-generated self-signed CA certificate. When set to true, the '--signing-cert' and '--signing-key' options are ignored. </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--self-signed-ca-cert-ttl <duration></code></td>
|
||||
<td>The TTL of self-signed CA root certificate. (default `87600h0m0s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--server-only</code></td>
|
||||
<td>When set, Citadel only serves as a server without writing the Kubernetes secrets. </td>
|
||||
</tr>
|
||||
|
|
@ -186,10 +182,6 @@ number_of_entries: 4
|
|||
<td>The workload certificate rotation grace period, as a ratio of the workload certificate TTL. (default `0.5`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--workload-cert-min-grace-period <duration></code></td>
|
||||
<td>The minimum workload certificate rotation grace period. (default `10m0s`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--workload-cert-ttl <duration></code></td>
|
||||
<td>The TTL of issued workload certificates. (default `2160h0m0s`)</td>
|
||||
</tr>
|
||||
|
|
@ -225,11 +217,11 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -249,7 +241,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -292,12 +284,12 @@ number_of_entries: 4
|
|||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -322,7 +314,7 @@ number_of_entries: 4
|
|||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, k8sController, monitor, pkiCaLog, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, caSecretController, configMapController, default, k8sController, monitor, pkiCaLog, rootCertRotator, serverCaLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -354,12 +346,42 @@ These environment variables affect the behavior of the <code>istio_ca</code> com
|
|||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>CITADEL_ENABLE_JITTER_FOR_ROOT_CERT_ROTATOR</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If true, set up a jitter to start root cert rotator. Jitter selects a backoff time in seconds to start root cert rotator, and the back off time is below root cert check interval.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>CITADEL_ENABLE_NAMESPACES_BY_DEFAULT</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>Determines whether unlabeled namespaces should be targeted by this Citadel instance</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>CITADEL_SELF_SIGNED_CA_CERT_TTL</code></td>
|
||||
<td>Time Duration</td>
|
||||
<td><code>87600h0m0s</code></td>
|
||||
<td>The TTL of self-signed CA root certificate.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>CITADEL_SELF_SIGNED_ROOT_CERT_CHECK_INTERVAL</code></td>
|
||||
<td>Time Duration</td>
|
||||
<td><code>1h0m0s</code></td>
|
||||
<td>The interval that self-signed CA checks its root certificate expiration time and rotates root certificate. Setting this interval to zero or a negative value disables automated root cert check and rotation. This interval is suggested to be larger than 10 minutes.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>CITADEL_SELF_SIGNED_ROOT_CERT_GRACE_PERIOD_PERCENTILE</code></td>
|
||||
<td>Integer</td>
|
||||
<td><code>20</code></td>
|
||||
<td>Grace period percentile for self-signed root cert.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>CITADEL_WORKLOAD_CERT_MIN_GRACE_PERIOD</code></td>
|
||||
<td>Time Duration</td>
|
||||
<td><code>10m0s</code></td>
|
||||
<td>The minimum workload certificate rotation grace period.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>NAMESPACE</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ source_repo: https://github.com/istio/istio
|
|||
title: istioctl
|
||||
description: Istio control interface.
|
||||
generator: pkg-collateral-docs
|
||||
number_of_entries: 62
|
||||
number_of_entries: 63
|
||||
---
|
||||
<p>Istio configuration command line utility for service operators to
|
||||
debug and diagnose their Istio mesh.
|
||||
|
|
@ -36,7 +36,7 @@ debug and diagnose their Istio mesh.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -76,7 +76,7 @@ debug and diagnose their Istio mesh.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -117,7 +117,7 @@ A group of commands used to interact with Istio authentication policies.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -164,7 +164,7 @@ and check if TLS settings are compatible between them.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -219,7 +219,7 @@ istioctl authn tls-check foo-656bd7df7c-5zp4s.default bar
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -271,7 +271,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -316,7 +316,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -359,7 +359,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -402,7 +402,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -445,7 +445,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -488,7 +488,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -531,7 +531,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -574,7 +574,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -617,7 +617,7 @@ istioctl d [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -659,7 +659,7 @@ istioctl deregister my-svc 172.17.0.2
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -702,7 +702,7 @@ istioctl deregister my-svc 172.17.0.2
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -756,7 +756,7 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -820,7 +820,7 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--meshConfigFile <string></code></td>
|
||||
|
|
@ -866,6 +866,11 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--discovery <string></code></td>
|
||||
<td><code>-d</code></td>
|
||||
<td>'true' to enable service discovery, 'false' to disable it. Defaults to true if --use-kube is set, false otherwise. Analyzers requiring resources made available by enabling service discovery will be skipped. (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
|
|
@ -878,7 +883,7 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -888,7 +893,7 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<tr>
|
||||
<td><code>--use-kube</code></td>
|
||||
<td><code>-k</code></td>
|
||||
<td>Use live kubernetes cluster for analysis </td>
|
||||
<td>Use live Kubernetes cluster for analysis </td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
@ -903,6 +908,12 @@ istioctl experimental analyze -k
|
|||
# Analyze the current live cluster, simulating the effect of applying additional yaml files
|
||||
istioctl experimental analyze -k a.yaml b.yaml
|
||||
|
||||
# Analyze yaml files, overriding service discovery to enabled
|
||||
istioctl experimental analyze -d true a.yaml b.yaml services.yaml
|
||||
|
||||
# Analyze the current live cluster, overriding service discovery to disabled
|
||||
istioctl experimental analyze -k -d false
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-experimental-auth">istioctl experimental auth</h2>
|
||||
<p>Commands to inspect and interact with the authentication (TLS, JWT) and authorization (RBAC) policies in the mesh
|
||||
|
|
@ -936,7 +947,7 @@ istioctl experimental analyze -k a.yaml b.yaml
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1002,7 +1013,7 @@ the cluster results of the client pod and the listener results of the server pod
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1058,7 +1069,7 @@ the cluster results of the client pod and the listener results of the server pod
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1101,7 +1112,7 @@ the cluster results of the client pod and the listener results of the server pod
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1141,7 +1152,7 @@ the cluster results of the client pod and the listener results of the server pod
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1198,7 +1209,7 @@ istioctl --kubeconfig=c0.yaml x create-remote-secret c1 \
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1241,7 +1252,7 @@ istioctl --kubeconfig=c0.yaml x create-remote-secret c1 \
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1289,7 +1300,7 @@ the configuration objects that affect that pod.</p>
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1340,7 +1351,7 @@ also provides the inverse of "istioctl kube-inject -f".</p>
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1400,7 +1411,7 @@ kubectl get deployment -o yaml | istioctl experimental kube-uninject -f - | kube
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1460,7 +1471,7 @@ kubectl get deployment -o yaml | istioctl experimental kube-uninject -f - | kube
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1547,7 +1558,7 @@ customization file (default `[]`)</td>
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1616,7 +1627,7 @@ e.g.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1683,7 +1694,7 @@ customization file (default `[]`)</td>
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1738,7 +1749,7 @@ customization file (default `[]`)</td>
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1807,7 +1818,7 @@ calculated over a time interval of 1 minute.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -1859,7 +1870,7 @@ istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1914,7 +1925,7 @@ istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -1984,7 +1995,7 @@ istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -2039,7 +2050,7 @@ istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--logtostderr</code></td>
|
||||
|
|
@ -2092,7 +2103,7 @@ istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2136,7 +2147,7 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2181,7 +2192,7 @@ THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2252,7 +2263,7 @@ kube-inject on deployments to get the most up-to-date changes.
