istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update reference docs. (#5136)

This commit is contained in:
Martin Taillefer 2019-10-11 13:18:13 -07:00 committed by GitHub
parent c82861d10e
commit 9aaf5e4cba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 3590 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/en/docs/reference/commands/galley/index.html
View File

@ -199,7 +199,7 @@ number_of_entries: 5
<tr>
<td><code>--disableResourceReadyCheck</code></td>
<td></td>
<td>(DEPRECATED) Disable resource readiness checks. This allows Galley to start if not all resource types are supported </td>
<td>Disable resource readiness checks. This allows Galley to start if not all resource types are supported </td>
</tr>
<tr>
<td><code>--domain &lt;string&gt;</code></td>
@ -239,7 +239,7 @@ number_of_entries: 5
<tr>
<td><code>--excludedResourceKinds &lt;stringSlice&gt;</code></td>
<td></td>
<td>(DEPRECATED) Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Namespace,Node,Pod,Service]`)</td>
<td>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Namespace,Node,Pod,Service]`)</td>
</tr>
<tr>
<td><code>--insecure</code></td>

326
content/en/docs/reference/commands/istioctl/index.html
View File

@ -4,7 +4,7 @@ source_repo: https://github.com/istio/istio
title: istioctl
description: Istio control interface.
generator: pkg-collateral-docs
number_of_entries: 63
number_of_entries: 69
---
<p>Istio configuration command line utility for service operators to
debug and diagnose their Istio mesh.
@ -1571,6 +1571,13 @@ customization file (default `[]`)</td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--rename &lt;string&gt;</code></td>
<td></td>
<td>renameResources identifies renamed resources before comparison.
The format of each renaming pair is A-&gt;B, all renaming pairs are comma separated.
e.g. Service:*:istio-pilot-&gt;Service:*:istio-control - rename istio-pilot service into istio-control (default ``)</td>
</tr>
<tr>
<td><code>--select &lt;string&gt;</code></td>
<td></td>
<td>selectResources constrains the list of resources to compare to only the ones in this list, ignoring all others.
@ -1835,6 +1842,323 @@ istioctl experimental metrics productpage-v1
# Retrieve workload metrics for various services in the different namespaces
istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
</code></pre>
<h2 id="istioctl-experimental-post-install">istioctl experimental post-install</h2>
<p>Commands related to post-install</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h2 id="istioctl-experimental-post-install-webhook">istioctl experimental post-install webhook</h2>
<p>webhook command to manage webhook configurations</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h2 id="istioctl-experimental-post-install-webhook-disable">istioctl experimental post-install webhook disable</h2>
<p>Disable webhook configurations</p>
<pre class="language-bash"><code>istioctl experimental post-install webhook disable [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--injection</code></td>
<td></td>
<td>Disable mutating webhook (default true). </td>
</tr>
<tr>
<td><code>--injection-config &lt;string&gt;</code></td>
<td></td>
<td>The mutating webhook configuration to disable. (default `istio-sidecar-injector`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--validation</code></td>
<td></td>
<td>Disable validating webhook (default true). </td>
</tr>
<tr>
<td><code>--validation-config &lt;string&gt;</code></td>
<td></td>
<td>The validating webhook configuration to disable. (default `istio-galley`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-post-install-webhook-disable Examples">Examples</h3>
<pre class="language-bash"><code>
# Disable all webhooks
istioctl experimental post-install webhook disable
# Disable all webhooks except injection
istioctl experimental post-install webhook disable --injection=false
</code></pre>
<h2 id="istioctl-experimental-post-install-webhook-enable">istioctl experimental post-install webhook enable</h2>
<p>This command is used to enable webhook configurations after installing Istio.
For previous Istio versions (e.g., 1.2, 1.3, etc), this command is not needed
because in previous versions webhooks manage their own configurations.</p>
<pre class="language-bash"><code>istioctl experimental post-install webhook enable [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--ca-bundle-file &lt;string&gt;</code></td>
<td></td>
<td>PEM encoded CA bundle which will be used to validate the webhook&#39;s server certificates. If this is empty, the kube-apisever&#39;s root CA is used if it can be confirmed to have signed the webhook&#39;s certificates. This condition is sometimes true but is not guaranteed (see https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping) (default ``)</td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--injection</code></td>
<td></td>
<td>Enable injection webhook (default true). </td>
</tr>
<tr>
<td><code>--injection-path &lt;string&gt;</code></td>
<td></td>
<td>The file path of the injection webhook configuration. (default ``)</td>
</tr>
<tr>
<td><code>--injection-service &lt;string&gt;</code></td>
<td></td>
<td>The service name of the injection webhook to manage. (default `istio-sidecar-injector`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--read-cert-timeout &lt;duration&gt;</code></td>
<td></td>
<td> Max time for waiting the webhook certificate to be readable. (default `1m0s`)</td>
</tr>
<tr>
<td><code>--timeout &lt;duration&gt;</code></td>
<td></td>
<td> Max time for checking the validating webhook server. If the validating webhook server is not readyin the given time, exit. Otherwise, apply the webhook configuration. (default `1m0s`)</td>
</tr>
<tr>
<td><code>--validation</code></td>
<td></td>
<td>Enable validatation webhook (default true). </td>
</tr>
<tr>
<td><code>--validation-path &lt;string&gt;</code></td>
<td></td>
<td>The file path of the validation webhook configuration. (default ``)</td>
</tr>
<tr>
<td><code>--validation-service &lt;string&gt;</code></td>
<td></td>
<td>The service name of the validation webhook to manage. (default `istio-galley`)</td>
</tr>
<tr>
<td><code>--webhook-secret &lt;string&gt;</code></td>
<td></td>
<td>The name of an existing Kubernetes secret of a webhook. istioctl will verify that the webhook certificate is issued by the CA certificate. (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-post-install-webhook-enable Examples">Examples</h3>
<pre class="language-bash"><code>
# Enable the webhook configuration of Galley with the given webhook configuration
istioctl experimental post-install webhook enable --validation --webhook-secret istio.webhook.galley
--namespace istio-system --validation-path validatingwebhookconfiguration.yaml
# Enable the webhook configuration of Galley with the given webhook configuration and CA certificate
istioctl experimental post-install webhook enable --validation --webhook-secret istio.webhook.galley
--namespace istio-system --validation-path validatingwebhookconfiguration.yaml --ca-bundle-file ./k8s-ca-cert.pem
</code></pre>
<h2 id="istioctl-experimental-post-install-webhook-status">istioctl experimental post-install webhook status</h2>
<p>Get webhook configurations</p>
<pre class="language-bash"><code>istioctl experimental post-install webhook status [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--injection</code></td>
<td></td>
<td>Display the injection webhook configuration. </td>
</tr>
<tr>
<td><code>--injection-config &lt;string&gt;</code></td>
<td></td>
<td>The name of the MutatingWebhookConfiguration to display. (default `istio-sidecar-injector`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, all, analysis, attributes, authn, cacheLog, citadelClientLog, configMapController, conversions, default, googleCAClientLog, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, name, patch, processing, rbac, resource, runtime, sdsServiceLog, secretFetcherLog, source, stsClientLog, tpath, translator, util, validation, vaultClientLog] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info,processing:error,source:error`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--validation</code></td>
<td></td>
<td>Display the validating webhook configuration. </td>
</tr>
<tr>
<td><code>--validation-config &lt;string&gt;</code></td>
<td></td>
<td>The name of the ValidatingWebhookConfiguration to display. (default `istio-galley`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-post-install-webhook-status Examples">Examples</h3>
<pre class="language-bash"><code>
# Display the webhook configuration of Galley
istioctl experimental post-install webhook status --validation --validation-config istio-galley
# Display the webhook configuration of Galley and Sidecar Injector
istioctl experimental post-install webhook status --validation --validation-config istio-galley
--injection --injection-config istio-sidecar-injector
</code></pre>
<h2 id="istioctl-experimental-profile">istioctl experimental profile</h2>
<p>The profile subcommand lists, dumps or diffs Istio configuration profiles.</p>

12
content/en/docs/reference/commands/mixs/index.html
View File

@ -30,11 +30,11 @@ nexus for policy evaluation and telemetry reporting.</p>
</tr>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [adapters, all, api, attributes, default, grpcAdapter, kube-converter, loadshedding, mcp, meshconfig] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [adapters, all, api, attributes, default, grpcAdapter, loadshedding, mcp] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, kube-converter, loadshedding, mcp, meshconfig] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, loadshedding, mcp] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -54,7 +54,7 @@ nexus for policy evaluation and telemetry reporting.</p>
</tr>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, kube-converter, loadshedding, mcp, meshconfig] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, loadshedding, mcp] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>
@ -182,12 +182,12 @@ nexus for policy evaluation and telemetry reporting.</p>
<tr>
<td><code>--log_caller &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [adapters, all, api, attributes, default, grpcAdapter, kube-converter, loadshedding, mcp, meshconfig] (default ``)</td>
<td>Comma-separated list of scopes for which to include caller information, scopes can be any of [adapters, all, api, attributes, default, grpcAdapter, loadshedding, mcp] (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, kube-converter, loadshedding, mcp, meshconfig] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, loadshedding, mcp] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--log_rotate &lt;string&gt;</code></td>
@ -212,7 +212,7 @@ nexus for policy evaluation and telemetry reporting.</p>
<tr>
<td><code>--log_stacktrace_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, kube-converter, loadshedding, mcp, meshconfig] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
<td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope:level&gt;,... where scope can be one of [adapters, all, api, attributes, default, grpcAdapter, loadshedding, mcp] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td>
</tr>
<tr>
<td><code>--log_target &lt;stringArray&gt;</code></td>

66
content/en/docs/reference/config/authorization/istio.rbac.v1alpha1/index.html
View File

@ -87,6 +87,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -101,6 +102,9 @@ For example, the service name &ldquo;bookstore.mtv.cluster.local&rdquo; matches
or &ldquo;*.mtv.cluster.local&rdquo; (suffix match).
If set to [&rdquo;*&rdquo;], it refers to all services in the namespace.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AccessRule-paths">
@ -116,6 +120,9 @@ or &ldquo;/books/*&rdquo; (prefix match), or &ldquo;*/review&rdquo; (suffix matc
If not specified, it matches to any path.
This field should not be set for TCP services. The policy will be ignored.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AccessRule-methods">
@ -127,6 +134,9 @@ If not specified or specified as &ldquo;*&rdquo;, it matches to any methods.
This field should not be set for TCP services. The policy will be ignored.
For gRPC services, only <code>POST</code> is allowed; other methods will result in denying services.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AccessRule-constraints">
@ -135,6 +145,9 @@ For gRPC services, only <code>POST</code> is allowed; other methods will result
<td>
<p>Optional. Extra constraints in the ServiceRole specification.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -150,6 +163,7 @@ For gRPC services, only <code>POST</code> is allowed; other methods will result
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -159,6 +173,9 @@ For gRPC services, only <code>POST</code> is allowed; other methods will result
<td>
<p>Key of the constraint.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AccessRule-Constraint-values">
@ -170,6 +187,9 @@ Exact match, prefix match, and suffix match are supported.
For example, the value &ldquo;v1alpha2&rdquo; matches &ldquo;v1alpha2&rdquo; (exact match),
or &ldquo;v1*&rdquo; (prefix match), or &ldquo;*alpha2&rdquo; (suffix match).</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -177,8 +197,8 @@ or &ldquo;v1*&rdquo; (prefix match), or &ldquo;*alpha2&rdquo; (suffix match).</p
</section>
<h2 id="RbacConfig">RbacConfig</h2>
<section>
<p>RbacConfig implements the ClusterRbaConfig Custom Resource Definition for controlling Istio RBAC behavior.
The ClusterRbaConfig Custom Resource is a singleton where only one ClusterRbaConfig should be created
<p>RbacConfig implements the ClusterRbacConfig Custom Resource Definition for controlling Istio RBAC behavior.
The ClusterRbacConfig Custom Resource is a singleton where only one ClusterRbacConfig should be created
globally in the mesh and the namespace should be the same to other Istio components, which usually is <code>istio-system</code>.</p>
<p>Below is an example of an <code>ClusterRbacConfig</code> resource called <code>istio-rbac-config</code> which enables Istio RBAC for all
@ -201,6 +221,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -210,6 +231,9 @@ spec:
<td>
<p>Istio RBAC mode.</p>
</td>
<td>
No
</td>
</tr>
<tr id="RbacConfig-inclusion">
@ -219,6 +243,9 @@ spec:
<p>A list of services or namespaces that should be enforced by Istio RBAC policies. Note: This field have
effect only when mode is ON<em>WITH</em>INCLUSION and will be ignored for any other modes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="RbacConfig-exclusion">
@ -228,6 +255,9 @@ effect only when mode is ON<em>WITH</em>INCLUSION and will be ignored for any ot
<p>A list of services or namespaces that should not be enforced by Istio RBAC policies. Note: This field have
effect only when mode is ON<em>WITH</em>EXCLUSION and will be ignored for any other modes.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -287,6 +317,7 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -296,6 +327,9 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA
<td>
<p>A list of services.</p>
</td>
<td>
No
</td>
</tr>
<tr id="RbacConfig-Target-namespaces">
@ -304,6 +338,9 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA
<td>
<p>A list of namespaces.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -319,6 +356,7 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -329,6 +367,9 @@ services and namespaces not in the exclusion field will be enforced by Istio RBA
<p>Required. The type of the role being referenced.
Currently, &ldquo;ServiceRole&rdquo; is the only supported value for &ldquo;kind&rdquo;.</p>
</td>
<td>
No
</td>
</tr>
<tr id="RoleRef-name">
@ -338,6 +379,9 @@ Currently, &ldquo;ServiceRole&rdquo; is the only supported value for &ldquo;kind
<p>Required. The name of the ServiceRole object being referenced.
The ServiceRole object must be in the same namespace as the ServiceRoleBinding object.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -353,6 +397,7 @@ The ServiceRole object must be in the same namespace as the ServiceRoleBinding o
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -362,6 +407,9 @@ The ServiceRole object must be in the same namespace as the ServiceRoleBinding o
<td>
<p>Required. The set of access rules (permissions) that the role has.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -377,6 +425,7 @@ The ServiceRole object must be in the same namespace as the ServiceRoleBinding o
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -386,6 +435,9 @@ The ServiceRole object must be in the same namespace as the ServiceRoleBinding o
<td>
<p>Required. List of subjects that are assigned the ServiceRole object.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceRoleBinding-roleRef">
@ -394,6 +446,9 @@ The ServiceRole object must be in the same namespace as the ServiceRoleBinding o
<td>
<p>Required. Reference to the ServiceRole object.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -410,6 +465,7 @@ The supported keys in <code>properties</code> are listed in &ldquo;constraint an
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -419,6 +475,9 @@ The supported keys in <code>properties</code> are listed in &ldquo;constraint an
<td>
<p>Optional. The user name/ID that the subject represents.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Subject-properties">
@ -427,6 +486,9 @@ The supported keys in <code>properties</code> are listed in &ldquo;constraint an
<td>
<p>Optional. The set of properties that identify the subject.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

90
content/en/docs/reference/config/istio.authentication.v1alpha1/index.html
View File