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--meshConfigFile <string></code></td>
|
||||
|
|
@ -2333,7 +2344,7 @@ istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml \
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2385,7 +2396,7 @@ istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml \
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2449,7 +2460,7 @@ istioctl proxy-config c <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2529,7 +2540,7 @@ istioctl proxy-config ep <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2609,7 +2620,7 @@ istioctl proxy-config l <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2643,6 +2654,75 @@ istioctl proxy-config l <pod-name[.namespace]> [flags]
|
|||
# Retrieve full listener dump for HTTP listeners with a wildcard address (0.0.0.0).
|
||||
istioctl proxy-config listeners <pod-name[.namespace]> --type HTTP --address 0.0.0.0 -o json
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-proxy-config-log">istioctl proxy-config log</h2>
|
||||
<p>(experimental) Retrieve information about logging levels of the Envoy instance in the specified pod, and update optionally</p>
|
||||
<pre class="language-bash"><code>istioctl proxy-config log <pod-name[.namespace]> [flags]
|
||||
</code></pre>
|
||||
<div class="aliases">
|
||||
<pre class="language-bash"><code>istioctl proxy-config o <pod-name[.namespace]> [flags]
|
||||
</code></pre></div>
|
||||
<table class="command-flags">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Flags</th>
|
||||
<th>Shorthand</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code>--context <string></code></td>
|
||||
<td></td>
|
||||
<td>The name of the kubeconfig context to use (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--istioNamespace <string></code></td>
|
||||
<td><code>-i</code></td>
|
||||
<td>Istio system namespace (default `istio-system`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--kubeconfig <string></code></td>
|
||||
<td><code>-c</code></td>
|
||||
<td>Kubernetes configuration file (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-logger level of messages to output, in the form of <logger>:<level>,<logger>:<level>,... where logger can be one of admin, all, aws, assert, backtrace, client, config, connection, dubbo, file, filter, forward_proxy, grpc, hc, health_checker, http, http2, hystrix, init, io, jwt, kafka, lua, main, misc, mongo, quic, pool, rbac, redis, router, runtime, stats, secret, tap, testing, thrift, tracing, upstream, udp, wasm and level can be one of [trace, debug, info, warning, error, critical, off] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
<td><code>-n</code></td>
|
||||
<td>Config namespace (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--output <string></code></td>
|
||||
<td><code>-o</code></td>
|
||||
<td>Output format: one of json|short (default `short`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--reset</code></td>
|
||||
<td><code>-r</code></td>
|
||||
<td>Specify if the reset log level to default value (warning). </td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<h3 id="istioctl-proxy-config-log Examples">Examples</h3>
|
||||
<pre class="language-bash"><code> # Retrieve information about logging levels for a given pod from Envoy.
|
||||
istioctl proxy-config log <pod-name[.namespace]>
|
||||
|
||||
# Update levels of the specified loggers and retrieve all the information about logging levels.
|
||||
istioctl proxy-config log <pod-name[.namespace]> --level all:warning,http:debug,redis:debug
|
||||
|
||||
# Reset levels of all the loggers to default value (warning) and retrieve all the information about logging levels.
|
||||
istioctl proxy-config log <pod-name[.namespace]> -r
|
||||
|
||||
</code></pre>
|
||||
<h2 id="istioctl-proxy-config-route">istioctl proxy-config route</h2>
|
||||
<p>Retrieve information about route configuration for the Envoy instance in the specified pod.</p>
|
||||
|
|
@ -2679,7 +2759,7 @@ istioctl proxy-config r <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--name <string></code></td>
|
||||
|
|
@ -2743,7 +2823,7 @@ istioctl proxy-config r <pod-name[.namespace]> [flags]
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2800,7 +2880,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2868,7 +2948,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2918,7 +2998,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -2992,7 +3072,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -3049,7 +3129,7 @@ Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in t
|
|||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, default, googleCAClientLog, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--namespace <string></code></td>
|
||||
|
|
@ -3134,6 +3214,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<td>namespace that nodeagent/citadel run in</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_BLOCK_HTTP_ON_443</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, any HTTP services will be blocked on HTTPS port (443). If this is disabled, any HTTP service on port 443 could block all external traffic</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_CERT_DIR</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -3179,7 +3265,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<td><code>PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods. </td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
|
|
@ -3357,6 +3443,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<tr><td><code>outgoing_latency</code></td><td><code>Sum</code></td><td>The latency of outgoing requests (e.g. to a token exchange server, CA, etc.) in milliseconds.</td></tr>
|
||||
<tr><td><code>pilot_conflict_inbound_listener</code></td><td><code>LastValue</code></td><td>Number of conflicting inbound listeners.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard http listeners with current wildcard tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_https</code></td><td><code>LastValue</code></td><td>Number of conflicting HTTP listeners with well known HTTPS ports</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_http</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard tcp listeners with current wildcard http listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting tcp listeners with current tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_destrule_subsets</code></td><td><code>LastValue</code></td><td>Duplicate subsets across destination rules for same host</td></tr>
|
||||
|
|
@ -3371,8 +3458,8 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<tr><td><code>pilot_k8s_object_errors</code></td><td><code>LastValue</code></td><td>Errors converting k8s CRDs</td></tr>
|
||||
<tr><td><code>pilot_k8s_reg_events</code></td><td><code>Sum</code></td><td>Events from k8s registry.</td></tr>
|
||||
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
|
||||
<tr><td><code>pilot_proxy_convergence_time</code></td><td><code>Distribution</code></td><td>Delay between config change and all proxies converging.</td></tr>
|
||||
<tr><td><code>pilot_proxy_queue_time</code></td><td><code>Distribution</code></td><td>Time a proxy is in the push queue before being dequeued.</td></tr>
|
||||
<tr><td><code>pilot_proxy_convergence_time</code></td><td><code>Distribution</code></td><td>Delay in seconds between config change and a proxy receiving all required configuration.</td></tr>
|
||||
<tr><td><code>pilot_proxy_queue_time</code></td><td><code>Distribution</code></td><td>Time in seconds, a proxy is in the push queue before being dequeued.</td></tr>
|
||||
<tr><td><code>pilot_rds_expired_nonce</code></td><td><code>Sum</code></td><td>Total number of RDS messages with an expired nonce.</td></tr>
|
||||
<tr><td><code>pilot_services</code></td><td><code>LastValue</code></td><td>Total services known to pilot.</td></tr>
|
||||
<tr><td><code>pilot_total_rejected_configs</code></td><td><code>Sum</code></td><td>Total number of configs that Pilot had to reject or ignore.</td></tr>
|
||||
|
|
@ -3386,7 +3473,7 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|||
<tr><td><code>pilot_xds_eds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected EDS.</td></tr>
|
||||
<tr><td><code>pilot_xds_lds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected LDS.</td></tr>
|
||||
<tr><td><code>pilot_xds_push_context_errors</code></td><td><code>Sum</code></td><td>Number of errors (timeouts) initiating push context.</td></tr>
|
||||
<tr><td><code>pilot_xds_push_time</code></td><td><code>Distribution</code></td><td>Total time in second Pilot takes to push lds, rds, cds and eds.</td></tr>
|
||||
<tr><td><code>pilot_xds_push_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to push lds, rds, cds and eds.</td></tr>
|
||||
<tr><td><code>pilot_xds_pushes</code></td><td><code>Sum</code></td><td>Pilot build and send errors for lds, rds, cds and eds.</td></tr>
|
||||
<tr><td><code>pilot_xds_rds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected RDS.</td></tr>
|
||||
<tr><td><code>pilot_xds_write_timeout</code></td><td><code>Sum</code></td><td>Pilot XDS response write timeouts.</td></tr>
|
||||
|
|
|
|||
|
|
@ -63,11 +63,11 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [default, util] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [default, name, patch, tpath, translator, util, validation] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [default, util] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [default, name, patch, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -87,7 +87,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [default, util] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [default, name, patch, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -45,7 +45,7 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -159,11 +159,11 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -183,7 +183,7 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -261,11 +261,11 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -285,7 +285,7 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -314,12 +314,12 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -344,7 +344,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -448,6 +448,12 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_BLOCK_HTTP_ON_443</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, any HTTP services will be blocked on HTTPS port (443). If this is disabled, any HTTP service on port 443 could block all external traffic</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_CERT_DIR</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -493,7 +499,7 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<td><code>PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods. </td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
|
|
@ -633,6 +639,7 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
|
||||
<tr><td><code>pilot_conflict_inbound_listener</code></td><td><code>LastValue</code></td><td>Number of conflicting inbound listeners.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard http listeners with current wildcard tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_https</code></td><td><code>LastValue</code></td><td>Number of conflicting HTTP listeners with well known HTTPS ports</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_http</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard tcp listeners with current wildcard http listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting tcp listeners with current tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_destrule_subsets</code></td><td><code>LastValue</code></td><td>Duplicate subsets across destination rules for same host</td></tr>
|
||||
|
|
@ -642,7 +649,6 @@ These environment variables affect the behavior of the <code>pilot-agent</code>
|
|||
<tr><td><code>pilot_duplicate_envoy_clusters</code></td><td><code>LastValue</code></td><td>Duplicate envoy clusters caused by service entries with same hostname</td></tr>
|
||||
<tr><td><code>pilot_eds_no_instances</code></td><td><code>LastValue</code></td><td>Number of clusters without instances.</td></tr>
|
||||
<tr><td><code>pilot_endpoint_not_ready</code></td><td><code>LastValue</code></td><td>Endpoint found in unready state.</td></tr>
|
||||
<tr><td><code>pilot_invalid_out_listeners</code></td><td><code>LastValue</code></td><td>Number of invalid outbound listeners.</td></tr>
|
||||
<tr><td><code>pilot_jwks_resolver_network_fetch_fail_total</code></td><td><code>Sum</code></td><td>Total number of failed network fetch by pilot jwks resolver</td></tr>
|
||||
<tr><td><code>pilot_jwks_resolver_network_fetch_success_total</code></td><td><code>Sum</code></td><td>Total number of successfully network fetch by pilot jwks resolver</td></tr>
|
||||
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
|
||||
|
|
|
|||
|
|
@ -41,11 +41,11 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, default, mcp, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -65,7 +65,7 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -174,12 +174,12 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, default, mcp, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -204,7 +204,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -316,11 +316,11 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, default, mcp, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -340,7 +340,7 @@ number_of_entries: 5
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -394,12 +394,12 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, default, mcp, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -424,7 +424,7 @@ number_of_entries: 5
|
|||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -468,6 +468,12 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_BLOCK_HTTP_ON_443</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, any HTTP services will be blocked on HTTPS port (443). If this is disabled, any HTTP service on port 443 could block all external traffic</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_CERT_DIR</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -513,7 +519,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<td><code>PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods. </td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
|
|
@ -637,6 +643,11 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<tr><th>Metric Name</th><th>Type</th><th>Description</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr><td><code>citadel_secret_controller_csr_err_count</code></td><td><code>Sum</code></td><td>The number of errors occurred when creating the CSR.</td></tr>
|
||||
<tr><td><code>citadel_secret_controller_csr_sign_err_count</code></td><td><code>Sum</code></td><td>The number of errors occurred when signing the CSR.</td></tr>
|
||||
<tr><td><code>citadel_secret_controller_secret_deleted_cert_count</code></td><td><code>Sum</code></td><td>The number of certificates recreated due to secret deletion (service account still exists).</td></tr>
|
||||
<tr><td><code>citadel_secret_controller_svc_acc_created_cert_count</code></td><td><code>Sum</code></td><td>The number of certificates created due to service account creation.</td></tr>
|
||||
<tr><td><code>citadel_secret_controller_svc_acc_deleted_cert_count</code></td><td><code>Sum</code></td><td>The number of certificates deleted due to service account deletion.</td></tr>
|
||||
<tr><td><code>endpoint_no_pod</code></td><td><code>LastValue</code></td><td>Endpoints without an associated pod.</td></tr>
|
||||
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
|
||||
<tr><td><code>istio_mcp_clients_total</code></td><td><code>LastValue</code></td><td>The number of streams currently connected.</td></tr>
|
||||
|
|
@ -648,6 +659,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<tr><td><code>istio_mcp_send_failures_total</code></td><td><code>Sum</code></td><td>The number of send failures in the source.</td></tr>
|
||||
<tr><td><code>pilot_conflict_inbound_listener</code></td><td><code>LastValue</code></td><td>Number of conflicting inbound listeners.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard http listeners with current wildcard tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_https</code></td><td><code>LastValue</code></td><td>Number of conflicting HTTP listeners with well known HTTPS ports</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_http</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard tcp listeners with current wildcard http listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting tcp listeners with current tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_destrule_subsets</code></td><td><code>LastValue</code></td><td>Duplicate subsets across destination rules for same host</td></tr>