@ -70,6 +70,7 @@ triggerRules:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -84,6 +85,9 @@ Usually a URL or an email address.</p>
<p>Example: https://securetoken.google.com
Example: 1234567-compute@developer.gserviceaccount.com</p>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-audiences">
@ -104,6 +108,9 @@ audiences will be accepted.</p>
bookstore_web.apps.googleusercontent.com
</code></pre>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-jwks_uri">
@ -123,6 +130,9 @@ Google service account).</p>
<p>Note: Only one of jwks_uri and jwks should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-jwks">
@ -134,6 +144,9 @@ See https://auth0.com/docs/jwks.</p>
<p>Note: Only one of jwks_uri and jwks should be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-jwt_headers">
@ -146,6 +159,9 @@ header name.</p>
<p>For example, if <code>header=x-goog-iap-jwt-assertion</code>, the header
format will be <code>x-goog-iap-jwt-assertion: &lt;JWT&gt;</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-jwt_params">
@ -157,6 +173,9 @@ query parameter name.</p>
<p>For example, <code>query=jwt_token</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-trigger_rules">
@ -169,6 +188,9 @@ If the list is not empty and none of the rules matched, authentication will
skip the JWT validation.
Leave this empty to always trigger the JWT validation.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -185,6 +207,7 @@ and only if both rules, excluded<em>paths and include</em>paths are satisfied.</
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -195,6 +218,9 @@ and only if both rules, excluded<em>paths and include</em>paths are satisfied.</
<p>List of paths to be excluded from the request. The rule is satisfied if
request path does not match to any of the path in this list.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Jwt-TriggerRule-included_paths">
@ -205,6 +231,9 @@ request path does not match to any of the path in this list.</p>
rule is satisfied if request path matches at least one of the path in the list.
If the list is empty, the rule is ignored, in other words the rule is always satisfied.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -220,6 +249,7 @@ If the list is empty, the rule is ignored, in other words the rule is always sat
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -234,6 +264,9 @@ extracted and used (set to peer identity). Otherwise, peer identity will
be left unset.
When the flag is false (default), request must have client certificate.</p>
</td>
<td>
No
</td>
</tr>
<tr id="MutualTls-mode">
@ -242,6 +275,9 @@ When the flag is false (default), request must have client certificate.</p>
<td>
<p>Defines the mode of mTLS authentication.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -288,6 +324,7 @@ Currently, only JWT is supported for origin authentication.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -297,6 +334,9 @@ Currently, only JWT is supported for origin authentication.</p>
<td>
<p>Jwt params for the method.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -316,6 +356,7 @@ The type can be progammatically determine by checking the type of the
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -325,6 +366,9 @@ The type can be progammatically determine by checking the type of the
<td>
<p>Set if mTLS is used.</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -409,6 +453,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -419,6 +464,9 @@ spec:
<p>List rules to select workloads that the policy should be applied on.
If empty, policy will be used on all workloads in the same namespace.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Policy-peers">
@ -431,6 +479,9 @@ set peer identity (source.user) and other peer attributes. If none of
these methods pass, request will be rejected with authentication failed error (401).
Leave the list empty if peer authentication is not required</p>
</td>
<td>
No
</td>
</tr>
<tr id="Policy-peer_is_optional">
@ -443,6 +494,9 @@ Typically, this is used to delay the rejection decision to next layer (e.g
authorization).
This flag is ignored if no authentication defined for peer (peers field is empty).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Policy-origins">
@ -458,6 +512,9 @@ A method may be skipped, depends on its trigger rule. If all of these methods
are skipped, origin authentication will be ignored, as if it is not defined.
Leave the list empty if origin authentication is not required.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Policy-origin_is_optional">
@ -470,6 +527,9 @@ Typically, this is used to delay the rejection decision to next layer (e.g
authorization).
This flag is ignored if no authentication defined for origin (origins field is empty).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Policy-principal_binding">
@ -483,6 +543,9 @@ authentication is not defined, or failed, principal will be left unset.
In other words, binding rule does not affect the decision to accept or
reject request.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -500,6 +563,7 @@ networking API to avoid dependency.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -509,6 +573,9 @@ networking API to avoid dependency.</p>
<td>
<p>Valid port number</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="PortSelector-name" class="oneof">
@ -517,6 +584,9 @@ networking API to avoid dependency.</p>
<td>
<p>Port name</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -561,6 +631,7 @@ networking API to avoid dependency.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -570,6 +641,9 @@ networking API to avoid dependency.</p>
<td>
<p>exact string match.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-prefix" class="oneof">
@ -578,6 +652,9 @@ networking API to avoid dependency.</p>
<td>
<p>prefix-based match.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-suffix" class="oneof">
@ -586,6 +663,9 @@ networking API to avoid dependency.</p>
<td>
<p>suffix-based match.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-regex" class="oneof">
@ -595,6 +675,9 @@ networking API to avoid dependency.</p>
<p>ECMAscript style regex-based match as defined by <a href="http://en.cppreference.com/w/cpp/regex/ecmascript">EDCA-262</a>.
Example: &ldquo;^/pets/(.*?)?&rdquo;</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -611,6 +694,7 @@ if it is associated with the service name and service port(s) specified in the s
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -621,6 +705,9 @@ if it is associated with the service name and service port(s) specified in the s
<p>REQUIRED. The name must be a short name from the service registry. The
fully qualified domain name will be resolved in a platform specific manner.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TargetSelector-ports">
@ -644,6 +731,9 @@ spec:
<p>Leave empty to match all ports that are exposed.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

320
content/en/docs/reference/config/istio.mesh.v1alpha1/index.html
View File

File diff suppressed because it is too large Load Diff

693
content/en/docs/reference/config/istio.operator.v1alpha12.pb/index.html
View File

File diff suppressed because it is too large Load Diff

166
content/en/docs/reference/config/networking/v1alpha3/destination-rule/index.html
View File

@ -109,6 +109,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -118,6 +119,9 @@ spec:
<td>
<p>Settings common to both HTTP and TCP upstream connections.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-http">
@ -126,6 +130,9 @@ spec:
<td>
<p>HTTP connection pool settings.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -141,6 +148,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -150,6 +158,9 @@ spec:
<td>
<p>Maximum number of pending HTTP requests to a destination. Default 1024.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-http2_max_requests">
@ -158,6 +169,9 @@ spec:
<td>
<p>Maximum number of requests to a backend. Default 1024.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-max_requests_per_connection">
@ -168,6 +182,9 @@ spec:
parameter to 1 disables keep alive. Default 0, meaning &ldquo;unlimited&rdquo;,
up to 2^29.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-max_retries">
@ -177,6 +194,9 @@ up to 2^29.</p>
<p>Maximum number of retries that can be outstanding to all hosts in a
cluster at a given time. Defaults to 1024.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-idle_timeout">
@ -187,6 +207,9 @@ cluster at a given time. Defaults to 1024.</p>
If not set, there is no idle timeout. When the idle timeout is reached the connection will be closed.
Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-HTTPSettings-h2_upgrade_policy">
@ -195,6 +218,9 @@ Note that request based timeouts mean that HTTP/2 PINGs will not keep the connec
<td>
<p>Specify if http1.1 connection should be upgraded to http2 for the associated destination.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -248,6 +274,7 @@ This opt-in option overrides the default.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -257,6 +284,9 @@ This opt-in option overrides the default.</p>
<td>
<p>Maximum number of HTTP1 /TCP connections to a destination host. Default 1024.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-connect_timeout">
@ -265,6 +295,9 @@ This opt-in option overrides the default.</p>
<td>
<p>TCP connection timeout.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-tcp_keepalive">
@ -273,6 +306,9 @@ This opt-in option overrides the default.</p>
<td>
<p>If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -288,6 +324,7 @@ This opt-in option overrides the default.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -299,6 +336,9 @@ This opt-in option overrides the default.</p>
deciding the connection is dead. Default is to use the OS level configuration
(unless overridden, Linux defaults to 9.)</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-TcpKeepalive-time">
@ -309,6 +349,9 @@ deciding the connection is dead. Default is to use the OS level configuration
probes start being sent. Default is to use the OS level configuration
(unless overridden, Linux defaults to 7200s (ie 2 hours.)</p>
</td>
<td>
No
</td>
</tr>
<tr id="ConnectionPoolSettings-TCPSettings-TcpKeepalive-interval">
@ -319,6 +362,9 @@ probes start being sent. Default is to use the OS level configuration
Default is to use the OS level configuration
(unless overridden, Linux defaults to 75s.)</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -335,6 +381,7 @@ after routing has occurred.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -359,6 +406,9 @@ qualified domain names over short names.</em></p>
<p>Note that the host field applies to both HTTP and TCP services.</p>
</td>
<td>
No
</td>
</tr>
<tr id="DestinationRule-traffic_policy">
@ -368,6 +418,9 @@ qualified domain names over short names.</em></p>
<p>Traffic policies to apply (load balancing policy, connection pool
sizes, outlier detection).</p>
</td>
<td>
No
</td>
</tr>
<tr id="DestinationRule-subsets">
@ -377,6 +430,9 @@ sizes, outlier detection).</p>
<p>One or more named sets that represent individual versions of a
service. Traffic policies can be overridden at subset level.</p>
</td>
<td>
No
</td>
</tr>
<tr id="DestinationRule-export_to">
@ -401,6 +457,9 @@ defines an export to all namespaces.</p>
<p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
&ldquo;.&rdquo; or &ldquo;*&rdquo; (i.e., the current namespace or all namespaces).</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -451,6 +510,7 @@ the User cookie as the hash key.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -459,12 +519,18 @@ the User cookie as the hash key.</p>
<td><code><a href="#LoadBalancerSettings-SimpleLB">LoadBalancerSettings.SimpleLB (oneof)</a></code></td>
<td>
</td>
<td>
Yes
</td>
</tr>
<tr id="LoadBalancerSettings-consistent_hash" class="oneof">
<td><code>consistentHash</code></td>
<td><code><a href="#LoadBalancerSettings-ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB (oneof)</a></code></td>
<td>
</td>
<td>
Yes
</td>
</tr>
</tbody>
</table>
@ -484,6 +550,7 @@ service.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -493,6 +560,9 @@ service.</p>
<td>
<p>Hash based on a specific HTTP header.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-http_cookie" class="oneof">
@ -501,6 +571,9 @@ service.</p>
<td>
<p>Hash based on HTTP cookie.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-use_source_ip" class="oneof">
@ -509,6 +582,9 @@ service.</p>
<td>
<p>Hash based on the source IP address.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-minimum_ring_size">
@ -521,6 +597,9 @@ load distributions. If the number of hosts in the load balancing
pool is larger than the ring size, each host will be assigned a
single virtual node.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -538,6 +617,7 @@ be generated.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -547,6 +627,9 @@ be generated.</p>
<td>
<p>REQUIRED. Name of the cookie.</p>
</td>
<td>
No
</td>
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-HTTPCookie-path">
@ -555,6 +638,9 @@ be generated.</p>
<td>
<p>Path to set for the cookie.</p>
</td>
<td>
No
</td>
</tr>
<tr id="LoadBalancerSettings-ConsistentHashLB-HTTPCookie-ttl">
@ -563,6 +649,9 @@ be generated.</p>
<td>
<p>REQUIRED. Lifetime of the cookie.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -662,6 +751,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -675,6 +765,9 @@ pool. Defaults to 5. When the upstream host is accessed over HTTP, a
is accessed over an opaque TCP connection, connect timeouts and
connection error/failure events qualify as an error.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutlierDetection-interval">
@ -684,6 +777,9 @@ connection error/failure events qualify as an error.</p>
<p>Time interval between ejection sweep analysis. format:
1h/1m/1s/1ms. MUST BE &gt;=1ms. Default is 10s.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutlierDetection-base_ejection_time">
@ -696,6 +792,9 @@ times the host has been ejected. This technique allows the system to
automatically increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms. Default is 30s.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutlierDetection-max_ejection_percent">
@ -705,6 +804,9 @@ servers. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms. Default is 30s.</p>
<p>Maximum % of hosts in the load balancing pool for the upstream
service that can be ejected. Defaults to 10%.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutlierDetection-min_health_percent">
@ -719,6 +821,9 @@ across all hosts in the pool (healthy and unhealthy). The threshold can be
disabled by setting it to 0%. The default is 0% as it&rsquo;s not typically
applicable in k8s environments with few pods per service.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -768,6 +873,7 @@ can be used to identify a specific SNI host corresponding to the named subset.</
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -778,6 +884,9 @@ can be used to identify a specific SNI host corresponding to the named subset.</
<p>REQUIRED. Name of the subset. The service name and the subset name can
be used for traffic splitting in a route rule.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Subset-labels">
@ -787,6 +896,9 @@ be used for traffic splitting in a route rule.</p>
<p>Labels apply a filter over the endpoints of a service in the
service registry. See route rules for examples of usage.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Subset-traffic_policy">
@ -798,6 +910,9 @@ traffic policies specified at the DestinationRule level. Settings
specified at the subset level will override the corresponding settings
specified at the DestinationRule level.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -860,6 +975,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -870,6 +986,9 @@ spec:
<p>REQUIRED: Indicates whether connections to this port should be secured
using TLS. The value of this field determines how TLS is enforced.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSSettings-client_certificate">
@ -880,6 +999,9 @@ using TLS. The value of this field determines how TLS is enforced.</p>
client-side TLS certificate to use.
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSSettings-private_key">
@ -890,6 +1012,9 @@ Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
client&rsquo;s private key.
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSSettings-ca_certificates">
@ -901,6 +1026,9 @@ certificates to use in verifying a presented server certificate. If
omitted, the proxy will not verify the server&rsquo;s certificate.
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSSettings-subject_alt_names">
@ -913,6 +1041,9 @@ certificate&rsquo;s subject alt name matches one of the specified values.
If specified, this list overrides the value of subject<em>alt</em>names
from the ServiceEntry.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSSettings-sni">
@ -921,6 +1052,9 @@ from the ServiceEntry.</p>
<td>
<p>SNI string to present to the server during TLS handshake.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -985,6 +1119,7 @@ destination ports. See DestinationRule for examples.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -994,6 +1129,9 @@ destination ports. See DestinationRule for examples.</p>
<td>
<p>Settings controlling the load balancer algorithms.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-connection_pool">
@ -1002,6 +1140,9 @@ destination ports. See DestinationRule for examples.</p>
<td>
<p>Settings controlling the volume of connections to an upstream service</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-outlier_detection">
@ -1010,6 +1151,9 @@ destination ports. See DestinationRule for examples.</p>
<td>
<p>Settings controlling eviction of unhealthy hosts from the load balancing pool</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-tls">
@ -1018,6 +1162,9 @@ destination ports. See DestinationRule for examples.</p>
<td>
<p>TLS related settings for connections to the upstream service.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-port_level_settings">
@ -1030,6 +1177,9 @@ settings specified at the destination-level will not be inherited when
overridden by port-level settings, i.e. default values will be applied
to fields omitted in port-level traffic policies.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1045,6 +1195,7 @@ to fields omitted in port-level traffic policies.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1055,6 +1206,9 @@ to fields omitted in port-level traffic policies.</p>
<p>Specifies the number of a port on the destination service
on which this policy is being applied.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-PortTrafficPolicy-load_balancer">
@ -1063,6 +1217,9 @@ on which this policy is being applied.</p>
<td>
<p>Settings controlling the load balancer algorithms.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-PortTrafficPolicy-connection_pool">
@ -1071,6 +1228,9 @@ on which this policy is being applied.</p>
<td>
<p>Settings controlling the volume of connections to an upstream service</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-PortTrafficPolicy-outlier_detection">
@ -1079,6 +1239,9 @@ on which this policy is being applied.</p>
<td>
<p>Settings controlling eviction of unhealthy hosts from the load balancing pool</p>
</td>
<td>
No
</td>
</tr>
<tr id="TrafficPolicy-PortTrafficPolicy-tls">
@ -1087,6 +1250,9 @@ on which this policy is being applied.</p>
<td>
<p>TLS related settings for connections to the upstream service.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

127
content/en/docs/reference/config/networking/v1alpha3/envoy-filter/index.html
View File