|
||||
|
|
@ -665,8 +677,8 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<tr><td><code>pilot_k8s_object_errors</code></td><td><code>LastValue</code></td><td>Errors converting k8s CRDs</td></tr>
|
||||
<tr><td><code>pilot_k8s_reg_events</code></td><td><code>Sum</code></td><td>Events from k8s registry.</td></tr>
|
||||
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
|
||||
<tr><td><code>pilot_proxy_convergence_time</code></td><td><code>Distribution</code></td><td>Delay between config change and all proxies converging.</td></tr>
|
||||
<tr><td><code>pilot_proxy_queue_time</code></td><td><code>Distribution</code></td><td>Time a proxy is in the push queue before being dequeued.</td></tr>
|
||||
<tr><td><code>pilot_proxy_convergence_time</code></td><td><code>Distribution</code></td><td>Delay in seconds between config change and a proxy receiving all required configuration.</td></tr>
|
||||
<tr><td><code>pilot_proxy_queue_time</code></td><td><code>Distribution</code></td><td>Time in seconds, a proxy is in the push queue before being dequeued.</td></tr>
|
||||
<tr><td><code>pilot_rds_expired_nonce</code></td><td><code>Sum</code></td><td>Total number of RDS messages with an expired nonce.</td></tr>
|
||||
<tr><td><code>pilot_services</code></td><td><code>LastValue</code></td><td>Total services known to pilot.</td></tr>
|
||||
<tr><td><code>pilot_total_rejected_configs</code></td><td><code>Sum</code></td><td>Total number of configs that Pilot had to reject or ignore.</td></tr>
|
||||
|
|
@ -680,7 +692,7 @@ These environment variables affect the behavior of the <code>pilot-discovery</co
|
|||
<tr><td><code>pilot_xds_eds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected EDS.</td></tr>
|
||||
<tr><td><code>pilot_xds_lds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected LDS.</td></tr>
|
||||
<tr><td><code>pilot_xds_push_context_errors</code></td><td><code>Sum</code></td><td>Number of errors (timeouts) initiating push context.</td></tr>
|
||||
<tr><td><code>pilot_xds_push_time</code></td><td><code>Distribution</code></td><td>Total time in second Pilot takes to push lds, rds, cds and eds.</td></tr>
|
||||
<tr><td><code>pilot_xds_push_time</code></td><td><code>Distribution</code></td><td>Total time in seconds Pilot takes to push lds, rds, cds and eds.</td></tr>
|
||||
<tr><td><code>pilot_xds_pushes</code></td><td><code>Sum</code></td><td>Pilot build and send errors for lds, rds, cds and eds.</td></tr>
|
||||
<tr><td><code>pilot_xds_rds_reject</code></td><td><code>LastValue</code></td><td>Pilot rejected RDS.</td></tr>
|
||||
<tr><td><code>pilot_xds_write_timeout</code></td><td><code>Sum</code></td><td>Pilot XDS response write timeouts.</td></tr>
|
||||
|
|
|
|||
|
|
@ -47,11 +47,11 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -71,7 +71,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -90,6 +90,10 @@ number_of_entries: 4
|
|||
<td>Webhook port (default `443`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--reconcileWebhookConfig</code></td>
|
||||
<td>Enable managing webhook configuration. </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsCertFile <string></code></td>
|
||||
<td>File containing the x509 Certificate for HTTPS. (default `/etc/istio/certs/cert-chain.pem`)</td>
|
||||
</tr>
|
||||
|
|
@ -153,11 +157,11 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -177,7 +181,7 @@ number_of_entries: 4
|
|||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -200,6 +204,10 @@ number_of_entries: 4
|
|||
<td>Path of the file for checking the availability. (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--reconcileWebhookConfig</code></td>
|
||||
<td>Enable managing webhook configuration. </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--tlsCertFile <string></code></td>
|
||||
<td>File containing the x509 Certificate for HTTPS. (default `/etc/istio/certs/cert-chain.pem`)</td>
|
||||
</tr>
|
||||
|
|
@ -268,12 +276,12 @@ number_of_entries: 4
|
|||
<tr>
|
||||
<td><code>--log_caller <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, authn, default, model, rbac] (default ``)</td>
|
||||
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_output_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_rotate <string></code></td>
|
||||
|
|
@ -298,7 +306,7 @@ number_of_entries: 4
|
|||
<tr>
|
||||
<td><code>--log_stacktrace_level <string></code></td>
|
||||
<td></td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, authn, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--log_target <stringArray></code></td>
|
||||
|
|
@ -326,6 +334,11 @@ number_of_entries: 4
|
|||
<td>Webhook port (default `443`)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--reconcileWebhookConfig</code></td>
|
||||
<td></td>
|
||||
<td>Enable managing webhook configuration. </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>--short</code></td>
|
||||
<td><code>-s</code></td>
|
||||
<td>Use --short=false to generate full version information </td>
|
||||
|
|
@ -371,6 +384,12 @@ These environment variables affect the behavior of the <code>sidecar-injector</c
|
|||
<td>Sets the maximum number of concurrent grpc streams.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_BLOCK_HTTP_ON_443</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, any HTTP services will be blocked on HTTPS port (443). If this is disabled, any HTTP service on port 443 could block all external traffic</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_CERT_DIR</code></td>
|
||||
<td>String</td>
|
||||
<td><code></code></td>
|
||||
|
|
@ -416,7 +435,7 @@ These environment variables affect the behavior of the <code>sidecar-injector</c
|
|||
<td><code>PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS</code></td>
|
||||
<td>Boolean</td>
|
||||
<td><code>true</code></td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods. </td>
|
||||
<td>If enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
|
||||
|
|
@ -532,13 +551,13 @@ These environment variables affect the behavior of the <code>sidecar-injector</c
|
|||
<tr><td><code>istio_build</code></td><td><code>LastValue</code></td><td>Istio component build info</td></tr>
|
||||
<tr><td><code>pilot_conflict_inbound_listener</code></td><td><code>LastValue</code></td><td>Number of conflicting inbound listeners.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard http listeners with current wildcard tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_http_over_https</code></td><td><code>LastValue</code></td><td>Number of conflicting HTTP listeners with well known HTTPS ports</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_http</code></td><td><code>LastValue</code></td><td>Number of conflicting wildcard tcp listeners with current wildcard http listener.</td></tr>
|
||||
<tr><td><code>pilot_conflict_outbound_listener_tcp_over_current_tcp</code></td><td><code>LastValue</code></td><td>Number of conflicting tcp listeners with current tcp listener.</td></tr>
|
||||
<tr><td><code>pilot_destrule_subsets</code></td><td><code>LastValue</code></td><td>Duplicate subsets across destination rules for same host</td></tr>
|
||||
<tr><td><code>pilot_duplicate_envoy_clusters</code></td><td><code>LastValue</code></td><td>Duplicate envoy clusters caused by service entries with same hostname</td></tr>
|
||||
<tr><td><code>pilot_eds_no_instances</code></td><td><code>LastValue</code></td><td>Number of clusters without instances.</td></tr>
|
||||
<tr><td><code>pilot_endpoint_not_ready</code></td><td><code>LastValue</code></td><td>Endpoint found in unready state.</td></tr>
|
||||
<tr><td><code>pilot_invalid_out_listeners</code></td><td><code>LastValue</code></td><td>Number of invalid outbound listeners.</td></tr>
|
||||
<tr><td><code>pilot_jwks_resolver_network_fetch_fail_total</code></td><td><code>Sum</code></td><td>Total number of failed network fetch by pilot jwks resolver</td></tr>
|
||||
<tr><td><code>pilot_jwks_resolver_network_fetch_success_total</code></td><td><code>Sum</code></td><td>Total number of successfully network fetch by pilot jwks resolver</td></tr>
|
||||
<tr><td><code>pilot_no_ip</code></td><td><code>LastValue</code></td><td>Pods not found in the endpoint table, possibly invalid.</td></tr>
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ Istio supports to control its behavior.
|
|||
<thead>
|
||||
<tr>
|
||||
<th>Annotation Name</th>
|
||||
<th>Resource Types</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
|
|
@ -31,6 +32,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>kubernetes.io/ingress.class</code></td>
|
||||
<td>[Ingress]</td>
|
||||
<td>Annotation on an Ingress resources denoting the class of controllers responsible for it.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -46,6 +48,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>networking.istio.io/exportTo</code></td>
|
||||
<td>[Service]</td>
|
||||
<td>Specifies the namespaces to which this service should be exported to. A value of '*' indicates it is reachable within the mesh '.' indicates it is reachable within its namespace.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -55,6 +58,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>policy.istio.io/check</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Determines the policy for behavior when unable to connect to Mixer. If not set, FAIL_CLOSE is set, rejecting requests.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -64,6 +68,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>policy.istio.io/checkBaseRetryWaitTime</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Base time to wait between retries, will be adjusted by backoff and jitter. In duration format. If not set, this will be 80ms.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -73,6 +78,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>policy.istio.io/checkMaxRetryWaitTime</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Maximum time to wait between retries to Mixer. In duration format. If not set, this will be 1000ms.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -82,6 +88,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>policy.istio.io/checkRetries</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>The maximum number of retries on transport errors to Mixer. If not set, this will be 0, indicating no retries.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -91,7 +98,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>policy.istio.io/lang</code></td>
|
||||
<td>Selects the attribute expression langauge runtime for Mixer..</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Selects the attribute expression language runtime for Mixer.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -100,7 +108,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>readiness.status.sidecar.istio.io/applicationPorts</code></td>
|
||||
<td>Specifies the list of ports exposed by the application container. Used by the istio-proxy readiness probe to determine that Envoy is configured and ready to receive traffic.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the list of ports exposed by the application container. Used by the Envoy sidecar readiness probe to determine that Envoy is configured and ready to receive traffic.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -109,7 +118,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>readiness.status.sidecar.istio.io/failureThreshold</code></td>
|
||||
<td>Specifies the failure threshold for the istio-proxy readiness probe.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the failure threshold for the Envoy sidecar readiness probe.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -118,7 +128,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>readiness.status.sidecar.istio.io/initialDelaySeconds</code></td>
|
||||
<td>Specifies the initial delay (in seconds) for the istio-proxy readiness probe.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the initial delay (in seconds) for the Envoy sidecar readiness probe.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -127,7 +138,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>readiness.status.sidecar.istio.io/periodSeconds</code></td>
|
||||
<td>Specifies the period (in seconds) for the istio-proxy readiness probe.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the period (in seconds) for the Envoy sidecar readiness probe.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -138,6 +150,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/bootstrapOverride</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies an alternative Envoy bootstrap configuration file.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -147,6 +160,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/componentLogLevel</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the component log level for Envoy.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -156,7 +170,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/controlPlaneAuthPolicy</code></td>
|
||||
<td>Specifies the auth policy used by the Istio control plane. If NONE, traffic will not be encrypted. If MUTUAL_TLS, traffic between istio-proxy sidecars will be wrapped into mutual TLS connections.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the auth policy used by the Istio control plane. If NONE, traffic will not be encrypted. If MUTUAL_TLS, traffic between Envoy sidecar will be wrapped into mutual TLS connections.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -165,7 +180,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/discoveryAddress</code></td>
|
||||
<td>Specifies the XDS discovery address to be used by the istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the XDS discovery address to be used by the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -174,7 +190,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/inject</code></td>
|
||||
<td>Specifies whether or not an istio-proxy sidecar should be automatically injected into the workload.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies whether or not an Envoy sidecar should be automatically injected into the workload.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -183,6 +200,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/interceptionMode</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the mode used to redirect inbound connections to Envoy (REDIRECT or TPROXY).</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -192,6 +210,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/logLevel</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the log level for Envoy.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -201,7 +220,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/proxyCPU</code></td>
|
||||
<td>Specifies the requested CPU setting for the istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the requested CPU setting for the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -210,7 +230,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/proxyImage</code></td>
|
||||
<td>Specifies the Docker image to be used by the istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the Docker image to be used by the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -219,7 +240,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/proxyMemory</code></td>
|
||||
<td>Specifies the requested memory setting for the istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the requested memory setting for the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -228,7 +250,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/rewriteAppHTTPProbers</code></td>
|
||||
<td>Rewrite HTTP readiness and liveness probes to be redirected to istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Rewrite HTTP readiness and liveness probes to be redirected to the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -237,6 +260,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/statsInclusionPrefixes</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the comma separated list of prefixes of the stats to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -246,6 +270,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/statsInclusionRegexps</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the comma separated list of regexes the stats should match to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -255,6 +280,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/statsInclusionSuffixes</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the comma separated list of suffixes of the stats to be emitted by Envoy.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -264,7 +290,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/status</code></td>
|
||||
<td>Generated by istio-proxy sidecar injection that indicates the status of the operation. Includes a version hash of the executed template, as well as names of injected resources.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Generated by Envoy sidecar injection that indicates the status of the operation. Includes a version hash of the executed template, as well as names of injected resources.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -273,7 +300,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/userVolume</code></td>
|
||||
<td>Specifies one or more user volumes (as a JSON array) to be added to the istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies one or more user volumes (as a JSON array) to be added to the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -282,7 +310,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>sidecar.istio.io/userVolumeMount</code></td>
|
||||
<td>Specifies one or more user volume mounts (as a JSON array) to be added to the istio-proxy sidecar.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies one or more user volume mounts (as a JSON array) to be added to the Envoy sidecar.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -291,7 +320,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>status.sidecar.istio.io/port</code></td>
|
||||
<td>Specifies the HTTP status Port for the istio-proxy sidecar. If zero, the istio-proxy will not provide status.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>Specifies the HTTP status Port for the Envoy sidecar. If zero, the sidecar will not provide status.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -300,6 +330,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>traffic.sidecar.istio.io/excludeInboundPorts</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>A comma separated list of inbound ports to be excluded from redirection to Envoy. Only applies when all inbound traffic (i.e. '*') is being redirected.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -309,6 +340,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>traffic.sidecar.istio.io/excludeOutboundIPRanges</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>A comma separated list of IP ranges in CIDR form to be excluded from redirection. Only applies when all outbound traffic (i.e. '*') is being redirected.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -318,6 +350,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>traffic.sidecar.istio.io/excludeOutboundPorts</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>A comma separated list of outbound ports to be excluded from redirection to Envoy.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -327,6 +360,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>traffic.sidecar.istio.io/includeInboundPorts</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>A comma separated list of inbound ports for which traffic is to be redirected to Envoy. The wildcard character '*' can be used to configure redirection for all ports. An empty list will disable all inbound redirection.</td>
|
||||
</tr>
|
||||
|
||||
|
|
@ -336,7 +370,8 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>traffic.sidecar.istio.io/includeOutboundIPRanges</code></td>
|
||||
<td>A comma separated list of IP ranges in CIDR form to redirect to envoy (optional). The wildcard character '*' can be used to redirect all outbound traffic. An empty list will disable all outbound redirection.</td>
|
||||
<td>[Pod]</td>
|
||||
<td>A comma separated list of IP ranges in CIDR form to redirect to Envoy (optional). The wildcard character '*' can be used to redirect all outbound traffic. An empty list will disable all outbound redirection.</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
|
@ -345,6 +380,7 @@ Istio supports to control its behavior.
|
|||
<tr>
|
||||
|
||||
<td><code>traffic.sidecar.istio.io/kubevirtInterfaces</code></td>
|
||||
<td>[Pod]</td>
|
||||
<td>A comma separated list of virtual interfaces whose inbound traffic (from VM) will be treated as outbound.</td>
|
||||
</tr>
|
||||
|
||||
|
|
|
|||
|
|
@ -14,9 +14,8 @@ number_of_entries: 11
|
|||
<h2 id="Jwt">Jwt</h2>
|
||||
<section>
|
||||
<p>JSON Web Token (JWT) token format for authentication as defined by
|
||||
<a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a>. See <a href="https://tools.ietf.org/html/rfc6749">OAuth
|
||||
2.0</a> and <a href="http://openid.net/connect">OIDC
|
||||
1.0</a> for how this is used in the whole
|
||||
<a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a>. See <a href="https://tools.ietf.org/html/rfc6749">OAuth 2.0</a> and
|
||||
<a href="http://openid.net/connect">OIDC 1.0</a> for how this is used in the whole
|
||||
authentication flow.</p>
|
||||
|
||||
<p>For example:</p>
|
||||
|
|
@ -145,7 +144,7 @@ See https://auth0.com/docs/jwks.</p>
|
|||
header name.</p>
|
||||
|
||||
<p>For example, if <code>header=x-goog-iap-jwt-assertion</code>, the header
|
||||
format will be x-goog-iap-jwt-assertion: <JWT>.</p>
|
||||
format will be <code>x-goog-iap-jwt-assertion: <JWT></code>.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ description: Configuration affecting the service mesh as a whole.
|
|||
location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html
|
||||
layout: protoc-gen-docs
|
||||
generator: protoc-gen-docs
|
||||
number_of_entries: 25
|
||||
number_of_entries: 26
|
||||
---
|
||||
<p>Configuration affecting the service mesh as a whole.</p>
|
||||
|
||||
|
|
@ -45,6 +45,54 @@ Mesh policy cannot be INHERIT.</p>
|
|||
<p>Use the policy defined by the parent scope. Should not be used for mesh
|
||||
policy.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</section>
|
||||
<h2 id="Certificate">Certificate</h2>
|
||||
<section>
|
||||
<p>Certificate configures the provision of a certificate and its key.