@ -192,6 +192,7 @@ generated by Istio Pilot.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -208,6 +209,9 @@ namespace. If the EnvoyFilter is present in the config root
namespace, it will be applied to all applicable workloads in any
namespace.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-config_patches">
@ -216,6 +220,9 @@ namespace.</p>
<td>
<p>REQUIRED. One or more patches with match conditions.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -316,6 +323,7 @@ to be applied to a cluster.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -326,6 +334,9 @@ to be applied to a cluster.</p>
<p>The service port for which this cluster was generated. If
omitted, applies to clusters for any port.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ClusterMatch-service">
@ -337,6 +348,9 @@ applies to clusters for any service. For services defined
through service entries, the service name is same as the hosts
defined in the service entry.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ClusterMatch-subset">
@ -346,6 +360,9 @@ defined in the service entry.</p>
<p>The subset associated with the service. If omitted, applies to
clusters for any subset of a service.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ClusterMatch-name">
@ -357,6 +374,9 @@ cluster by name, such as the internally generated &ldquo;Passthrough&rdquo;
cluster, leave all fields in clusterMatch empty, except the
name.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -448,6 +468,7 @@ to the generated configuration for a given proxy.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -459,6 +480,9 @@ to the generated configuration for a given proxy.</p>
generates envoy configuration in the context of a gateway,
inbound traffic to sidecar and outbound traffic from sidecar.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-proxy">
@ -467,6 +491,9 @@ inbound traffic to sidecar and outbound traffic from sidecar.</p>
<td>
<p>Match on properties associated with a proxy.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-listener" class="oneof oneof-start">
@ -475,6 +502,9 @@ inbound traffic to sidecar and outbound traffic from sidecar.</p>
<td>
<p>Match on envoy listener attributes.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-route_configuration" class="oneof">
@ -483,6 +513,9 @@ inbound traffic to sidecar and outbound traffic from sidecar.</p>
<td>
<p>Match on envoy HTTP route configuration attributes.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectMatch-cluster" class="oneof">
@ -491,6 +524,9 @@ inbound traffic to sidecar and outbound traffic from sidecar.</p>
<td>
<p>Match on envoy cluster attributes.</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -506,6 +542,7 @@ inbound traffic to sidecar and outbound traffic from sidecar.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -523,6 +560,9 @@ HTTP filter relative to which the insertion should be
performed. Similarly, an applyTo on CLUSTER should have a match
(if provided) on the cluster and not on a listener.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectPatch-match">
@ -531,6 +571,9 @@ performed. Similarly, an applyTo on CLUSTER should have a match
<td>
<p>Match on listener/route configuration/cluster.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-EnvoyConfigObjectPatch-patch">
@ -539,6 +582,9 @@ performed. Similarly, an applyTo on CLUSTER should have a match
<td>
<p>The patch to apply along with the operation.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -633,6 +679,7 @@ chains, or a specific filter chain inside the listener.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -645,6 +692,9 @@ sent/received. If not specified, matches all listeners. Even though
inbound listeners are generated for the instance/pod ports, only
service ports should be used to match listeners.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-filter_chain">
@ -656,6 +706,9 @@ patch will be applied to the filter chain (and a specific
filter if specified) and not to other filter chains in the
listener.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-name">
@ -665,6 +718,9 @@ listener.</p>
<p>Match a specific listener by its name. The listeners generated
by Pilot are typically named as IP:Port.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -683,6 +739,7 @@ to select a specific filter chain to patch.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -692,6 +749,9 @@ to select a specific filter chain to patch.</p>
<td>
<p>The name assigned to the filter chain.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterChainMatch-sni">
@ -702,6 +762,9 @@ to select a specific filter chain to patch.</p>
condition will evaluate to false if the filter chain has no
sni match.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterChainMatch-transport_protocol">
@ -721,6 +784,9 @@ the tls</em>inspector listener filter.</p>
<li><code>tls</code> - set when TLS protocol is detected by the TLS inspector.</li>
</ul>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterChainMatch-application_protocols">
@ -735,6 +801,9 @@ by one of the listener filters such as the http_inspector.</p>
<p>Accepted values include: h2,http/1.1,http/1.0</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterChainMatch-filter">
@ -745,6 +814,9 @@ by one of the listener filters such as the http_inspector.</p>
to envoy.http<em>connection</em>manager to add a filter or apply a
patch to the HTTP connection manager.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -760,6 +832,7 @@ patch to the HTTP connection manager.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -769,6 +842,9 @@ patch to the HTTP connection manager.</p>
<td>
<p>The filter name to match on.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ListenerMatch-FilterMatch-sub_filter">
@ -779,6 +855,9 @@ patch to the HTTP connection manager.</p>
upon. Typically used for HTTP Connection Manager filters and
Thrift filters.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -797,6 +876,7 @@ could also be applicable for thrift filters.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -806,6 +886,9 @@ could also be applicable for thrift filters.</p>
<td>
<p>The filter name to match on.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -821,6 +904,7 @@ could also be applicable for thrift filters.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -830,6 +914,9 @@ could also be applicable for thrift filters.</p>
<td>
<p>Determines how the patch should be applied.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-Patch-value">
@ -839,6 +926,9 @@ could also be applicable for thrift filters.</p>
<p>The JSON config of the object being patched. This will be merged using
json merge semantics with the existing proto in the path.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -974,6 +1064,7 @@ traffic flow direction and workload type.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -990,6 +1081,9 @@ variable (ISTIO</em>META<em>ISTIO</em>VERSION) in the Istio proxy docker
image. Custom proxy implementations should provide this metadata
variable to take advantage of the Istio version check option.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-ProxyMatch-metadata">
@ -1003,6 +1097,9 @@ Pilot. All keys specified in the metadata must match with exact
values. The match will fail if any of the specified keys are
absent or the values fail to match.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1020,6 +1117,7 @@ specific virtual host within the route configuration.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1031,6 +1129,9 @@ specific virtual host within the route configuration.</p>
this route configuration was generated. If omitted, applies to
route configurations for all ports.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-port_name">
@ -1040,6 +1141,9 @@ route configurations for all ports.</p>
<p>Applicable only for GATEWAY context. The gateway server port
name for which this route configuration was generated.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-gateway">
@ -1053,6 +1157,9 @@ in conjunction with the portNumber and portName to accurately
select the Envoy route configuration for a specific HTTPS
server within a gateway config object.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-vhost">
@ -1062,6 +1169,9 @@ server within a gateway config object.</p>
<p>Match a specific virtual host in a route configuration and
apply the patch to the virtual host.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-name">
@ -1072,6 +1182,9 @@ apply the patch to the virtual host.</p>
specific route configuration by name, such as the internally
generated &ldquo;http_proxy&rdquo; route configuration for all sidecars.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1087,6 +1200,7 @@ generated &ldquo;http_proxy&rdquo; route configuration for all sidecars.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1099,6 +1213,9 @@ generated &ldquo;http_proxy&rdquo; route configuration for all sidecars.</p>
will carry the name used in the virtual service&rsquo;s HTTP
routes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-RouteMatch-action">
@ -1107,6 +1224,9 @@ routes.</p>
<td>
<p>Match a route with specific action type.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1165,6 +1285,7 @@ routes.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1177,6 +1298,9 @@ host:port, where the host typically corresponds to the
VirtualService&rsquo;s host field or the hostname of a service in the
registry.</p>
</td>
<td>
No
</td>
</tr>
<tr id="EnvoyFilter-RouteConfigurationMatch-VirtualHostMatch-route">
@ -1185,6 +1309,9 @@ registry.</p>
<td>
<p>Match a specific route within the virtual host.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

67
content/en/docs/reference/config/networking/v1alpha3/gateway/index.html
View File

@ -186,6 +186,7 @@ receiving incoming or outgoing HTTP/TCP connections.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -195,6 +196,9 @@ receiving incoming or outgoing HTTP/TCP connections.</p>
<td>
<p>REQUIRED: A list of server specifications.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Gateway-selector">
@ -207,6 +211,9 @@ label search is restricted to the configuration namespace in which the
the resource is present. In other words, the Gateway resource must
reside in the same namespace as the gateway workload instance.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -222,6 +229,7 @@ reside in the same namespace as the gateway workload instance.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -231,6 +239,9 @@ reside in the same namespace as the gateway workload instance.</p>
<td>
<p>REQUIRED: A valid non-negative integer port number.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Port-protocol">
@ -242,6 +253,9 @@ MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS.
TLS implies the connection will be routed based on the SNI header to
the destination without terminating the TLS connection.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Port-name">
@ -250,6 +264,9 @@ the destination without terminating the TLS connection.</p>
<td>
<p>Label assigned to the port.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -322,6 +339,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -332,6 +350,9 @@ spec:
<p>REQUIRED: The Port on which the proxy should listen for incoming
connections.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-hosts">
@ -368,6 +389,9 @@ Private configurations (e.g., <code>exportTo</code> set to <code>.</code>) will
available. Refer to the <code>exportTo</code> setting in <code>VirtualService</code>,
<code>DestinationRule</code>, and <code>ServiceEntry</code> configurations for details.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-tls">
@ -378,6 +402,9 @@ available. Refer to the <code>exportTo</code> setting in <code>VirtualService</c
these options to control if all http requests should be redirected to
https, and the TLS modes to use.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-default_endpoint">
@ -388,6 +415,9 @@ https, and the TLS modes to use.</p>
be forwarded to by default. Format should be <code>127.0.0.1:PORT</code> or
<code>unix:///path/to/socket</code> or <code>unix://@foobar</code> (Linux abstract namespace).</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -401,6 +431,7 @@ be forwarded to by default. Format should be <code>127.0.0.1:PORT</code> or
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -411,6 +442,9 @@ be forwarded to by default. Format should be <code>127.0.0.1:PORT</code> or
<p>If set to true, the load balancer will send a 301 redirect for all
http connections, asking the clients to use HTTPS.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-mode">
@ -421,6 +455,9 @@ http connections, asking the clients to use HTTPS.</p>
secured using TLS. The value of this field determines how TLS is
enforced.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-server_certificate">
@ -430,6 +467,9 @@ enforced.</p>
<p>REQUIRED if mode is <code>SIMPLE</code> or <code>MUTUAL</code>. The path to the file
holding the server-side TLS certificate to use.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-private_key">
@ -439,6 +479,9 @@ holding the server-side TLS certificate to use.</p>
<p>REQUIRED if mode is <code>SIMPLE</code> or <code>MUTUAL</code>. The path to the file
holding the server&rsquo;s private key.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-ca_certificates">
@ -449,6 +492,9 @@ holding the server&rsquo;s private key.</p>
certificate authority certificates to use in verifying a presented
client side certificate.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-credential_name">
@ -472,6 +518,9 @@ key, and the CA certificate (if using mutual TLS). Set the
<code>ISTIO_META_USER_SDS</code> metadata variable in the gateway&rsquo;s proxy to
enable the dynamic credential fetching feature.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-subject_alt_names">
@ -481,6 +530,9 @@ enable the dynamic credential fetching feature.</p>
<p>A list of alternate names to verify the subject identity in the
certificate presented by the client.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-verify_certificate_spki">
@ -493,6 +545,9 @@ Note: When both verify<em>certificate</em>hash and verify<em>certificate</em>spk
are specified, a hash matching either value will result in the
certificate being accepted.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-verify_certificate_hash">
@ -506,6 +561,9 @@ Note: When both verify<em>certificate</em>hash and verify<em>certificate</em>spk
are specified, a hash matching either value will result in the
certificate being accepted.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-min_protocol_version">
@ -514,6 +572,9 @@ certificate being accepted.</p>
<td>
<p>Optional: Minimum TLS protocol version.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-max_protocol_version">
@ -522,6 +583,9 @@ certificate being accepted.</p>
<td>
<p>Optional: Maximum TLS protocol version.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Server-TLSOptions-cipher_suites">
@ -531,6 +595,9 @@ certificate being accepted.</p>
<p>Optional: If specified, only support the specified cipher list.
Otherwise default to the default cipher list supported by Envoy.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

44
content/en/docs/reference/config/networking/v1alpha3/service-entry/index.html
View File

@ -319,6 +319,7 @@ service registry.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -340,6 +341,9 @@ will be matched against the hosts field.</li>
and no endpoints are specified, the host field will be used as the DNS name
of the endpoint to route traffic to.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-addresses">
@ -361,6 +365,9 @@ simple TCP proxy, forwarding incoming traffic on a specified port to
the specified destination endpoint IP/host. Unix domain socket
addresses are not supported in this field.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-ports">
@ -371,6 +378,9 @@ addresses are not supported in this field.</p>
Endpoints are Unix domain socket addresses, there must be exactly one
port.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-location">
@ -380,6 +390,9 @@ port.</p>
<p>Specify whether the service should be considered external to the mesh
or part of the mesh.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-resolution">
@ -391,6 +404,9 @@ when setting the resolution mode to NONE for a TCP port without
accompanying IP addresses. In such cases, traffic to any IP on
said port will be allowed (i.e. 0.0.0.0:<port>).</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-endpoints">
@ -399,6 +415,9 @@ said port will be allowed (i.e. 0.0.0.0:<port>).</p>
<td>
<p>One or more endpoints associated with the service.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-export_to">
@ -425,6 +444,9 @@ of namespace names.</p>
<p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
&ldquo;.&rdquo; or &ldquo;*&rdquo; (i.e., the current namespace or all namespaces).</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-subject_alt_names">
@ -437,6 +459,9 @@ implement this service. This information is used to enforce
If specified, the proxy will verify that the server
certificate&rsquo;s subject alternate name matches one of the specified values.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -453,6 +478,7 @@ the mesh service.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -465,6 +491,9 @@ port. Domain names can be used if and only if the resolution is set
to DNS, and must be fully-qualified without wildcards. Use the form
unix:///absolute/path/to/socket for Unix domain socket endpoints.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-Endpoint-ports">
@ -475,6 +504,9 @@ unix:///absolute/path/to/socket for Unix domain socket endpoints.</p>
associated with a port name that was declared as part of the
service. Do not use for <code>unix://</code> addresses.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-Endpoint-labels">
@ -483,6 +515,9 @@ service. Do not use for <code>unix://</code> addresses.</p>
<td>
<p>One or more labels associated with the endpoint.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-Endpoint-network">
@ -498,6 +533,9 @@ AUTO_PASSTHROUGH mode in a Gateway Server). This is
an advanced configuration used typically for spanning an Istio mesh
over multiple clusters.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-Endpoint-locality">
@ -522,6 +560,9 @@ locality. Endpoint e2 could be the IP associated with a gateway
(that bridges networks n1 and n2), or the IP associated with a
standard service endpoint.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceEntry-Endpoint-weight">
@ -531,6 +572,9 @@ standard service endpoint.</p>
<p>The load balancing weight associated with the endpoint. Endpoints
with higher weights will receive proportionally higher traffic.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

47
content/en/docs/reference/config/networking/v1alpha3/sidecar/index.html
View File

@ -256,6 +256,7 @@ listener on the sidecar proxy attached to a workload instance.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -273,6 +274,9 @@ specific ports while others have no port, the hosts exposed on a
listener port will be based on the listener with the most specific
port.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioEgressListener-bind">
@ -287,6 +291,9 @@ services, the workload instances to which this configuration is applied to and
the captureMode. If captureMode is NONE, bind will default to
127.0.0.1.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioEgressListener-capture_mode">
@ -297,6 +304,9 @@ the captureMode. If captureMode is NONE, bind will default to
how traffic to the listener is expected to be captured (or not).
captureMode must be DEFAULT or NONE for Unix domain socket binds.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioEgressListener-hosts">
@ -340,6 +350,9 @@ policy is enabled, or add <code>istio-system/*</code> to allow all services in t
<code>istio-system</code> namespace. This requirement is temporary and will be removed
in a future Istio release.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -356,6 +369,7 @@ traffic listener on the sidecar proxy attached to a workload instance.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -365,6 +379,9 @@ traffic listener on the sidecar proxy attached to a workload instance.</p>
<td>
<p>REQUIRED. The port associated with the listener.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioIngressListener-bind">
@ -378,6 +395,9 @@ automatically configure the defaults based on imported services
and the workload instances to which this configuration is applied
to.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioIngressListener-capture_mode">
@ -387,6 +407,9 @@ to.</p>
<p>The captureMode option dictates how traffic to the listener is
expected to be captured (or not).</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioIngressListener-default_endpoint">
@ -399,6 +422,9 @@ redirect traffic arriving at the bind IP:Port on the sidecar to a localhost:port
or Unix domain socket where the application workload instance is listening for
connections. Format should be 127.0.0.1:PORT or <code>unix:///path/to/socket</code></p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -422,6 +448,7 @@ services can be monitored.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -430,6 +457,9 @@ services can be monitored.</p>
<td><code><a href="#OutboundTrafficPolicy-Mode">OutboundTrafficPolicy.Mode</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
@ -475,6 +505,7 @@ attached.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -486,6 +517,9 @@ attached.</p>
sidecar configuration should be applied. If omitted, the sidecar
configuration will be applied to all workload instances in the same namespace.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Sidecar-ingress">
@ -499,6 +533,9 @@ obtained from the orchestration platform (e.g., exposed ports, services,
etc.). If specified, inbound ports are configured if and only if the
workload instance is associated with a service.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Sidecar-egress">
@ -509,6 +546,9 @@ workload instance is associated with a service.</p>
outbound traffic from the attached workload instance to other services in the
mesh.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Sidecar-outbound_traffic_policy">
@ -521,6 +561,9 @@ services that are not known apriori, setting the policy to ALLOW_ANY
will cause the sidecars to route any unknown traffic originating from
the application to its requested destination.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -542,6 +585,7 @@ selected. Currently, only label based selection mechanism is supported.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -554,6 +598,9 @@ on which this sidecar configuration should be applied. The scope of
label search is restricted to the configuration namespace in which the
the resource is present.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

351
content/en/docs/reference/config/networking/v1alpha3/virtual-service/index.html
View File

@ -136,6 +136,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -147,6 +148,9 @@ spec:
content will be serialized into the Access-Control-Allow-Origin
header. Wildcard * will allow all origins.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-allow_methods">
@ -156,6 +160,9 @@ header. Wildcard * will allow all origins.</p>
<p>List of HTTP methods allowed to access the resource. The content will
be serialized into the Access-Control-Allow-Methods header.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-allow_headers">
@ -165,6 +172,9 @@ be serialized into the Access-Control-Allow-Methods header.</p>
<p>List of HTTP headers that can be used when requesting the
resource. Serialized to Access-Control-Allow-Headers header.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-expose_headers">
@ -174,6 +184,9 @@ resource. Serialized to Access-Control-Allow-Headers header.</p>
<p>A white list of HTTP headers that the browsers are allowed to
access. Serialized into Access-Control-Expose-Headers header.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-max_age">
@ -183,6 +196,9 @@ access. Serialized into Access-Control-Expose-Headers header.</p>
<p>Specifies how long the results of a preflight request can be
cached. Translates to the <code>Access-Control-Max-Age</code> header.</p>
</td>
<td>
No
</td>
</tr>
<tr id="CorsPolicy-allow_credentials">
@ -193,6 +209,9 @@ cached. Translates to the <code>Access-Control-Max-Age</code> header.</p>
(not the preflight) using credentials. Translates to
<code>Access-Control-Allow-Credentials</code> header.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -330,6 +349,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -352,6 +372,9 @@ the actual namespace associated with the reviews service. <em>To avoid
potential misconfigurations, it is recommended to always use fully
qualified domain names over short names.</em></p>
</td>
<td>
No
</td>
</tr>
<tr id="Destination-subset">
@ -362,6 +385,9 @@ qualified domain names over short names.</em></p>
within the mesh. The subset must be defined in a corresponding
DestinationRule.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Destination-port">
@ -372,6 +398,9 @@ DestinationRule.</p>
exposes only a single port it is not required to explicitly select the
port.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -394,6 +423,7 @@ both are specified simultaneously.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -404,6 +434,9 @@ both are specified simultaneously.</p>
<p>Delay requests before forwarding, emulating various failures such as
network issues, overloaded upstream service, etc.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPFaultInjection-abort">
@ -413,6 +446,9 @@ network issues, overloaded upstream service, etc.</p>
<p>Abort Http request attempts and return error codes back to downstream
service, giving the impression that the upstream service is faulty.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -454,9 +490,32 @@ aborted.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="HTTPFaultInjection-Abort-http_status" class="oneof oneof-start">
<td><code>httpStatus</code></td>
<td><code>int32 (oneof)</code></td>
<td>
<p>REQUIRED. HTTP status code to use to abort the Http request.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-percentage">
<td><code>percentage</code></td>
<td><code><a href="#Percent">Percent</a></code></td>
<td>
<p>Percentage of requests to be aborted with the error code provided.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-percent" class="deprecated ">
<td><code>percent</code></td>
<td><code>int32</code></td>
@ -466,21 +525,8 @@ Use of integer <code>percent</code> value is deprecated. Use the double <code>pe
field instead.</p>
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-http_status" class="oneof oneof-start">
<td><code>httpStatus</code></td>
<td><code>int32 (oneof)</code></td>
<td>
<p>REQUIRED. HTTP status code to use to abort the Http request.</p>
</td>
</tr>
<tr id="HTTPFaultInjection-Abort-percentage">
<td><code>percentage</code></td>
<td><code><a href="#Percent">Percent</a></code></td>
<td>
<p>Percentage of requests to be aborted with the error code provided.</p>
No
</td>
</tr>
</tbody>
@ -525,9 +571,33 @@ percentage of requests. If left unspecified, all request will be delayed.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
<tr id="HTTPFaultInjection-Delay-fixed_delay" class="oneof oneof-start">
<td><code>fixedDelay</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration (oneof)</a></code></td>
<td>
<p>REQUIRED. Add a fixed delay before forwarding the request. Format:
1h/1m/1s/1ms. MUST be &gt;=1ms.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="HTTPFaultInjection-Delay-percentage">
<td><code>percentage</code></td>
<td><code><a href="#Percent">Percent</a></code></td>
<td>
<p>Percentage of requests on which the delay will be injected.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPFaultInjection-Delay-percent" class="deprecated ">
<td><code>percent</code></td>
<td><code>int32</code></td>
@ -537,22 +607,8 @@ Use of integer <code>percent</code> value is deprecated. Use the double <code>pe
field instead.</p>
</td>
</tr>
<tr id="HTTPFaultInjection-Delay-fixed_delay" class="oneof oneof-start">
<td><code>fixedDelay</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration (oneof)</a></code></td>
<td>
<p>REQUIRED. Add a fixed delay before forwarding the request. Format:
1h/1m/1s/1ms. MUST be &gt;=1ms.</p>
</td>
</tr>
<tr id="HTTPFaultInjection-Delay-percentage">
<td><code>percentage</code></td>
<td><code><a href="#Percent">Percent</a></code></td>
<td>
<p>Percentage of requests on which the delay will be injected.</p>
No
</td>
</tr>
</tbody>
@ -594,6 +650,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -605,6 +662,9 @@ spec:
concatenated with the parent route&rsquo;s name and will be logged in
the access logs for requests matching this route.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-uri">
@ -625,6 +685,9 @@ values are case-sensitive and formatted as follows:</p>
<p><strong>Note:</strong> Case-insensitive matching could be enabled via the
<code>ignore_uri_case</code> flag.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-scheme">
@ -642,6 +705,9 @@ values are case-sensitive and formatted as follows:</p>
<li><p><code>regex: &quot;value&quot;</code> for ECMAscript style regex-based match</p></li>
</ul>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-method">
@ -659,6 +725,9 @@ values are case-sensitive and formatted as follows:</p>
<li><p><code>regex: &quot;value&quot;</code> for ECMAscript style regex-based match</p></li>
</ul>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-authority">
@ -676,6 +745,9 @@ values are case-sensitive and formatted as follows:</p>
<li><p><code>regex: &quot;value&quot;</code> for ECMAscript style regex-based match</p></li>
</ul>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-headers">
@ -697,6 +769,9 @@ e.g. <em>x-request-id</em>.</p>
<p><strong>Note:</strong> The keys <code>uri</code>, <code>scheme</code>, <code>method</code>, and <code>authority</code> will be ignored.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-port">
@ -707,6 +782,9 @@ e.g. <em>x-request-id</em>.</p>
only expose a single port or label ports with the protocols they support,
in these cases it is not required to explicitly select the port.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-source_labels">
@ -718,6 +796,9 @@ workloads with the given labels. If the VirtualService has a list of
gateways specified at the top, it must include the reserved gateway
<code>mesh</code> for this field to be applicable.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-query_params">
@ -737,6 +818,9 @@ gateways specified at the top, it must include the reserved gateway
<p><strong>Note:</strong> <code>prefix</code> matching is currently not supported.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPMatchRequest-ignore_uri_case">
@ -748,6 +832,9 @@ gateways specified at the top, it must include the reserved gateway
<p><strong>Note:</strong> The case will be ignored only in the case of <code>exact</code> and <code>prefix</code>
URI matches.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -784,6 +871,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -795,6 +883,9 @@ spec:
value. Note that the entire path will be replaced, irrespective of the
request URI being matched as an exact path or prefix.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRedirect-authority">
@ -804,6 +895,9 @@ request URI being matched as an exact path or prefix.</p>
<p>On a redirect, overwrite the Authority/Host portion of the URL with
this value.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRedirect-redirect_code">
@ -813,6 +907,9 @@ this value.</p>
<p>On a redirect, Specifies the HTTP status code to use in the redirect
response. The default response code is MOVED_PERMANENTLY (301).</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -848,6 +945,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -859,6 +957,9 @@ spec:
between retries will be determined automatically (25ms+). Actual
number of retries attempted depends on the httpReqTimeout.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRetry-per_try_timeout">
@ -867,6 +968,9 @@ number of retries attempted depends on the httpReqTimeout.</p>
<td>
<p>Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRetry-retry_on">
@ -878,6 +982,9 @@ One or more policies can be specified using a , delimited list.
See the <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on">retry policies</a>
and <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on">gRPC retry policies</a> for more details.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -916,6 +1023,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -927,6 +1035,9 @@ spec:
value. If the original URI was matched based on prefix, the value
provided in this field will replace the corresponding matched prefix.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRewrite-authority">
@ -935,6 +1046,9 @@ provided in this field will replace the corresponding matched prefix.</p>
<td>
<p>rewrite the Authority/Host header with this value.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -951,6 +1065,7 @@ gRPC traffic. See VirtualService for usage examples.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -963,6 +1078,9 @@ route&rsquo;s name will be concatenated with the match&rsquo;s name and will
be logged in the access logs for requests matching this
route/match.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-match">
@ -974,6 +1092,9 @@ activated. All conditions inside a single match block have AND
semantics, while the list of match blocks have OR semantics. The rule
is matched if any one of the match blocks succeed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-route">
@ -985,6 +1106,9 @@ forwarding target can be one of several versions of a service (see
glossary in beginning of document). Weights associated with the
service version determine the proportion of traffic it receives.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-redirect">
@ -996,6 +1120,9 @@ traffic passthrough option is specified in the rule,
route/redirect will be ignored. The redirect primitive can be used to
send a HTTP 301 redirect to a different URI or Authority.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-rewrite">
@ -1005,6 +1132,9 @@ send a HTTP 301 redirect to a different URI or Authority.</p>
<p>Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with
Redirect primitive. Rewrite will be performed before forwarding.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-timeout">
@ -1013,6 +1143,9 @@ Redirect primitive. Rewrite will be performed before forwarding.</p>
<td>
<p>Timeout for HTTP requests.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-retries">
@ -1021,6 +1154,9 @@ Redirect primitive. Rewrite will be performed before forwarding.</p>
<td>
<p>Retry policy for HTTP requests.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-fault">
@ -1031,6 +1167,9 @@ Redirect primitive. Rewrite will be performed before forwarding.</p>
Note that timeouts or retries will not be enabled when faults are
enabled on the client side.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-mirror">
@ -1044,6 +1183,9 @@ mirrored cluster to respond before returning the response from the
original destination. Statistics will be generated for the mirrored
destination.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-mirror_percent">
@ -1054,6 +1196,9 @@ destination.</p>
If this field is absent, all the traffic (100%) will be mirrored.
Max value is 100.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-cors_policy">
@ -1064,6 +1209,9 @@ Max value is 100.</p>
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">CORS</a>
for further details about cross origin resource sharing.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRoute-headers">
@ -1072,6 +1220,9 @@ for further details about cross origin resource sharing.</p>
<td>
<p>Header manipulation rules</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1149,6 +1300,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1159,6 +1311,9 @@ spec:
<p>REQUIRED. Destination uniquely identifies the instances of a service
to which the request/connection should be forwarded to.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRouteDestination-weight">
@ -1170,6 +1325,20 @@ version. (0-100). Sum of weights across destinations SHOULD BE == 100.
If there is only one destination in a rule, the weight value is assumed to
be 100.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRouteDestination-headers">
<td><code>headers</code></td>
<td><code><a href="#Headers">Headers</a></code></td>
<td>
<p>Header manipulation rules</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRouteDestination-remove_response_headers" class="deprecated ">
@ -1179,6 +1348,9 @@ be 100.</p>
<p>Use of <code>remove_response_header</code> is deprecated. Use the <code>headers</code>
field instead.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRouteDestination-append_response_headers" class="deprecated ">
@ -1188,6 +1360,9 @@ field instead.</p>
<p>Use of <code>append_response_headers</code> is deprecated. Use the <code>headers</code>
field instead.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRouteDestination-remove_request_headers" class="deprecated ">
@ -1197,6 +1372,9 @@ field instead.</p>
<p>Use of <code>remove_request_headers</code> is deprecated. Use the <code>headers</code>
field instead.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPRouteDestination-append_request_headers" class="deprecated ">
@ -1207,13 +1385,8 @@ field instead.</p>
field instead.</p>
</td>
</tr>
<tr id="HTTPRouteDestination-headers">
<td><code>headers</code></td>
<td><code><a href="#Headers">Headers</a></code></td>
<td>
<p>Header manipulation rules</p>
No
</td>
</tr>
</tbody>
@ -1262,6 +1435,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1272,6 +1446,9 @@ spec:
<p>Header manipulation rules to apply before forwarding a request
to the destination service</p>
</td>
<td>
No
</td>
</tr>
<tr id="Headers-response">
@ -1281,6 +1458,9 @@ to the destination service</p>
<p>Header manipulation rules to apply before returning a response
to the caller</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1296,6 +1476,7 @@ to the caller</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1305,6 +1486,9 @@ to the caller</p>
<td>
<p>Overwrite the headers specified by key with the given values</p>
</td>
<td>
No
</td>
</tr>
<tr id="Headers-HeaderOperations-add">
@ -1314,6 +1498,9 @@ to the caller</p>
<p>Append the given values to the headers specified by keys
(will create a comma-separated list of values)</p>
</td>
<td>
No
</td>
</tr>
<tr id="Headers-HeaderOperations-remove">
@ -1322,6 +1509,9 @@ to the caller</p>
<td>
<p>Remove a the specified headers</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1338,6 +1528,7 @@ is incomplete.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1348,6 +1539,9 @@ is incomplete.</p>
<p>IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
a.b.c.d/xx form or just a.b.c.d.</p>
</td>
<td>
No
</td>
</tr>
<tr id="L4MatchAttributes-port">
@ -1358,6 +1552,9 @@ a.b.c.d/xx form or just a.b.c.d.</p>
only expose a single port or label ports with the protocols they support,
in these cases it is not required to explicitly select the port.</p>
</td>
<td>
No
</td>
</tr>
<tr id="L4MatchAttributes-source_labels">
@ -1369,6 +1566,9 @@ workloads with the given labels. If the VirtualService has a list of
gateways specified at the top, it should include the reserved gateway
<code>mesh</code> in order for this field to be applicable.</p>
</td>
<td>
No
</td>
</tr>
<tr id="L4MatchAttributes-gateways">
@ -1379,6 +1579,9 @@ gateways specified at the top, it should include the reserved gateway
at the top of the VirtualService (if any) are overridden. The gateway
match is independent of sourceLabels.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1394,6 +1597,7 @@ match is independent of sourceLabels.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1402,6 +1606,9 @@ match is independent of sourceLabels.</p>
<td><code>double</code></td>
<td>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
@ -1417,6 +1624,7 @@ matching or selection for final routing.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1426,6 +1634,9 @@ matching or selection for final routing.</p>
<td>
<p>Valid port number</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1441,6 +1652,7 @@ matching or selection for final routing.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1451,6 +1663,9 @@ matching or selection for final routing.</p>
<p>REQUIRED. Destination uniquely identifies the instances of a service
to which the request/connection should be forwarded to.</p>
</td>
<td>
No
</td>
</tr>
<tr id="RouteDestination-weight">
@ -1461,6 +1676,9 @@ to which the request/connection should be forwarded to.</p>
version. If there is only one destination in a rule, all traffic will be
routed to it irrespective of the weight.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1477,6 +1695,7 @@ case-sensitive.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1486,6 +1705,9 @@ case-sensitive.</p>
<td>
<p>exact string match</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-prefix" class="oneof">
@ -1494,6 +1716,9 @@ case-sensitive.</p>
<td>
<p>prefix-based match</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-regex" class="oneof">
@ -1502,6 +1727,9 @@ case-sensitive.</p>
<td>
<p>ECMAscript style regex-based match</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -1536,6 +1764,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1548,6 +1777,9 @@ activated. All conditions inside a single match block have AND
semantics, while the list of match blocks have OR semantics. The rule
is matched if any one of the match blocks succeed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TCPRoute-route">
@ -1556,6 +1788,9 @@ is matched if any one of the match blocks succeed.</p>
<td>
<p>The destination to which the connection should be forwarded to.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1571,6 +1806,7 @@ is matched if any one of the match blocks succeed.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1583,6 +1819,9 @@ can be used in the SNI value, e.g., *.com will match foo.example.com
as well as example.com. An SNI value must be a subset (i.e., fall
within the domain) of the corresponding virtual serivce&rsquo;s hosts.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSMatchAttributes-destination_subnets">
@ -1592,6 +1831,9 @@ within the domain) of the corresponding virtual serivce&rsquo;s hosts.</p>
<p>IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
a.b.c.d/xx form or just a.b.c.d.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSMatchAttributes-port">
@ -1603,6 +1845,9 @@ only expose a single port or label ports with the protocols they
support, in these cases it is not required to explicitly select the
port.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSMatchAttributes-source_labels">
@ -1614,6 +1859,9 @@ workloads with the given labels. If the VirtualService has a list of
gateways specified at the top, it should include the reserved gateway
<code>mesh</code> in order for this field to be applicable.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSMatchAttributes-gateways">
@ -1624,6 +1872,9 @@ gateways specified at the top, it should include the reserved gateway
at the top of the VirtualService (if any) are overridden. The gateway
match is independent of sourceLabels.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1668,6 +1919,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1680,6 +1932,9 @@ activated. All conditions inside a single match block have AND
semantics, while the list of match blocks have OR semantics. The rule
is matched if any one of the match blocks succeed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TLSRoute-route">
@ -1688,6 +1943,9 @@ is matched if any one of the match blocks succeed.</p>
<td>
<p>The destination to which the connection should be forwarded to.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1703,6 +1961,7 @@ is matched if any one of the match blocks succeed.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1738,6 +1997,9 @@ the mesh, i.e., those found in the service registry, must always be
referred to using their alphanumeric names. IP addresses are allowed
only for services defined via the Gateway.</p>
</td>
<td>
No
</td>
</tr>
<tr id="VirtualService-gateways">
@ -1755,6 +2017,9 @@ sidecars in the mesh. If a list of gateway names is provided, the
rules will apply only to the gateways. To apply the rules to both
gateways and sidecars, specify <code>mesh</code> as one of the gateway names.</p>
</td>
<td>
No
</td>
</tr>
<tr id="VirtualService-http">
@ -1767,6 +2032,9 @@ ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service
entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching
an incoming request is used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="VirtualService-tls">
@ -1783,6 +2051,9 @@ incoming request is used. NOTE: Traffic &lsquo;https-<em>&rsquo; or &lsquo;tls-
without associated virtual service will be treated as opaque TCP
traffic.</p>
</td>
<td>
No
</td>
</tr>
<tr id="VirtualService-tcp">
@ -1793,6 +2064,9 @@ traffic.</p>
be applied to any port that is not a HTTP or TLS port. The first rule
matching an incoming request is used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="VirtualService-export_to">
@ -1815,6 +2089,9 @@ defines an export to all namespaces.</p>
<p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
&ldquo;.&rdquo; or &ldquo;*&rdquo; (i.e., the current namespace or all namespaces).</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1832,6 +2109,7 @@ defines an export to all namespaces.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1841,6 +2119,9 @@ defines an export to all namespaces.</p>
<td>
<p>The uint32 value.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