|
||||
Example 1: key and cert stored in a secret
|
||||
{ secretName: galley-cert
|
||||
secretNamespace: istio-system
|
||||
dnsNames:
|
||||
- galley.istio-system.svc
|
||||
- galley.mydomain.com
|
||||
}
|
||||
Example 2: key and cert stored in a directory
|
||||
{ dnsNames:
|
||||
- pilot.istio-system
|
||||
- pilot.istio-system.svc
|
||||
- pilot.mydomain.com
|
||||
}</p>
|
||||
|
||||
<table class="message-fields">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Field</th>
|
||||
<th>Type</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr id="Certificate-secret_name">
|
||||
<td><code>secretName</code></td>
|
||||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Name of the secret the certificate and its key will be stored into.
|
||||
If it is empty, it will not be stored into a secret.
|
||||
Instead, the certificate and its key will be stored into a hard-coded directory.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="Certificate-dns_names">
|
||||
<td><code>dnsNames</code></td>
|
||||
<td><code>string[]</code></td>
|
||||
<td>
|
||||
<p>The DNS names for the certificate. A certificate may contain
|
||||
multiple DNS names.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
@ -529,8 +577,23 @@ If service DestinationRule exists and has TLSSettings specified, that is always
|
|||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>The trust domain corresponds to the trust root of a system.
|
||||
Refer to <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain">SPIFFE-ID</a>
|
||||
Fallback to old identity format(without trust domain) if not set.</p>
|
||||
Refer to <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain">SPIFFE-ID</a></p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="MeshConfig-trust_domain_aliases">
|
||||
<td><code>trustDomainAliases</code></td>
|
||||
<td><code>string[]</code></td>
|
||||
<td>
|
||||
<p>The trust domain aliases represent the aliases of <code>trust_domain</code>.
|
||||
For example, if we have</p>
|
||||
|
||||
<pre><code class="language-yaml">trustDomain: td1
|
||||
trustDomainAliases: [“td2”, "td3"]
|
||||
</code></pre>
|
||||
|
||||
<p>Any service with the identity <code>td1/ns/foo/sa/a-service-account</code>, <code>td2/ns/foo/sa/a-service-account</code>,
|
||||
or <code>td3/ns/foo/sa/a-service-account</code> will be treated the same in the Istio mesh.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
@ -668,7 +731,7 @@ It can be enabled by destination using the destinationRule.trafficPolicy.connect
|
|||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Name to be used while emitting statistics for inbound clusters.
|
||||
By default, Istio emits statistics with the pattern inbound|<port>|<port-name>|<service-FQDN>.
|
||||
By default, Istio emits statistics with the pattern inbound|<port>|<port-name>|<service-FQDN>.
|
||||
For example inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local. This can be used to override that pattern.</p>
|
||||
|
||||
<p>A Pattern can be composed of various pre-defined variables. The following variables are supported.
|
||||
|
|
@ -688,7 +751,7 @@ For example inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local. This can b
|
|||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Name to be used while emitting statistics for outbound clusters.
|
||||
By default, Istio emits statistics with the pattern outbound|<port>|<subsetname>|<service-FQDN>.
|
||||
By default, Istio emits statistics with the pattern outbound|<port>|<subsetname>|<service-FQDN>.
|
||||
For example outbound|8080|v2|reviews.prod.svc.cluster.local. This can be used to override that pattern.</p>
|
||||
|
||||
<p>A Pattern can be composed of various pre-defined variables. The following variables are supported.
|
||||
|
|
@ -702,6 +765,14 @@ For example outbound|8080|v2|reviews.prod.svc.cluster.local. This can be used to
|
|||
%SERVICE<em>FQDN%</em>%SERVICE<em>PORT% will use reviews.prod.svc.cluster.local</em>7443 as the stats name.
|
||||
%SERVICE% will use reviews.prod as the stats name.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="MeshConfig-certificates">
|
||||
<td><code>certificates</code></td>
|
||||
<td><code><a href="#Certificate">Certificate[]</a></code></td>
|
||||
<td>
|
||||
<p>Configure the provision of certificates.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
|
|||
|
|
@ -1,12 +1,10 @@
|
|||
---
|
||||
WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/operator' REPO
|
||||
source_repo: https://github.com/istio/operator
|
||||
title: Operator Installation
|
||||
description: Configuration for Istio control plane installation through the Operator.
|
||||
location: https://istio.io/docs/reference/config/istio.operator.v1alpha12.pb.html
|
||||
layout: protoc-gen-docs
|
||||
generator: protoc-gen-docs
|
||||
number_of_entries: 52
|
||||
number_of_entries: 55
|
||||
---
|
||||
<p>IstioControlPlane is a schema for both defining and customizing Istio control plane installations.
|
||||
Running the operator with an empty user defined InstallSpec results in an control plane with default values, using the
|
||||
|
|
@ -19,8 +17,7 @@ Istio.</p>
|
|||
<p>Deeper customization is possible at three levels:</p>
|
||||
|
||||
<ol>
|
||||
<li>New APIs defined in this file</li>
|
||||
</ol>
|
||||
<li><p>New APIs defined in this file</p>
|
||||
|
||||
<p>Feature API: this API groups an Istio install by features and allows enabling/disabling the features, selecting base
|
||||
control plane profiles, as well as some additional high level settings that are feature specific. Each feature contains
|
||||
|
|
@ -28,131 +25,119 @@ one or more components, which correspond to Istio components (Pods) in the clust
|
|||
|
||||
<p>k8s API: this API is a pass through to k8s resource settings for Istio k8s resources. It allows customizing Istio k8s
|
||||
resources like Affinity, Resource requests/limits, PodDisruptionBudgetSpec, Selectors etc. in a more consistent and
|
||||
k8s specific way compared to values.yaml. See KubernetesResourcesSpec in this file for details.</p>
|
||||
k8s specific way compared to values.yaml. See KubernetesResourcesSpec in this file for details.</p></li>
|
||||
|
||||
<ol>
|
||||
<li>values.yaml</li>
|
||||
</ol>
|
||||
<li><p>values.yaml</p>
|
||||
|
||||
<p>The entirety of values.yaml settings is accessible through InstallSpec (see CommonComponentSpec/Values).