65
content/en/docs/reference/config/policy-and-telemetry/adapters/apigee/index.html
View File

@ -12,9 +12,9 @@ support_link: https://apigee.com/about/support/portal
source_link: https://github.com/apigee/istio-mixer-adapter
latest_release_link: https://github.com/apigee/istio-mixer-adapter/releases
helm_chart_link:
istio_versions: "1.0.x, 1.1.x"
istio_versions: "1.1.x, 1.2.x, 1.3.x"
supported_templates: authorization, analytics
number_of_entries: 3
number_of_entries: 4
---
<p>The Apigee Mixer adapter provides Apigee&rsquo;s distributed authentication and quota policy checks
as well as the ingestion of Istio telemetry for analysis and reporting.</p>
@ -39,17 +39,19 @@ spec:
customer_base: https://myorg-test.apigee.net/istio-auth
org_name: myorg
env_name: test
key: 5f1132b7ff037fa187463c324d029ca26de28b7279df0ea161
secret: fa147e8afc35219b7e1db688c609196923f663b5e835975
key: mykey
secret: mysecret
temp_dir: &quot;/tmp/apigee-istio&quot;
client_timeout: 30s
allowUnverifiedSSLCert: false
products:
refresh_rate: 2m
analytics:
legacy_endpoint: false
file_limit: 1024
api_key_claim:
allowUnverifiedSSLCert: false
auth:
api_key_claim:
api_key_cache_duration: 30m
</code></pre>
<h2 id="Params">Params</h2>
@ -139,15 +141,6 @@ Optional. Default: &ldquo;/tmp/apigee-istio&rdquo;.</p>
<p>The timeout to be used for adapter requests to Apigee servers.
Optional. Default: &ldquo;30s&rdquo; (30 seconds).</p>
</td>
</tr>
<tr id="Params-api_key_claim">
<td><code>apiKeyClaim</code></td>
<td><code>string</code></td>
<td>
<p>The name of a JWT claim from which to look for an api_key.
Optional. Default: none.</p>
</td>
</tr>
<tr id="Params-allowUnverifiedSSLCert">
@ -173,6 +166,14 @@ Optional. Default: false.</p>
<td>
<p>Options specific to to analytics handling.</p>
</td>
</tr>
<tr id="Params-auth">
<td><code>auth</code></td>
<td><code><a href="#Params-auth_options">Params.auth_options</a></code></td>
<td>
<p>Options specific to to products handling.</p>
</td>
</tr>
</tbody>
@ -216,6 +217,40 @@ Optional. Default: 1024.</p>
<p>The size of the channel used to buffer record sends in memory.
Optional. Default: 10.</p>
</td>
</tr>
</tbody>
</table>
</section>
<h2 id="Params-auth_options">Params.auth_options</h2>
<section>
<p>Options specific to to auth handling.</p>
<table class="message-fields">
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr id="Params-auth_options-api_key_cache_duration">
<td><code>apiKeyCacheDuration</code></td>
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td>
<p>The length of time API Keys are valid in the cache.
Optional. Default: &ldquo;30m&rdquo; (30 minutes).</p>
</td>
</tr>
<tr id="Params-auth_options-api_key_claim">
<td><code>apiKeyClaim</code></td>
<td><code>string</code></td>
<td>
<p>The name of a JWT claim from which to look for an api_key.
Optional. Default: none.</p>
</td>
</tr>
</tbody>

17
content/en/docs/reference/config/policy-and-telemetry/adapters/circonus/index.html
View File

@ -26,6 +26,7 @@ number_of_entries: 3
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -35,6 +36,9 @@ number_of_entries: 3
<td>
<p>Circonus SubmissionURL to HTTPTrap check</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-submission_interval">
@ -42,12 +46,18 @@ number_of_entries: 3
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metrics">
<td><code>metrics</code></td>
<td><code><a href="#Params-MetricInfo">Params.MetricInfo[]</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>
@ -62,6 +72,7 @@ number_of_entries: 3
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -71,6 +82,9 @@ number_of_entries: 3
<td>
<p>name</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-type">
@ -78,6 +92,9 @@ number_of_entries: 3
<td><code><a href="#Params-MetricInfo-Type">Params.MetricInfo.Type</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
</tbody>
</table>

24
content/en/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/index.html
View File

@ -35,6 +35,7 @@ The metrics specified in both instance and handler configurations will be sent t
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -44,6 +45,9 @@ The metrics specified in both instance and handler configurations will be sent t
<td>
<p>CloudWatch metric namespace.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metric_info">
@ -52,6 +56,9 @@ The metrics specified in both instance and handler configurations will be sent t
<td>
<p>A map of Istio metric name to CloudWatch metric info.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-log_group_name">
@ -60,6 +67,9 @@ The metrics specified in both instance and handler configurations will be sent t
<td>
<p>The name of the log group in cloudwatchlogs.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-log_stream_name">
@ -68,6 +78,9 @@ The metrics specified in both instance and handler configurations will be sent t
<td>
<p>The name of the log stream in cloudwatchlogs.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-logs">
@ -76,6 +89,9 @@ The metrics specified in both instance and handler configurations will be sent t
<td>
<p>A map of Istio logentry name to CloudWatch logentry info.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -89,6 +105,7 @@ The metrics specified in both instance and handler configurations will be sent t
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -99,6 +116,9 @@ The metrics specified in both instance and handler configurations will be sent t
<p>A golang text/template template that will be executed to construct the payload for this log entry.
It will be given the full set of variables for the log to use to construct its result.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -114,6 +134,7 @@ It will be given the full set of variables for the log to use to construct its r
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -124,6 +145,9 @@ It will be given the full set of variables for the log to use to construct its r
<p>The unit of the metric. Must be valid cloudwatch unit value.
<a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html">CloudWatch docs</a></p>
</td>
<td>
No
</td>
</tr>
</tbody>

29
content/en/docs/reference/config/policy-and-telemetry/adapters/datadog/index.html
View File

@ -29,6 +29,7 @@ Any dimension that is a part of the metric is converted to a tag automatically.
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -39,6 +40,9 @@ Any dimension that is a part of the metric is converted to a tag automatically.
<p>Address of the dogstatsd server.
Default: localhost:8125</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-prefix">
@ -48,6 +52,9 @@ Default: localhost:8125</p>
<p>Prefix to prepend to all metrics handled by the adapter. Metric &ldquo;bar&rdquo; with prefix &ldquo;foo.&rdquo; becomes &ldquo;foo.bar&rdquo; in DataDog. In order to make sure the metrics get populated into Datadog properly and avoid any billing issues, it&rsquo;s important to leave the metric prefix to its default value of &lsquo;istio.&rsquo;
Default: &ldquo;istio.&rdquo;</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-buffer_length">
@ -58,6 +65,9 @@ Default: &ldquo;istio.&rdquo;</p>
When buffer is 0, metrics are not buffered.
Default: 0</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-global_tags">
@ -67,6 +77,9 @@ Default: 0</p>
<p>Tags to add to every metric. &ldquo;global&rdquo;: &ldquo;tag&rdquo; becomes &ldquo;global:tag&rdquo; in DataDog
Default: []</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-sample_rate">
@ -76,6 +89,9 @@ Default: []</p>
<p>Chance that any particular metric is sampled when emitted; can take the range [0, 1].
Default: 1</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metrics">
@ -84,6 +100,9 @@ Default: 1</p>
<td>
<p>Map of a specific metric instance name -&gt; info. If a metric&rsquo;s instance name is not in the map then the metric will not be exported to DataDog.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -99,6 +118,7 @@ Default: 1</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -108,6 +128,9 @@ Default: 1</p>
<td>
<p>Name of the metric in DataDog</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-type">
@ -116,6 +139,9 @@ Default: 1</p>
<td>
<p>The type of metric</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-tags">
@ -125,6 +151,9 @@ Default: 1</p>
<p>Tags to add to the metric in addition to the dimensions. &ldquo;tag&rdquo;: &ldquo;val&rdquo; becomes &ldquo;tag:val&rdquo; in DataDog
Default: []</p>
</td>
<td>
No
</td>
</tr>
</tbody>

20
content/en/docs/reference/config/policy-and-telemetry/adapters/denier/index.html
View File

@ -28,6 +28,7 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/quota/">q
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -37,6 +38,9 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/quota/">q
<td>
<p>The error to return when denying a request.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-valid_duration">
@ -45,6 +49,9 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/quota/">q
<td>
<p>The duration for which the denial is valid.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-valid_use_count">
@ -53,6 +60,9 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/quota/">q
<td>
<p>The number of times the denial may be used.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -124,6 +134,7 @@ be used directly after any stripping needed for security/privacy reasons.</p></l
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -134,6 +145,9 @@ be used directly after any stripping needed for security/privacy reasons.</p></l
<p>The status code, which should be an enum value of
<em>google.rpc.Code</em>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="google-rpc-Status-message">
@ -145,6 +159,9 @@ user-facing error message should be localized and sent in the
<a href="#google-rpc-Status-details">google.rpc.Status.details</a> field, or localized
by the client.</p>
</td>
<td>
No
</td>
</tr>
<tr id="google-rpc-Status-details">
@ -154,6 +171,9 @@ by the client.</p>
<p>A list of messages that carry the error details. There is a common set of
message types for APIs to use.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

19
content/en/docs/reference/config/policy-and-telemetry/adapters/fluentd/index.html
View File

@ -32,6 +32,7 @@ a variable &ldquo;tag&rdquo;.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -42,6 +43,9 @@ a variable &ldquo;tag&rdquo;.</p>
<p>Address of listening fluentd daemon. Example: fluentd-server:24224
Default value is localhost:24224</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-integer_duration">
@ -52,6 +56,9 @@ Default value is localhost:24224</p>
logs. Default behaviour is a string representation including
unit.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-instance_buffer_size">
@ -65,6 +72,9 @@ the number of outstanding instances exceeds this limit, the handler will
begin to drop log entries.
Defaults to 1024.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-max_batch_size_bytes">
@ -77,6 +87,9 @@ sent to the fluentd backend. Once the buffer exceeds this limit, the handler wil
data to the backend.
Defaults to 8,388,608 (8 MiB).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-push_interval_duration">
@ -87,6 +100,9 @@ Defaults to 8,388,608 (8 MiB).</p>
the handler will attempt to push data.
Default to 1m.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-push_timeout_duration">
@ -97,6 +113,9 @@ Default to 1m.</p>
the configured timeout, the request will be cancelled and dropped.
Default to 1m.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

10
content/en/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/index.html
View File

@ -36,6 +36,7 @@ values containing information about the related pods.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -54,6 +55,9 @@ through this proto).</p>
<p>Default: &ldquo;&rdquo; (unset)</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-cache_refresh_duration">
@ -66,6 +70,9 @@ This controls how frequently the complete resync occurs.</p>
<p>Default: 5 minutes</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-cluster_registries_namespace">
@ -84,6 +91,9 @@ set then <code>cluster_registries_namespace</code> defaults to &ldquo;istio-syst
<p>Default: &ldquo;istio-system&rdquo;</p>
</td>
<td>
No
</td>
</tr>
</tbody>

25
content/en/docs/reference/config/policy-and-telemetry/adapters/list/index.html
View File

@ -28,6 +28,7 @@ IP addresses, or regex patterns.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -37,6 +38,9 @@ IP addresses, or regex patterns.</p>
<td>
<p>Where to find the list to check against. This may be omitted for a completely local list.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-refresh_interval">
@ -46,6 +50,9 @@ IP addresses, or regex patterns.</p>
<p>Determines how often the provider is polled for
an updated list</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-ttl">
@ -57,6 +64,9 @@ Typically, the TTL value should be set to noticeably longer (&gt; 2x) than the
refresh interval to ensure continued operation in the face of transient
server outages.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-caching_interval">
@ -66,6 +76,9 @@ server outages.</p>
<p>Indicates the amount of time a caller of this adapter can cache an answer
before it should ask the adapter again.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-caching_use_count">
@ -75,6 +88,9 @@ before it should ask the adapter again.</p>
<p>Indicates the number of times a caller of this adapter can use a cached answer
before it should ask the adapter again.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-overrides">
@ -83,6 +99,9 @@ before it should ask the adapter again.</p>
<td>
<p>List entries that are consulted first, before the list from the server</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-entry_type">
@ -91,6 +110,9 @@ before it should ask the adapter again.</p>
<td>
<p>Determines the kind of list entry and overrides.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-blacklist">
@ -99,6 +121,9 @@ before it should ask the adapter again.</p>
<td>
<p>Whether the list operates as a blacklist or a whitelist.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

30
content/en/docs/reference/config/policy-and-telemetry/adapters/memquota/index.html
View File

@ -31,6 +31,7 @@ be lost.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -40,6 +41,9 @@ be lost.</p>
<td>
<p>The set of known quotas.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-min_deduplication_duration">
@ -48,6 +52,9 @@ be lost.</p>
<td>
<p>Minimum number of seconds that deduplication is possible for a given operation.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -64,6 +71,7 @@ a particular quota request, the default for the quota is used.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -74,6 +82,9 @@ a particular quota request, the default for the quota is used.</p>
<p>The specific dimensions for which this override applies.
String representation of instance dimensions is used to check against configured dimensions.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Override-max_amount">
@ -82,6 +93,9 @@ String representation of instance dimensions is used to check against configured
<td>
<p>The upper limit for this quota.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Override-valid_duration">
@ -92,6 +106,9 @@ String representation of instance dimensions is used to check against configured
automatically released. This is only meaningful for rate limit
quotas, otherwise the value must be zero.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -107,6 +124,7 @@ quotas, otherwise the value must be zero.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -116,6 +134,9 @@ quotas, otherwise the value must be zero.</p>
<td>
<p>The name of the quota</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-max_amount">
@ -124,6 +145,9 @@ quotas, otherwise the value must be zero.</p>
<td>
<p>The upper limit for this quota.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-valid_duration">
@ -134,6 +158,9 @@ quotas, otherwise the value must be zero.</p>
automatically released. This is only meaningful for rate limit
quotas, otherwise the value must be zero.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-overrides">
@ -143,6 +170,9 @@ quotas, otherwise the value must be zero.</p>
<p>Overrides associated with this quota.
The first matching override is applied.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

10
content/en/docs/reference/config/policy-and-telemetry/adapters/opa/index.html
View File

@ -55,6 +55,7 @@ failClose: true
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -64,6 +65,9 @@ failClose: true
<td>
<p>List of OPA policies</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-check_method">
@ -73,6 +77,9 @@ failClose: true
<p>Query method to check.
Format: <code>data.&lt;package name&gt;.&lt;method name&gt;</code></p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-fail_close">
@ -83,6 +90,9 @@ Format: <code>data.&lt;package name&gt;.&lt;method name&gt;</code></p>
If failClose is set to true and there is a runtime error,
instead of disabling the adapter, close the client request</p>
</td>
<td>
No
</td>
</tr>
</tbody>

70
content/en/docs/reference/config/policy-and-telemetry/adapters/prometheus/index.html
View File

@ -26,6 +26,7 @@ number_of_entries: 8
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -36,6 +37,9 @@ number_of_entries: 8
<p>The set of metrics to represent in Prometheus. If a metric is defined in Istio but doesn&rsquo;t have a corresponding
shape here, it will not be populated at runtime.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metrics_expiration_policy">
@ -54,6 +58,9 @@ that the adapter will maintain over its lifetime.</p>
expiryCheckIntervalDuration: &quot;1s&quot;
</code></pre>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -69,6 +76,7 @@ that the adapter will maintain over its lifetime.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -85,6 +93,9 @@ NOTE: Changing the value for this will potentially impact downstream integration
and should be used with caution.
Default value: <code>istio</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-name">
@ -95,6 +106,9 @@ Default value: <code>istio</code>.</p>
It must be unique across all prometheus metrics as prometheus does not allow duplicate names.
If name is not specified a sanitized version of instance_name is used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-instance_name">
@ -104,6 +118,9 @@ If name is not specified a sanitized version of instance_name is used.</p>
<p>Required. The name is the fully qualified name of the Istio metric instance
that this MetricInfo processes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-description">
@ -112,6 +129,9 @@ that this MetricInfo processes.</p>
<td>
<p>Optional. A human readable description of this metric.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-kind">
@ -119,6 +139,9 @@ that this MetricInfo processes.</p>
<td><code><a href="#Params-MetricInfo-Kind">Params.MetricInfo.Kind</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-buckets">
<td><code>buckets</code></td>
@ -129,6 +152,9 @@ for configuring the buckets that will be used to store the aggregated values.
This field must be provided for metrics declared to be of type DISTRIBUTION.
This field will be ignored for non-distribution metric kinds.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-label_names">
@ -138,6 +164,9 @@ This field will be ignored for non-distribution metric kinds.</p>
<p>The names of labels to use: these need to match the dimensions of the Istio metric.
TODO: see if we can remove this and rely on only the dimensions in the future.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -153,6 +182,7 @@ TODO: see if we can remove this and rely on only the dimensions in the future.</
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -162,6 +192,9 @@ TODO: see if we can remove this and rely on only the dimensions in the future.</
<td>
<p>The linear buckets.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-exponential_buckets" class="oneof">
@ -170,6 +203,9 @@ TODO: see if we can remove this and rely on only the dimensions in the future.</
<td>
<p>The exponential buckets.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-explicit_buckets" class="oneof">
@ -178,6 +214,9 @@ TODO: see if we can remove this and rely on only the dimensions in the future.</
<td>
<p>The explicit buckets.</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -205,6 +244,7 @@ element is the common boundary of the overflow and underflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -214,6 +254,9 @@ element is the common boundary of the overflow and underflow buckets.</p>
<td>
<p>The values must be monotonically increasing.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -241,6 +284,7 @@ buckets are the underflow and overflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -250,6 +294,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Exponential-growth_factor">
@ -258,6 +305,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 1.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Exponential-scale">
@ -266,6 +316,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -293,6 +346,7 @@ buckets are the underflow and overflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -302,6 +356,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Linear-width">
@ -310,6 +367,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Linear-offset">
@ -318,6 +378,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Lower bound of the first bucket.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -372,6 +435,7 @@ every minute to determine whether or not they should be expired.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -382,6 +446,9 @@ every minute to determine whether or not they should be expired.</p>
<p>Required. Describes the desired lifetime of a metric. If the metric is not updated at any point during this duration, it
will be removed from the set of metrics exported by the handler.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricsExpirationPolicy-expiry_check_interval_duration">
@ -393,6 +460,9 @@ will be removed from the set of metrics exported by the handler.</p>
This bounds the total amount of additional time (beyond the desired lifetime) that a metric may be exported.
If a value is not explicitly provided, this value will default to half of the configured <code>metrics_expiry_duration</code>.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

36
content/en/docs/reference/config/policy-and-telemetry/adapters/redisquota/index.html
View File

@ -47,6 +47,7 @@ quotas:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -56,6 +57,9 @@ quotas:
<td>
<p>The set of known quotas. At least one quota configuration is required</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-redis_server_url">
@ -65,6 +69,9 @@ quotas:
<p>Redis connection string <code>&lt;hostname&gt;:&lt;port number&gt;</code>
ex) localhost:6379</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-connection_pool_size">
@ -74,6 +81,9 @@ ex) localhost:6379</p>
<p>Maximum number of idle connections to redis
Default is 10 connections per every CPU as reported by runtime.NumCPU.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -87,6 +97,7 @@ Default is 10 connections per every CPU as reported by runtime.NumCPU.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -98,6 +109,9 @@ Default is 10 connections per every CPU as reported by runtime.NumCPU.</p>
String representation of instance dimensions is used to check against configured dimensions.
<code>dimensions</code> should not be empty</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Override-max_amount">
@ -107,6 +121,9 @@ String representation of instance dimensions is used to check against configured
<p>The upper limit for this quota override.
This value should be bigger than 0</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -120,6 +137,7 @@ This value should be bigger than 0</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -129,6 +147,9 @@ This value should be bigger than 0</p>
<td>
<p>The name of the quota</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-max_amount">
@ -137,6 +158,9 @@ This value should be bigger than 0</p>
<td>
<p>The upper limit for this quota. max_amount should be bigger than 0</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-valid_duration">
@ -147,6 +171,9 @@ This value should be bigger than 0</p>
automatically released. This is only meaningful for rate limit quotas.
value should be <code>0 &lt; validDuration</code></p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-bucket_duration">
@ -156,6 +183,9 @@ value should be <code>0 &lt; validDuration</code></p>
<p>The <code>bucketDuration</code> will be ignored if <code>rateLimitAlgorithm</code> is <code>FIXED_WINDOW</code>
value should be <code>0 &lt; bucketDuration &lt; validDuration</code></p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-rate_limit_algorithm">
@ -164,6 +194,9 @@ value should be <code>0 &lt; bucketDuration &lt; validDuration</code></p>
<td>
<p>Quota management algorithm. The default value is <code>FIXED_WINDOW</code></p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-Quota-overrides">
@ -173,6 +206,9 @@ value should be <code>0 &lt; bucketDuration &lt; validDuration</code></p>
<p>Overrides associated with this quota.
The first matching override is applied.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

32
content/en/docs/reference/config/policy-and-telemetry/adapters/signalfx/index.html
View File

@ -80,6 +80,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -91,6 +92,9 @@ spec:
configured to be sent to this adapter, it must have a corresponding
description here.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-ingest_url">
@ -100,6 +104,9 @@ description here.</p>
<p>Optional. The URL of the SignalFx ingest server to use. Will default to
the global ingest server if not specified.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-access_token">
@ -109,6 +116,9 @@ the global ingest server if not specified.</p>
<p>Required. The access token for the SignalFx organization that should
receive the metrics.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-datapoint_interval">
@ -120,6 +130,9 @@ reported to this adapter are collected and reported as a timeseries.
This will be rounded to the nearest second and rounded values less than
one second are not valid. Defaults to 10 seconds if not specified.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-enable_metrics">
@ -129,6 +142,9 @@ one second are not valid. Defaults to 10 seconds if not specified.</p>
<p>Optional. If set to false, metrics won&rsquo;t be sent (but trace spans will
be sent, unless otherwise disabled).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-enable_tracing">
@ -138,6 +154,9 @@ be sent, unless otherwise disabled).</p>
<p>Optional. If set to false, trace spans won&rsquo;t be sent (but metrics will
be sent, unless otherwise disabled).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-tracing_buffer_size">
@ -148,6 +167,9 @@ be sent, unless otherwise disabled).</p>
dropping them. This defaults to 1000 spans but can be configured higher
if needed. An error message will be logged if spans are dropped.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-tracing_sample_probability">
@ -159,6 +181,9 @@ sampled if its parent was not already sampled. Child spans will always
be sampled if their parent is. If not provided, defaults to sending all
spans.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -174,6 +199,7 @@ spans.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -186,6 +212,9 @@ Kubernetes this is of the form <code>&lt;name&gt;.metric.&lt;namespace&gt;</code
<code>&lt;name&gt;</code> is the name field of the metric resource, and <code>&lt;namespace&gt;</code>
is the namespace of the metric resource.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricConfig-type">
@ -194,6 +223,9 @@ is the namespace of the metric resource.</p>
<td>
<p>The metric type of the metric</p>
</td>
<td>
No
</td>
</tr>
</tbody>

27
content/en/docs/reference/config/policy-and-telemetry/adapters/solarwinds/index.html
View File

@ -87,6 +87,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -97,6 +98,9 @@ spec:
<p>AppOptics Access Token needed to send metrics to AppOptics. If no access token is given then metrics
will NOT be shipped to AppOptics</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-appoptics_batch_size">
@ -107,6 +111,9 @@ will NOT be shipped to AppOptics</p>
AppOptics does not allow batch size greater than 1000.
If this is unspecified or given a value 0 explicitly, a default batch size of 1000 will be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-papertrail_url">
@ -116,6 +123,9 @@ If this is unspecified or given a value 0 explicitly, a default batch size of 10
<p>Papertrail url to ship logs to. If no papertrail url is given then the logs will NOT be shipped but rather
dropped.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-papertrail_local_retention_duration">
@ -125,6 +135,9 @@ dropped.</p>
<p>This is the duration for which logs will be persisted locally until it is shipped to papertrail in the event
of a network failure. Default value is 1 hour.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metrics">
@ -133,6 +146,9 @@ of a network failure. Default value is 1 hour.</p>
<td>
<p>A map of Istio metric name to solarwinds metric info.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-logs">
@ -141,6 +157,9 @@ of a network failure. Default value is 1 hour.</p>
<td>
<p>A map of Istio logentry name to solarwinds log info.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -156,6 +175,7 @@ of a network failure. Default value is 1 hour.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -173,6 +193,9 @@ Jan 23 21:53:02 istio-mixer-57d88dc4b4-rbgmc istio: 10.32.0.15 - kubernetes://is
It will be given the full set of variables for the log to use to construct its result.
If it is not provided, a default template in place will be used.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -188,6 +211,7 @@ If it is not provided, a default template in place will be used.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -197,6 +221,9 @@ If it is not provided, a default template in place will be used.</p>
<td>
<p>The names of labels to use: these need to match the dimensions of the Istio metric.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

145
content/en/docs/reference/config/policy-and-telemetry/adapters/stackdriver/index.html
View File

@ -28,6 +28,7 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/tracespan
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -38,6 +39,9 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/tracespan
<p>Endpoint URL to send stackdriver data - leave empty to use the
StackDriver SDK&rsquo;s default value (monitoring.googleapis.com).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-project_id">
@ -46,6 +50,9 @@ StackDriver SDK&rsquo;s default value (monitoring.googleapis.com).</p>
<td>
<p>GCP Project to attach metrics to.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-push_interval">
@ -55,6 +62,9 @@ StackDriver SDK&rsquo;s default value (monitoring.googleapis.com).</p>
<p>This adapter batches the data it sends to Stackdriver; we will push to stackdriver every push_interval.
If no value is provided we default to once per minute.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-app_credentials" class="oneof oneof-start">
@ -66,6 +76,9 @@ by the StackDriver SDK.</p>
<p><a href="https://developers.google.com/identity/protocols/application-default-credentials">See Google&rsquo;s documentation</a>.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-api_key" class="oneof">
@ -74,6 +87,9 @@ by the StackDriver SDK.</p>
<td>
<p>The API Key to be used for auth. API Key is no longer supported, use service account instead.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-service_account_path" class="oneof">
@ -84,6 +100,9 @@ by the StackDriver SDK.</p>
the Mixer. E.g. <code>/etc/opt/mixer/gcp-serviceaccount-creds.json</code>
or <code>./testdata/my-test-account-creds.json</code>.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-metric_info">
@ -92,6 +111,9 @@ or <code>./testdata/my-test-account-creds.json</code>.</p>
<td>
<p>A map of Istio metric name to Stackdriver metric info.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-log_info">
@ -100,6 +122,9 @@ or <code>./testdata/my-test-account-creds.json</code>.</p>
<td>
<p>A map of Istio LogEntry name to Stackdriver log info.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-trace">
@ -108,6 +133,9 @@ or <code>./testdata/my-test-account-creds.json</code>.</p>
<td>
<p>Stackdriver Trace configuration.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -123,6 +151,7 @@ or <code>./testdata/my-test-account-creds.json</code>.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -133,6 +162,9 @@ or <code>./testdata/my-test-account-creds.json</code>.</p>
<p>The logging template provides a set of variables; these list the subset of variables that should be used to
form Stackdriver labels for the log entry.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-payload_template">
@ -142,6 +174,9 @@ form Stackdriver labels for the log entry.</p>
<p>A golang text/template template that will be executed to construct the payload for this log entry.
It will be given the full set of variables for the log to use to construct its result.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-http_mapping">
@ -151,6 +186,9 @@ It will be given the full set of variables for the log to use to construct its r
<p>If an HttpRequestMapping is provided, a HttpRequest object will be filled out for this log entry using the
variables named in the mapping to populate the fields of the request struct from the instance&rsquo;s variables.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-sink_info">
@ -159,6 +197,9 @@ variables named in the mapping to populate the fields of the request struct from
<td>
<p>If SinkInfo is provided, Stackriver logs would be exported to that sink.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -175,6 +216,7 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -184,6 +226,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.Status</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-request_size">
@ -192,6 +237,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.RequestSize</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-response_size">
@ -200,6 +248,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.ResponseSize</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-latency">
@ -208,6 +259,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.Latency</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-local_ip">
@ -216,6 +270,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.LocalIP</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-remote_ip">
@ -224,6 +281,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.RemoteIP</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-url">
@ -232,6 +292,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.Request.Url</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-method">
@ -240,6 +303,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.RequestMethod</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-user_agent">
@ -248,6 +314,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.UserAgent</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-HttpRequestMapping-referer">
@ -256,6 +325,9 @@ See https://godoc.org/cloud.google.com/go/logging#HTTPRequest</p>
<td>
<p>template variable name to map into HTTPRequest.Referer</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -280,6 +352,7 @@ filter: 'severity &gt;= Default'
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -289,6 +362,9 @@ filter: 'severity &gt;= Default'
<td>
<p>Client assigned sink identifier.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-SinkInfo-destination">
@ -297,6 +373,9 @@ filter: 'severity &gt;= Default'
<td>
<p>Export Destination.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-SinkInfo-filter">
@ -305,6 +384,9 @@ filter: 'severity &gt;= Default'
<td>
<p>Filter that specifies any filtering to be done on logs.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-SinkInfo-UniqueWriterIdentity">
@ -322,6 +404,9 @@ the sink itself.</p>
resource such as an organization, then the value of WriterIdentity will
be a unique service account used only for exports from the new sink.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-SinkInfo-UpdateDestination">
@ -332,6 +417,9 @@ be a unique service account used only for exports from the new sink.</p>
is updated if and only if the Update field is true.
Upate sink destination.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-SinkInfo-UpdateFilter">
@ -340,6 +428,9 @@ Upate sink destination.</p>
<td>
<p>Update sink filter.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-LogInfo-SinkInfo-UpdateIncludeChildren">
@ -348,6 +439,9 @@ Upate sink destination.</p>
<td>
<p>Update includes children.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -364,6 +458,7 @@ See https://github.com/googleapis/googleapis/blob/master/google/api/metric.proto
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -373,6 +468,9 @@ See https://github.com/googleapis/googleapis/blob/master/google/api/metric.proto
<td>
<p>The kind of measurement for a metric, which describes how the data is reported. Ex: Gauge.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-value">
@ -381,6 +479,9 @@ See https://github.com/googleapis/googleapis/blob/master/google/api/metric.proto
<td>
<p>The type of the metric&rsquo;s value. Ex: Distribution.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-buckets">
@ -392,6 +493,9 @@ for configuring the buckets that will be used to store the aggregated values.
This field must be provided for metrics declared to be of type DISTRIBUTION.
This field will be ignored for non-distribution metric kinds.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-metric_type">
@ -403,6 +507,9 @@ istio.io/service/server/request_count. If this is not provided, a
concantenation of custom metric prefix (custom.googleapis.com/) and
Istio metric name will be used.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -420,6 +527,7 @@ dependencies it doesn&rsquo;t actually use.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -429,6 +537,9 @@ dependencies it doesn&rsquo;t actually use.</p>
<td>
<p>The linear buckets.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-exponential_buckets" class="oneof">
@ -437,6 +548,9 @@ dependencies it doesn&rsquo;t actually use.</p>
<td>
<p>The exponential buckets.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-explicit_buckets" class="oneof">
@ -445,6 +559,9 @@ dependencies it doesn&rsquo;t actually use.</p>
<td>
<p>The explicit buckets.</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -472,6 +589,7 @@ element is the common boundary of the overflow and underflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -481,6 +599,9 @@ element is the common boundary of the overflow and underflow buckets.</p>
<td>
<p>The values must be monotonically increasing.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -508,6 +629,7 @@ buckets are the underflow and overflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -517,6 +639,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Exponential-growth_factor">
@ -525,6 +650,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 1.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Exponential-scale">
@ -533,6 +661,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -560,6 +691,7 @@ buckets are the underflow and overflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -569,6 +701,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Linear-width">
@ -577,6 +712,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Must be greater than 0.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-BucketsDefinition-Linear-offset">
@ -585,6 +723,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Lower bound of the first bucket.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -600,6 +741,7 @@ buckets are the underflow and overflow buckets.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -609,6 +751,9 @@ buckets are the underflow and overflow buckets.</p>
<td>
<p>Proability that a particular trace ID will be sampled.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

26
content/en/docs/reference/config/policy-and-telemetry/adapters/statsd/index.html
View File