|
||||
This API will gradually be deprecated and values there will be moved either into CRDs that are used to directly
|
||||
configure components or, in the case of k8s settings, will be replaced by the new API above.</p>
|
||||
configure components or, in the case of k8s settings, will be replaced by the new API above.</p></li>
|
||||
|
||||
<ol>
|
||||
<li>k8s resource overlays</li>
|
||||
</ol>
|
||||
<li><p>k8s resource overlays</p>
|
||||
|
||||
<p>Once a manifest is rendered from InstallSpec, a further customization can be applied by specifying k8s resource
|
||||
overlays. The concept is similar to kustomize, where JSON patches are applied for object paths. This allows
|
||||
customization at the lowest level and eliminates the need to create ad-hoc template parameters, or edit templates.</p>
|
||||
customization at the lowest level and eliminates the need to create ad-hoc template parameters, or edit templates.</p></li>
|
||||
</ol>
|
||||
|
||||
<p>EXAMPLES</p>
|
||||
<p>Here are a few example uses:</p>
|
||||
|
||||
<ol>
|
||||
<li>Default Istio install</li>
|
||||
</ol>
|
||||
<li><p>Default Istio install</p>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
</code></pre>
|
||||
|
||||
<ol>
|
||||
<li>Default minimal profile install</li>
|
||||
</ol>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
<li>Default minimal profile install
|
||||
<code>yaml
|
||||
spec:
|
||||
profile: minimal
|
||||
</code></pre>
|
||||
</code></li>
|
||||
</ol></li>
|
||||
|
||||
<ol>
|
||||
<li>Default install with telemetry disabled</li>
|
||||
</ol>
|
||||
<li><p>Default install with telemetry disabled</p>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
telemetry:
|
||||
enabled: false
|
||||
telemetry:
|
||||
enabled: false
|
||||
</code></pre>
|
||||
|
||||
<ol>
|
||||
<li>Default install with each feature installed to different namespace and security components in separate namespaces</li>
|
||||
</ol>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
<li>Default install with each feature installed to different namespace and security components in separate namespaces
|
||||
<code>yaml
|
||||
spec:
|
||||
traffic_management:
|
||||
components:
|
||||
namespace: istio-traffic-management
|
||||
namespace: istio-traffic-management
|
||||
policy:
|
||||
components:
|
||||
namespace: istio-policy
|
||||
namespace: istio-policy
|
||||
telemetry:
|
||||
components:
|
||||
namespace: istio-telemetry
|
||||
namespace: istio-telemetry
|
||||
config_management:
|
||||
components:
|
||||
namespace: istio-config-management
|
||||
namespace: istio-config-management
|
||||
security:
|
||||
components:
|
||||
citadel:
|
||||
namespace: istio-citadel
|
||||
cert_manager:
|
||||
namespace: istio-cert-manager
|
||||
node_agent:
|
||||
namespace: istio-node-agent
|
||||
</code></pre>
|
||||
citadel:
|
||||
namespace: istio-citadel
|
||||
cert_manager:
|
||||
namespace: istio-cert-manager
|
||||
node_agent:
|
||||
namespace: istio-node-agent
|
||||
</code></li>
|
||||
</ol></li>
|
||||
|
||||
<ol>
|
||||
<li>Default install with specialized k8s settings for pilot</li>
|
||||
</ol>
|
||||
<li><p>Default install with specialized k8s settings for pilot</p>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
traffic_management:
|
||||
components:
|
||||
pilot:
|
||||
k8s:
|
||||
resources:
|
||||
limits:
|
||||
cpu: 444m
|
||||
memory: 333Mi
|
||||
requests:
|
||||
cpu: 222m
|
||||
memory: 111Mi
|
||||
readinessProbe:
|
||||
failureThreshold: 44
|
||||
initialDelaySeconds: 11
|
||||
periodSeconds: 22
|
||||
successThreshold: 33
|
||||
</code></pre>
|
||||
<ol>
|
||||
<li>Default install with values.yaml customizations for proxy
|
||||
<code>yaml
|
||||
spec:
|
||||
traffic_management:
|
||||
components:
|
||||
pilot:
|
||||
k8s:
|
||||
resources:
|
||||
limits:
|
||||
cpu: 444m
|
||||
memory: 333Mi
|
||||
requests:
|
||||
cpu: 222m
|
||||
memory: 111Mi
|
||||
readinessProbe:
|
||||
failureThreshold: 44
|
||||
initialDelaySeconds: 11
|
||||
periodSeconds: 22
|
||||
successThreshold: 33
|
||||
</code></pre>
|
||||
proxy:
|
||||
values:
|
||||
- global.proxy.enableCoreDump: true
|
||||
- global.proxy.dnsRefreshRate: 10s
|
||||
</code></li>
|
||||
</ol></li>
|
||||
|
||||
<ol>
|
||||
<li>Default install with values.yaml customizations for proxy</li>
|
||||
</ol>
|
||||
<li><p>Default install with modification to container flag in galley</p>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
traffic_management:
|
||||
components:
|
||||
proxy:
|
||||
values:
|
||||
- global.proxy.enableCoreDump: true
|
||||
- global.proxy.dnsRefreshRate: 10s
|
||||
</code></pre>
|
||||
|
||||
<ol>
|
||||
<li>Default install with modification to container flag in galley</li>
|
||||
configuration_management:
|
||||
components:
|
||||
galley:
|
||||
k8s:
|
||||
overlays:
|
||||
- apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
name: istio-galley
|
||||
patches:
|
||||
- path: spec.template.spec.containers.[name:galley].command.[--livenessProbeInterval]
|
||||
value: --livenessProbeInterval=123s
|
||||
</code></pre></li>
|
||||
</ol>
|
||||
|
||||
<pre><code class="language-yaml">spec:
|
||||
configuration_management:
|
||||
components:
|
||||
galley:
|
||||
k8s:
|
||||
overlays:
|
||||
- apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
name: istio-galley
|
||||
patches:
|
||||
- path: spec.template.spec.containers.[name:galley].command.[--livenessProbeInterval]
|
||||
value: --livenessProbeInterval=123s
|
||||
</code></pre>
|
||||
|
||||
<h2 id="AutoInjectionFeatureSpec">AutoInjectionFeatureSpec</h2>
|
||||
<section>
|
||||
<p>Configuration options for auto injection feature.</p>
|
||||
|
|
@ -211,6 +196,98 @@ value: --livenessProbeInterval=123s
|
|||
</tbody>
|
||||
</table>
|
||||
</section>
|
||||
<h2 id="CNIComponentSpec">CNIComponentSpec</h2>
|
||||
<section>
|
||||
<p>Configuration options for cni component.</p>
|
||||
|
||||
<table class="message-fields">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Field</th>
|
||||
<th>Type</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr id="CNIComponentSpec-enabled">
|
||||
<td><code>enabled</code></td>
|
||||
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="CNIComponentSpec-namespace">
|
||||
<td><code>namespace</code></td>
|
||||
<td><code>string</code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="CNIComponentSpec-k8s">
|
||||
<td><code>k8s</code></td>
|
||||
<td><code><a href="#KubernetesResourcesSpec">KubernetesResourcesSpec</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</section>
|
||||
<h2 id="CNIFeatureSpec">CNIFeatureSpec</h2>
|
||||
<section>
|
||||
<p>Configuration options for cni feature.</p>
|
||||
|
||||
<table class="message-fields">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Field</th>
|
||||
<th>Type</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr id="CNIFeatureSpec-enabled">
|
||||
<td><code>enabled</code></td>
|
||||
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
|
||||
<td>
|
||||
<p>Selects whether gateway feature is installed. Must be set for any sub-component to be installed.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="CNIFeatureSpec-components">
|
||||
<td><code>components</code></td>
|
||||
<td><code><a href="#CNIFeatureSpec-Components">CNIFeatureSpec.Components</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</section>
|
||||
<h2 id="CNIFeatureSpec-Components">CNIFeatureSpec.Components</h2>
|
||||
<section>
|
||||
<table class="message-fields">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Field</th>
|
||||
<th>Type</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr id="CNIFeatureSpec-Components-namespace">
|
||||
<td><code>namespace</code></td>
|
||||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Namespace that cni components are installed into.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="CNIFeatureSpec-Components-cni">
|
||||
<td><code>cni</code></td>
|
||||
<td><code><a href="#CNIComponentSpec">CNIComponentSpec</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</section>
|
||||
<h2 id="CertManagerComponentSpec">CertManagerComponentSpec</h2>
|
||||
<section>
|
||||
<p>Configuration options for certificate manager component.</p>
|
||||
|
|
@ -423,7 +500,7 @@ value: --livenessProbeInterval=123s
|
|||
</section>
|
||||
<h2 id="GalleyComponentSpec">GalleyComponentSpec</h2>
|
||||
<section>
|
||||
<p>Configuration options for node agent component.</p>
|
||||
<p>Configuration options for galley component.</p>
|
||||
|
||||
<table class="message-fields">