@ -26,6 +26,7 @@ number_of_entries: 3
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -35,6 +36,9 @@ number_of_entries: 3
<td>
<p>Address of the statsd server, e.g. localhost:8125</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-prefix">
@ -43,6 +47,9 @@ number_of_entries: 3
<td>
<p>Metric prefix, do not specify for no prefix</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-flush_duration">
@ -52,6 +59,9 @@ number_of_entries: 3
<p>FlushDuration controls the maximum amount of time between sending metrics to the statsd collection server.
Metrics are reported when either flush<em>bytes is full or flush</em>duration time has elapsed since the last report.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-flush_bytes">
@ -61,6 +71,9 @@ Metrics are reported when either flush<em>bytes is full or flush</em>duration ti
<p>Maximum UDP packet size to send; if not specified defaults to 512 bytes. If the statsd server is running on the
same (private) network 1432 bytes is recommended for better performance.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-sampling_rate">
@ -69,6 +82,9 @@ same (private) network 1432 bytes is recommended for better performance.</p>
<td>
<p>Chance that any particular metric is sampled when incremented; can take the range [0, 1], defaults to 1 if unspecified.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metrics">
@ -77,6 +93,9 @@ same (private) network 1432 bytes is recommended for better performance.</p>
<td>
<p>Map of metric name -&gt; info. If a metric&rsquo;s name is not in the map then the metric will not be exported to statsd.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -92,6 +111,7 @@ same (private) network 1432 bytes is recommended for better performance.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -100,6 +120,9 @@ same (private) network 1432 bytes is recommended for better performance.</p>
<td><code><a href="#Params-MetricInfo-Type">Params.MetricInfo.Type</a></code></td>
<td>
</td>
<td>
No
</td>
</tr>
<tr id="Params-MetricInfo-name_template">
<td><code>nameTemplate</code></td>
@ -113,6 +136,9 @@ we use the template:
<p>If name_template is the empty string the Istio metric name will be used for statsd metric&rsquo;s name.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

28
content/en/docs/reference/config/policy-and-telemetry/adapters/stdio/index.html
View File

@ -31,6 +31,7 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/metric/">
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -41,6 +42,9 @@ and the <a href="/docs/reference/config/policy-and-telemetry/templates/metric/">
<p>Selects which standard stream to write to for log entries.
STDERR is the default Stream.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-severity_levels">
@ -66,6 +70,9 @@ the set of levels supported by this adapter. This defaults to a map of</p>
&quot;fatal&quot;: ERROR,
</code></pre>
</td>
<td>
No
</td>
</tr>
<tr id="Params-metric_level">
@ -74,6 +81,9 @@ the set of levels supported by this adapter. This defaults to a map of</p>
<td>
<p>The level to assign to metrics being output. Defaults to INFO.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-output_as_json">
@ -82,6 +92,9 @@ the set of levels supported by this adapter. This defaults to a map of</p>
<td>
<p>Whether to output a console-friendly or json-friendly format. Defaults to true.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-output_level">
@ -90,6 +103,9 @@ the set of levels supported by this adapter. This defaults to a map of</p>
<td>
<p>The minimum level to output, anything less than this level is ignored. Defaults to INFO (everything).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-output_path">
@ -103,6 +119,9 @@ output is normally saved. When a rotation needs to take place because the file g
or too old, then the file is renamed by appending a timestamp to the name. Such renamed
files are called backups. Once a backup has been created, output resumes to this path.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-max_megabytes_before_rotation">
@ -112,6 +131,9 @@ files are called backups. Once a backup has been created, output resumes to this
<p>The maximum size in megabytes of a log file before it gets
rotated. It defaults to 100 megabytes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-max_days_before_rotation">
@ -124,6 +146,9 @@ hours and may not exactly correspond to calendar days due to daylight
savings, leap seconds, etc. The default is to remove log files
older than 30 days. 0 indicates no limit.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-max_rotated_files">
@ -133,6 +158,9 @@ older than 30 days. 0 indicates no limit.</p>
<p>The maximum number of old rotated log files to retain. The default
is to retain at most 1000 logs. 0 indicates no limit.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

7
content/en/docs/reference/config/policy-and-telemetry/adapters/zipkin/index.html
View File

@ -24,6 +24,7 @@ number_of_entries: 1
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -35,6 +36,9 @@ number_of_entries: 1
<p>Required.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Params-sample_probability">
@ -46,6 +50,9 @@ Defaults to 0 (sampling disabled) if unset.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

217
content/en/docs/reference/config/policy-and-telemetry/istio.mixer.v1.config.client/index.html
View File

@ -24,6 +24,7 @@ for a general overview of API keys as defined by OpenAPI.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -40,6 +41,9 @@ following request:</p>
<pre><code>GET /something?api_key=abcdef12345
</code></pre>
</td>
<td>
Yes
</td>
</tr>
<tr id="APIKey-header" class="oneof">
@ -56,6 +60,9 @@ following request:</p>
X-API-Key: abcdef12345
</code></pre>
</td>
<td>
Yes
</td>
</tr>
<tr id="APIKey-cookie" class="oneof">
@ -72,6 +79,9 @@ following request:</p>
Cookie: X-API-KEY=abcdef12345
</code></pre>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -87,6 +97,7 @@ Cookie: X-API-KEY=abcdef12345
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -105,6 +116,9 @@ Each map element specifies one condition to match.</p>
request.http</em>method:
exact: POST</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -173,6 +187,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -184,6 +199,9 @@ spec:
patterns match. This list typically includes the &ldquo;api.service&rdquo;
and &ldquo;api.version&rdquo; attributes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPAPISpec-patterns">
@ -192,6 +210,9 @@ and &ldquo;api.version&rdquo; attributes.</p>
<td>
<p>List of HTTP patterns to match.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPAPISpec-api_keys">
@ -208,6 +229,9 @@ i.e. &lsquo;OR&rsquo; semantics.</p>
<pre><code>`query: key, `query: api_key`, and then `header: x-api-key`
</code></pre>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -239,6 +263,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -248,6 +273,9 @@ spec:
<td>
<p>REQUIRED. One or more services to map the listed HTTPAPISpec onto.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPAPISpecBinding-api_specs">
@ -258,6 +286,9 @@ spec:
the specified service(s). The aggregate collection of match
conditions defined in the HTTPAPISpecs should not overlap.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -284,6 +315,7 @@ generated.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -295,6 +327,9 @@ generated.</p>
the specified http<em>method and uri</em>template. This typically
includes the &ldquo;api.operation&rdquo; attribute.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPAPISpecPattern-http_method">
@ -305,6 +340,9 @@ includes the &ldquo;api.operation&rdquo; attribute.</p>
<a href="https://tools.ietf.org/html/rfc7231#page-21">rfc7231</a>. For
example: GET, HEAD, POST, PUT, DELETE.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPAPISpecPattern-uri_template" class="oneof oneof-start">
@ -321,6 +359,9 @@ following are valid URI templates:</p>
/search&lbrace;?q*,lang}
</code></pre>
</td>
<td>
Yes
</td>
</tr>
<tr id="HTTPAPISpecPattern-regex" class="oneof">
@ -336,6 +377,9 @@ example,</p>
<pre><code>&quot;^/pets/(.*?)?&quot;
</code></pre>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -358,6 +402,7 @@ HTTPAPISpecReference for service <code>foo</code> in namespace <code>bar</code>.
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -368,6 +413,9 @@ HTTPAPISpecReference for service <code>foo</code> in namespace <code>bar</code>.
<p>REQUIRED. The short name of the HTTPAPISpec. This is the resource
name defined by the metadata name field.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HTTPAPISpecReference-namespace">
@ -377,6 +425,9 @@ name defined by the metadata name field.</p>
<p>Optional namespace of the HTTPAPISpec. Defaults to the encompassing
HTTPAPISpecBinding&rsquo;s metadata namespace field.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -392,6 +443,7 @@ HTTPAPISpecBinding&rsquo;s metadata namespace field.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -401,6 +453,9 @@ HTTPAPISpecBinding&rsquo;s metadata namespace field.</p>
<td>
<p>The transport config.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HttpClientConfig-service_configs">
@ -411,6 +466,9 @@ HTTPAPISpecBinding&rsquo;s metadata namespace field.</p>
is used to support per-service configuration for cases where a
mixerclient serves multiple services.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HttpClientConfig-default_destination_service">
@ -420,6 +478,9 @@ mixerclient serves multiple services.</p>
<p>Default destination service name if none was specified in the
client request.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HttpClientConfig-mixer_attributes">
@ -430,6 +491,9 @@ client request.</p>
Report. This typically includes &ldquo;destination.ip&rdquo; and
&ldquo;destination.uid&rdquo; attributes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HttpClientConfig-forward_attributes">
@ -439,6 +503,9 @@ Report. This typically includes &ldquo;destination.ip&rdquo; and
<p>Default attributes to forward to upstream. This typically
includes the &ldquo;source.ip&rdquo; and &ldquo;source.uid&rdquo; attributes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="HttpClientConfig-ignore_forwarded_attributes">
@ -450,6 +517,9 @@ create the attribute bag to send to mixer. For intra-mesh traffic,
this should be set to &ldquo;false&rdquo;. For ingress/egress gateways, this
should be set to &ldquo;true&rdquo;.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -467,6 +537,7 @@ The FQDN of the service is composed from the name, namespace, and implementation
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -476,6 +547,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<td>
<p>The short name of the service such as &ldquo;foo&rdquo;.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioService-namespace">
@ -484,6 +558,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<td>
<p>Optional namespace of the service. Defaults to value of metadata namespace field.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioService-domain">
@ -492,6 +569,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<td>
<p>Domain suffix used to construct the service FQDN in implementations that support such specification.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioService-service">
@ -500,6 +580,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<td>
<p>The service FQDN.</p>
</td>
<td>
No
</td>
</tr>
<tr id="IstioService-labels">
@ -510,6 +593,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<p><em>Note:</em> When used for a VirtualService destination, labels MUST be empty.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -525,6 +611,7 @@ The FQDN of the service is composed from the name, namespace, and implementation
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -534,6 +621,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<td>
<p>Specifies the behavior when the client is unable to connect to Mixer.</p>
</td>
<td>
No
</td>
</tr>
<tr id="NetworkFailPolicy-max_retry">
@ -542,6 +632,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<td>
<p>Max retries on transport error.</p>
</td>
<td>
No
</td>
</tr>
<tr id="NetworkFailPolicy-base_retry_wait">
@ -551,6 +644,9 @@ The FQDN of the service is composed from the name, namespace, and implementation
<p>Base time to wait between retries. Will be adjusted by exponential
backoff and jitter.</p>
</td>
<td>
No
</td>
</tr>
<tr id="NetworkFailPolicy-max_retry_wait">
@ -559,6 +655,9 @@ backoff and jitter.</p>
<td>
<p>Max time to wait between retries.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -604,6 +703,7 @@ service.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -613,6 +713,9 @@ service.</p>
<td>
<p>The quota name to charge</p>
</td>
<td>
No
</td>
</tr>
<tr id="Quota-charge">
@ -621,6 +724,9 @@ service.</p>
<td>
<p>The quota amount to charge</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -637,6 +743,7 @@ If any clause matched, the list of quotas will be used.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -647,6 +754,9 @@ If any clause matched, the list of quotas will be used.</p>
<p>If empty, match all request.
If any of match is true, it is matched.</p>
</td>
<td>
No
</td>
</tr>
<tr id="QuotaRule-quotas">
@ -655,6 +765,9 @@ If any of match is true, it is matched.</p>
<td>
<p>The list of quotas to charge.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -670,6 +783,7 @@ If any of match is true, it is matched.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -679,6 +793,9 @@ If any of match is true, it is matched.</p>
<td>
<p>A list of Quota rules.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -695,6 +812,7 @@ IstioService.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -704,6 +822,9 @@ IstioService.</p>
<td>
<p>REQUIRED. One or more services to map the listed QuotaSpec onto.</p>
</td>
<td>
No
</td>
</tr>
<tr id="QuotaSpecBinding-quota_specs">
@ -714,6 +835,9 @@ IstioService.</p>
the specified service(s). The aggregate collection of match
conditions defined in the QuotaSpecs should not overlap.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -730,6 +854,7 @@ Binding.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -740,6 +865,9 @@ Binding.</p>
<p>REQUIRED. The short name of the QuotaSpec. This is the resource
name defined by the metadata name field.</p>
</td>
<td>
No
</td>
</tr>
<tr id="QuotaSpecBinding-QuotaSpecReference-namespace">
@ -749,6 +877,9 @@ name defined by the metadata name field.</p>
<p>Optional namespace of the QuotaSpec. Defaults to the value of the
metadata namespace field.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -764,6 +895,7 @@ metadata namespace field.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -773,6 +905,9 @@ metadata namespace field.</p>
<td>
<p>If true, do not call Mixer Check.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceConfig-disable_report_calls">
@ -781,6 +916,9 @@ metadata namespace field.</p>
<td>
<p>If true, do not call Mixer Report.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceConfig-mixer_attributes">
@ -792,6 +930,9 @@ typically includes the &ldquo;destination.service&rdquo; attribute.
In case of a per-route override, per-route attributes take precedence
over the attributes supplied in the client configuration.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceConfig-http_api_spec">
@ -800,6 +941,9 @@ over the attributes supplied in the client configuration.</p>
<td>
<p>HTTP API specifications to generate API attributes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceConfig-quota_spec">
@ -808,6 +952,9 @@ over the attributes supplied in the client configuration.</p>
<td>
<p>Quota specifications to generate quota requirements.</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceConfig-network_fail_policy">
@ -819,6 +966,9 @@ This is the service-level policy. It overrides
[mesh-level
policy][istio.mixer.v1.config.client.TransportConfig.network<em>fail</em>policy].</p>
</td>
<td>
No
</td>
</tr>
<tr id="ServiceConfig-forward_attributes">
@ -841,6 +991,9 @@ attributes. Gateways, for instance, should never use forwarded attributes.</p>
4. forwarded attributes from the source route config (if any and not ignored);
5. derived attributes from the request metadata.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -857,6 +1010,7 @@ case-sensitive.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -866,6 +1020,9 @@ case-sensitive.</p>
<td>
<p>exact string match</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-prefix" class="oneof">
@ -874,6 +1031,9 @@ case-sensitive.</p>
<td>
<p>prefix-based match</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="StringMatch-regex" class="oneof">
@ -882,6 +1042,9 @@ case-sensitive.</p>
<td>
<p>ECMAscript style regex-based match</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -897,6 +1060,7 @@ case-sensitive.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -906,6 +1070,9 @@ case-sensitive.</p>
<td>
<p>The transport config.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TcpClientConfig-mixer_attributes">
@ -916,6 +1083,9 @@ case-sensitive.</p>
Report. This typically includes &ldquo;destination.ip&rdquo; and
&ldquo;destination.uid&rdquo; attributes.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TcpClientConfig-disable_check_calls">
@ -924,6 +1094,9 @@ Report. This typically includes &ldquo;destination.ip&rdquo; and
<td>
<p>If set to true, disables Mixer check calls.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TcpClientConfig-disable_report_calls">
@ -932,6 +1105,9 @@ Report. This typically includes &ldquo;destination.ip&rdquo; and
<td>
<p>If set to true, disables Mixer check calls.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TcpClientConfig-connection_quota_spec">
@ -941,6 +1117,9 @@ Report. This typically includes &ldquo;destination.ip&rdquo; and
<p>Quota specifications to generate quota requirements.
It applies on the new TCP connections.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TcpClientConfig-report_interval">
@ -951,6 +1130,9 @@ It applies on the new TCP connections.</p>
connections. If not specified, the interval is 10 seconds. This interval
should not be less than 1 second, otherwise it will be reset to 1 second.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -966,6 +1148,7 @@ should not be less than 1 second, otherwise it will be reset to 1 second.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -975,6 +1158,9 @@ should not be less than 1 second, otherwise it will be reset to 1 second.</p>
<td>
<p>The flag to disable check cache.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-disable_quota_cache">
@ -983,6 +1169,9 @@ should not be less than 1 second, otherwise it will be reset to 1 second.</p>
<td>
<p>The flag to disable quota cache.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-disable_report_batch">
@ -991,6 +1180,9 @@ should not be less than 1 second, otherwise it will be reset to 1 second.</p>
<td>
<p>The flag to disable report batch.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-network_fail_policy">
@ -1000,6 +1192,9 @@ should not be less than 1 second, otherwise it will be reset to 1 second.</p>
<p>Specifies the behavior when the client is unable to connect to Mixer.
This is the mesh level policy. The default value for policy is FAIL_OPEN.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-stats_update_interval">
@ -1009,6 +1204,9 @@ This is the mesh level policy. The default value for policy is FAIL_OPEN.</p>
<p>Specify refresh interval to write Mixer client statistics to Envoy share
memory. If not specified, the interval is 10 seconds.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-check_cluster">
@ -1024,6 +1222,9 @@ handle report calls.</p>
<p>NOTE: Any value other than the default &ldquo;mixer_server&rdquo; will require the
Istio Grafana dashboards to be reconfigured to use the new name.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-report_cluster">
@ -1039,6 +1240,9 @@ handle report calls.</p>
<p>NOTE: Any value other than the default &ldquo;mixer_server&rdquo; will require the
Istio Grafana dashboards to be reconfigured to use the new name.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-attributes_for_mixer_proxy">
@ -1049,6 +1253,9 @@ Istio Grafana dashboards to be reconfigured to use the new name.</p>
includes the &ldquo;source.ip&rdquo; and &ldquo;source.uid&rdquo; attributes. These
attributes are consumed by the proxy in front of mixer.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-report_batch_max_entries">
@ -1060,6 +1267,9 @@ of requests that are batched in report. If left unspecified, the default value
of report<em>batch</em>max_entries == 0 will use the hardcoded defaults of
istio::mixerclient::ReportOptions.</p>
</td>
<td>
No
</td>
</tr>
<tr id="TransportConfig-report_batch_max_time">
@ -1071,6 +1281,9 @@ time a batched report will be sent after a user request is processed. If left
unspecified, the default report<em>batch</em>max_time == 0 will use the hardcoded
defaults of istio::mixerclient::ReportOptions.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1119,6 +1332,7 @@ Following places may use this message:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1128,6 +1342,9 @@ Following places may use this message:
<td>
<p>A map of attribute name to its value.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