|
||||
<thead>
|
||||
|
|
@ -642,39 +719,9 @@ value: --livenessProbeInterval=123s
|
|||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr id="InstallStatus-traffic_management">
|
||||
<td><code>trafficManagement</code></td>
|
||||
<td><code><a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="InstallStatus-policy_telemetry">
|
||||
<td><code>policyTelemetry</code></td>
|
||||
<td><code><a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="InstallStatus-security">
|
||||
<td><code>security</code></td>
|
||||
<td><code><a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="InstallStatus-config_management">
|
||||
<td><code>configManagement</code></td>
|
||||
<td><code><a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="InstallStatus-ingress_gateway">
|
||||
<td><code>ingressGateway</code></td>
|
||||
<td><code><a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus[]</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="InstallStatus-egress_gateway">
|
||||
<td><code>egressGateway</code></td>
|
||||
<td><code><a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus[]</a></code></td>
|
||||
<tr id="InstallStatus-status">
|
||||
<td><code>status</code></td>
|
||||
<td><code>map<string, <a href="#InstallStatus-VersionStatus">InstallStatus.VersionStatus</a>></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
@ -737,6 +784,12 @@ value: --livenessProbeInterval=123s
|
|||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="InstallStatus-VersionStatus-error">
|
||||
<td><code>error</code></td>
|
||||
<td><code>string</code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</section>
|
||||
|
|
@ -841,6 +894,12 @@ Because the spec is a customization API, specifying an empty InstallSpec results
|
|||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="IstioControlPlaneSpec-cni">
|
||||
<td><code>cni</code></td>
|
||||
<td><code><a href="#CNIFeatureSpec">CNIFeatureSpec</a></code></td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="IstioControlPlaneSpec-values">
|
||||
<td><code>values</code></td>
|
||||
<td><code><a href="#TypeMapStringInterface">TypeMapStringInterface</a></code></td>
|
||||
|
|
|
|||
|
|
@ -389,7 +389,7 @@ or part of the mesh.</p>
|
|||
<p>REQUIRED: Service discovery mode for the hosts. Care must be taken
|
||||
when setting the resolution mode to NONE for a TCP port without
|
||||
accompanying IP addresses. In such cases, traffic to any IP on
|
||||
said port will be allowed (i.e. 0.0.0.0:<port>).</p>
|
||||
said port will be allowed (i.e. 0.0.0.0:<port>).</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -707,6 +707,17 @@ e.g. <em>x-request-id</em>.</p>
|
|||
only expose a single port or label ports with the protocols they support,
|
||||
in these cases it is not required to explicitly select the port.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="HTTPMatchRequest-source_labels">
|
||||
<td><code>sourceLabels</code></td>
|
||||
<td><code>map<string, string></code></td>
|
||||
<td>
|
||||
<p>One or more labels that constrain the applicability of a rule to
|
||||
workloads with the given labels. If the VirtualService has a list of
|
||||
gateways specified at the top, it must include the reserved gateway
|
||||
<code>mesh</code> for this field to be applicable.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="HTTPMatchRequest-query_params">
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ failClose: true
|
|||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Query method to check.
|
||||
Format: data.<package name>.<method name></p>
|
||||
Format: <code>data.<package name>.<method name></code></p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ quotas:
|
|||
<td><code>redisServerUrl</code></td>
|
||||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Redis connection string <hostname>:<port number>
|
||||
<p>Redis connection string <code><hostname>:<port number></code>
|
||||
ex) localhost:6379</p>
|
||||
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -182,8 +182,8 @@ spans.</p>
|
|||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Required. The name of the metric as it is sent to the adapter. In
|
||||
Kubernetes this is of the form “<name>.metric.<namespace>” where
|
||||
“<name>” is the name field of the metric resource, and “<namespace>”
|
||||
Kubernetes this is of the form <code><name>.metric.<namespace></code> where
|
||||
<code><name></code> is the name field of the metric resource, and <code><namespace></code>
|
||||
is the namespace of the metric resource.</p>
|
||||
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -267,10 +267,12 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
|
|||
See https://godoc.org/cloud.google.com/go/logging/logadmin#Sink.
|
||||
Ex: If you want to export it to a GCS bucket, id would be a unique idetifier you want for the sink,
|
||||
destination would be the storage be name of GCS Storage bucket and filter would be user defined condition for
|
||||
filtering logs. See below for a sample config:
|
||||
id: ‘info-errors-to-gcs’
|
||||
destination: ‘storage.googleapis.com/<bucket_name>’
|
||||
filter: ‘severity >= Default’</p>
|
||||
filtering logs. See below for a sample config:</p>
|
||||
|
||||
<pre><code class="language-yaml">id: 'info-errors-to-gcs'
|
||||
destination: 'storage.googleapis.com/<bucket_name>'
|
||||
filter: 'severity >= Default'
|
||||
</code></pre>
|
||||
|
||||
<table class="message-fields">
|
||||
<thead>
|
||||
|
|
|
|||
|
|
@ -439,6 +439,17 @@ Report. This typically includes “destination.ip” and
|
|||
<p>Default attributes to forward to upstream. This typically
|
||||
includes the “source.ip” and “source.uid” attributes.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="HttpClientConfig-ignore_forwarded_attributes">
|
||||
<td><code>ignoreForwardedAttributes</code></td>
|
||||
<td><code>bool</code></td>
|
||||
<td>
|
||||
<p>Whether or not to use attributes forwarded in the request headers to
|
||||
create the attribute bag to send to mixer. For intra-mesh traffic,
|
||||
this should be set to “false”. For ingress/egress gateways, this
|
||||
should be set to “true”.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
|
@ -819,12 +830,15 @@ includes the “source.ip” and “source.uid” attributes.
|
|||
In case of a per-route override, per-route attributes take precedence
|
||||
over the attributes supplied in the client configuration.</p>
|
||||
|
||||
<p>Forwarded attributes take precedence over the static Mixer attributes.
|
||||
The full order of application is as follows:
|
||||
<p>Forwarded attributes take precedence over the static Mixer attributes,
|
||||
except in cases where there is clear configuration to ignore forwarded
|
||||
attributes. Gateways, for instance, should never use forwarded attributes.</p>
|
||||
|
||||
<p>The full order of application is as follows:
|
||||
1. static Mixer attributes from the filter config;
|
||||
2. static Mixer attributes from the route config;
|
||||
3. forwarded attributes from the source filter config (if any);
|
||||
4. forwarded attributes from the source route config (if any);
|
||||
3. forwarded attributes from the source filter config (if any and not ignored);
|
||||
4. forwarded attributes from the source route config (if any and not ignored);
|
||||
5. derived attributes from the request metadata.</p>
|
||||
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -184,8 +184,7 @@ same namespace as the authorization policy.</p>
|
|||
<td><code>string</code></td>
|
||||
<td>
|
||||
<p>Required. The name of an Istio attribute.
|
||||
Note: Check https://istio.io/docs/reference/config/ for the list of supported
|
||||
attribute name.</p>
|
||||
See the <a href="/docs/reference/config/">full list of supported attributes</a>.</p>
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -80,3 +80,14 @@ messages:
|
|||
type: string
|
||||
- name: port
|
||||
type: int
|
||||
|
||||
- name: "IstioProxyVersionMismatch"
|
||||
code: IST0105
|
||||
level: Warning
|
||||
description: "The version of the Istio proxy running on the pod does not match the version used by the istio injector."
|
||||
template: "The version of the Istio proxy running on the pod does not match the version used by the istio injector (pod version: %s; injector version: %s). This often happens after upgrading the Istio control-plane and can be fixed by redeploying the pod."
|
||||
args:
|
||||
- name: proxyVersion
|
||||
type: string
|
||||
- name: injectionVersion
|
||||
type: string
|
||||
|
|
|
|||
Loading…
Reference in New Issue