219
content/en/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html
View File

@ -28,6 +28,7 @@ constructed using the instance &lsquo;RequestCountByService&rsquo;.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -38,6 +39,9 @@ constructed using the instance &lsquo;RequestCountByService&rsquo;.</p>
<p>Required. Fully qualified name of the handler to invoke.
Must match the <code>name</code> of a <a href="#Handler-name">Handler</a>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Action-instances">
@ -49,6 +53,9 @@ Must match the <code>name</code> of a <a href="#Handler-name">Handler</a>.</p>
Referenced instances are evaluated by resolving the attributes/literals for all the fields.
The constructed objects are then passed to the <code>handler</code> referenced within this action.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Action-name">
@ -57,6 +64,9 @@ The constructed objects are then passed to the <code>handler</code> referenced w
<td>
<p>Optional. A handle to refer to the results of the action.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -73,6 +83,7 @@ of an Istio deployment.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -82,6 +93,9 @@ of an Istio deployment.</p>
<td>
<p>Optional. The revision of this document. Assigned by server.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AttributeManifest-name">
@ -92,6 +106,9 @@ of an Istio deployment.</p>
the proxy (with the canonical name <code>istio-proxy</code>) or the name of an
<code>attributes</code> kind adapter in Mixer.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AttributeManifest-attributes">
@ -113,6 +130,9 @@ attributes are described at <a href="/docs/reference/config/policy-and-telemetry
Attributes not in that list should be named with a component-specific suffix such as
<code>request.count-my.component</code>.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -168,6 +188,7 @@ encoding scheme will be decided later.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -177,6 +198,9 @@ encoding scheme will be decided later.</p>
<td>
<p>Optional. A human-readable description of the attribute&rsquo;s purpose.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AttributeManifest-AttributeInfo-value_type">
@ -185,6 +209,9 @@ encoding scheme will be decided later.</p>
<td>
<p>Required. The type of data carried by this attribute.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -201,6 +228,7 @@ connections to out-of-process infrastructure backend.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -211,6 +239,9 @@ connections to out-of-process infrastructure backend.</p>
<p>Originate a TLS connection to the adapter and present an auth token
in each call for client authentication.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Authentication-mutual" class="oneof">
@ -220,6 +251,9 @@ in each call for client authentication.</p>
<p>Secure connections to the adapter using mutual TLS by presenting
client certificates for authentication.</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>
@ -236,6 +270,7 @@ Connection is part of the handler custom resource and is specified alongside ada
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -245,6 +280,9 @@ Connection is part of the handler custom resource and is specified alongside ada
<td>
<p>The address of the backend.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Connection-timeout">
@ -253,6 +291,9 @@ Connection is part of the handler custom resource and is specified alongside ada
<td>
<p>Timeout for remote calls to the backend.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Connection-authentication">
@ -262,6 +303,9 @@ Connection is part of the handler custom resource and is specified alongside ada
<p>Auth config for the connection to the backend. If omitted, plain text will
be used.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -281,6 +325,7 @@ type DNSName</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -290,6 +335,9 @@ type DNSName</p>
<td>
<p>DNSName encoded as string.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -306,6 +354,7 @@ to an RPC error.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -315,6 +364,9 @@ to an RPC error.</p>
<td>
<p>Optional HTTP status code. If not set, RPC error code is used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="DirectHttpResponse-body">
@ -323,6 +375,9 @@ to an RPC error.</p>
<td>
<p>HTTP response body.</p>
</td>
<td>
No
</td>
</tr>
<tr id="DirectHttpResponse-headers">
@ -331,6 +386,9 @@ to an RPC error.</p>
<td>
<p>Optional HTTP response headers.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -350,6 +408,7 @@ type Duration</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -359,6 +418,9 @@ type Duration</p>
<td>
<p>Duration encoded as google.protobuf.Duration.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -379,6 +441,7 @@ type EmailAddress</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -388,6 +451,9 @@ type EmailAddress</p>
<td>
<p>EmailAddress encoded as string.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -489,6 +555,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -499,6 +566,9 @@ spec:
<p>Required. Must be unique in the entire Mixer configuration. Used by <a href="#Action-handler">Actions</a>
to refer to this handler.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Handler-compiled_adapter">
@ -511,6 +581,9 @@ adapters, use the <code>adapter</code> field instead.</p>
<p>The value must match the name of the available adapter Mixer is built with. An adapter&rsquo;s name is typically a
constant in its code.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Handler-adapter">
@ -522,6 +595,9 @@ adapters, use the <code>compiled_adapter</code> field instead.</p>
<p>An adapter&rsquo;s implementation name is typically a constant in its code.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Handler-params">
@ -531,6 +607,9 @@ adapters, use the <code>compiled_adapter</code> field instead.</p>
<p>Optional. Depends on adapter implementation. Struct representation of a
proto defined by the adapter implementation; this varies depending on the value of field <code>adapter</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Handler-connection">
@ -540,6 +619,9 @@ proto defined by the adapter implementation; this varies depending on the value
<p>Optional. Information on how to connect to the out-of-process adapter.
This is used if the adapter is not compiled into Mixer binary and is running as a separate process.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -863,6 +945,7 @@ type IPAddress</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -872,6 +955,9 @@ type IPAddress</p>
<td>
<p>IPAddress encoded as bytes.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -905,6 +991,7 @@ Instances produced with this instance can be referenced by <a href="#Action">Act
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -917,6 +1004,9 @@ Instances produced with this instance can be referenced by <a href="#Action">Act
<p>Must be unique amongst other Instances in scope. Used by <a href="#Action">Action</a> to refer
to an instance produced by this instance.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Instance-compiled_template">
@ -928,6 +1018,9 @@ templates, use the <code>template</code> field instead.</p>
<p>The value must match the name of the available template Mixer is built with.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Instance-template">
@ -939,6 +1032,9 @@ templates, use the <code>compiled_template</code> field instead.</p>
<p>The value must match the name of the available template in scope.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Instance-params">
@ -948,6 +1044,9 @@ templates, use the <code>compiled_template</code> field instead.</p>
<p>Required. Depends on referenced template. Struct representation of a
proto defined by the template; this varies depending on the value of field <code>template</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Instance-attribute_bindings">
@ -967,6 +1066,9 @@ attribute_bindings:
source.namespace: output.source_namespace
</code></pre>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -983,6 +1085,7 @@ secure connection to adapter backend.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -993,6 +1096,9 @@ secure connection to adapter backend.</p>
<p>The path to the file holding the private key for mutual TLS. If omitted, the
default Mixer private key will be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Mutual-client_certificate">
@ -1002,6 +1108,9 @@ default Mixer private key will be used.</p>
<p>The path to the file holding client certificate for mutual TLS. If omitted, the
default Mixer certificates will be used.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Mutual-ca_certificates">
@ -1012,6 +1121,9 @@ default Mixer certificates will be used.</p>
verify the presented adapter certificates. By default Mixer should already
include Istio CA certificates and system certificates in cert pool.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Mutual-server_name">
@ -1022,6 +1134,9 @@ include Istio CA certificates and system certificates in cert pool.</p>
It is not used to verify the hostname of the peer certificate, since
Istio verifies whitelisted SAN fields in mutual TLS.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1038,6 +1153,7 @@ TLS for connection to the backend.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1047,6 +1163,9 @@ TLS for connection to the backend.</p>
<td>
<p>REQUIRED. OAuth client id for mixer.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OAuth-client_secret">
@ -1055,6 +1174,9 @@ TLS for connection to the backend.</p>
<td>
<p>REQUIRED. The path to the file holding the client secret for oauth.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OAuth-token_url">
@ -1063,6 +1185,9 @@ TLS for connection to the backend.</p>
<td>
<p>REQUIRED. The Resource server&rsquo;s token endpoint URL.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OAuth-scopes">
@ -1071,6 +1196,9 @@ TLS for connection to the backend.</p>
<td>
<p>List of requested permissions.</p>
</td>
<td>
No
</td>
</tr>
<tr id="OAuth-endpoint_params">
@ -1079,6 +1207,9 @@ TLS for connection to the backend.</p>
<td>
<p>Additional parameters for requests to the token endpoint.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1105,6 +1236,7 @@ instance constructed using the &lsquo;RequestCountByService&rsquo; instance.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1126,6 +1258,9 @@ name starts with &ldquo;ratings&rdquo;</li>
<li><code>attr1 == &quot;20&quot; &amp;&amp; attr2 == &quot;30&quot;</code> logical AND, OR, and NOT are also available</li>
</ul>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-actions">
@ -1134,6 +1269,9 @@ name starts with &ldquo;ratings&rdquo;</li>
<td>
<p>Optional. The actions that will be executed when match evaluates to <code>true</code>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-request_header_operations">
@ -1143,6 +1281,9 @@ name starts with &ldquo;ratings&rdquo;</li>
<p>Optional. Templatized operations on the request headers using values produced by the
rule actions. Require the check action result to be OK.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-response_header_operations">
@ -1152,6 +1293,9 @@ rule actions. Require the check action result to be OK.</p>
<p>Optional. Templatized operations on the response headers using values produced by the
rule actions. Require the check action result to be OK.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1180,6 +1324,7 @@ adapter to optionally modify the headers.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1189,6 +1334,9 @@ adapter to optionally modify the headers.</p>
<td>
<p>Required. Header name literal value.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-HeaderOperationTemplate-values">
@ -1197,6 +1345,9 @@ adapter to optionally modify the headers.</p>
<td>
<p>Optional. Header value expressions.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-HeaderOperationTemplate-operation">
@ -1205,6 +1356,9 @@ adapter to optionally modify the headers.</p>
<td>
<p>Optional. Header operation type. Default operation is to replace the value of the header by name.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1260,6 +1414,7 @@ type StringMap</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1269,6 +1424,9 @@ type StringMap</p>
<td>
<p>StringMap encoded as a map of strings</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1288,6 +1446,7 @@ type TimeStamp</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1297,6 +1456,9 @@ type TimeStamp</p>
<td>
<p>TimeStamp encoded as google.protobuf.Timestamp.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1313,6 +1475,7 @@ connection to the backend.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1323,6 +1486,9 @@ connection to the backend.</p>
<p>The path to the file holding additional CA certificates to well known
public certs.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Tls-token_path" class="oneof oneof-start">
@ -1332,6 +1498,9 @@ public certs.</p>
<p>The path to the file holding the auth token (password, jwt token, api
key, etc).</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Tls-oauth" class="oneof">
@ -1340,6 +1509,9 @@ key, etc).</p>
<td>
<p>Oauth config to fetch access token from auth provider.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Tls-auth_header" class="oneof oneof-start">
@ -1348,6 +1520,9 @@ key, etc).</p>
<td>
<p>Access token is passed as authorization header.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Tls-custom_header" class="oneof">
@ -1357,6 +1532,9 @@ key, etc).</p>
<p>Customized header key to hold access token, e.g. x-api-key. Token will be
passed as what it is.</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Tls-server_name">
@ -1366,6 +1544,9 @@ passed as what it is.</p>
<p>Used to configure mixer TLS client to verify the hostname on the returned
certificates. It is also included in the client&rsquo;s handshake to support SNI.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1417,6 +1598,7 @@ type Uri</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1426,6 +1608,9 @@ type Uri</p>
<td>
<p>Uri encoded as string.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -1449,6 +1634,7 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -1458,6 +1644,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type STRING</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-int64_value" class="oneof">
@ -1466,6 +1655,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type INT64</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-double_value" class="oneof">
@ -1474,6 +1666,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type DOUBLE</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-bool_value" class="oneof">
@ -1482,6 +1677,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type BOOL</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-ip_address_value" class="oneof">
@ -1490,6 +1688,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type IPAddress</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-timestamp_value" class="oneof">
@ -1498,6 +1699,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type TIMESTAMP</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-duration_value" class="oneof">
@ -1506,6 +1710,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type DURATION</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-email_address_value" class="oneof">
@ -1514,6 +1721,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type EmailAddress</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-dns_name_value" class="oneof">
@ -1522,6 +1732,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type DNSName</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-uri_value" class="oneof">
@ -1530,6 +1743,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type Uri</p>
</td>
<td>
Yes
</td>
</tr>
<tr id="Value-string_map_value" class="oneof">
@ -1538,6 +1754,9 @@ the equivalent oneof field in <code>Value</code> is populated by Mixer and passe
<td>
<p>Used for values of type STRING_MAP</p>
</td>
<td>
Yes
</td>
</tr>
</tbody>

16
content/en/docs/reference/config/policy-and-telemetry/templates/apikey/index.html
View File

@ -39,6 +39,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -48,6 +49,9 @@ spec:
<td>
<p>The API being called (api.service).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-api_version">
@ -56,6 +60,9 @@ spec:
<td>
<p>The version of the API (api.version).</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-api_operation">
@ -64,6 +71,9 @@ spec:
<td>
<p>The API operation is being called.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-api_key">
@ -72,6 +82,9 @@ spec:
<td>
<p>API key used in API call.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-timestamp">
@ -80,6 +93,9 @@ spec:
<td>
<p>Timestamp of API call.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

33
content/en/docs/reference/config/policy-and-telemetry/templates/authorization/index.html
View File

@ -47,6 +47,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -56,6 +57,9 @@ spec:
<td>
<p>Namespace the target action is taking place in.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Action-service">
@ -64,6 +68,9 @@ spec:
<td>
<p>The Service the action is being taken on.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Action-method">
@ -72,6 +79,9 @@ spec:
<td>
<p>What action is being taken.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Action-path">
@ -80,6 +90,9 @@ spec:
<td>
<p>HTTP REST path within the service</p>
</td>
<td>
No
</td>
</tr>
<tr id="Action-properties">
@ -88,6 +101,9 @@ spec:
<td>
<p>Additional data about the action for use in policy.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -104,6 +120,7 @@ the caller identity.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -113,6 +130,9 @@ the caller identity.</p>
<td>
<p>The user name/ID that the subject represents.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Subject-groups">
@ -124,6 +144,9 @@ the caller identity.</p>
The operator can define how it is populated when creating an instance of
the template.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Subject-properties">
@ -132,6 +155,9 @@ the template.</p>
<td>
<p>Additional attributes about the subject.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -153,6 +179,7 @@ passed to individual authorization adapters to adjudicate.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -163,6 +190,9 @@ passed to individual authorization adapters to adjudicate.</p>
<p>A subject contains a list of attributes that identify
the caller identity.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-action">
@ -171,6 +201,9 @@ the caller identity.</p>
<td>
<p>An action defines &ldquo;how a resource is accessed&rdquo;.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

40
content/en/docs/reference/config/policy-and-telemetry/templates/edge/index.html
View File

@ -53,6 +53,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -62,6 +63,9 @@ spec:
<td>
<p>Timestamp of the edge</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_workload_namespace">
@ -70,6 +74,9 @@ spec:
<td>
<p>Namespace of the source workload</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_workload_name">
@ -78,6 +85,9 @@ spec:
<td>
<p>Name of the source workload</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_owner">
@ -86,6 +96,9 @@ spec:
<td>
<p>Owner of the source workload (often k8s deployment)</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_uid">
@ -94,6 +107,9 @@ spec:
<td>
<p>UID of the source workload</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_workload_namespace">
@ -102,6 +118,9 @@ spec:
<td>
<p>Namespace of the destination workload</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_workload_name">
@ -110,6 +129,9 @@ spec:
<td>
<p>Name of the destination workload</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_owner">
@ -118,6 +140,9 @@ spec:
<td>
<p>Owner of the destination workload (often k8s deployment)</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_uid">
@ -126,6 +151,9 @@ spec:
<td>
<p>UID of the destination workload</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_service_namespace">
@ -134,6 +162,9 @@ spec:
<td>
<p>Namespace of the destination Service</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_service_name">
@ -142,6 +173,9 @@ spec:
<td>
<p>Name of the destination Service</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-context_protocol">
@ -150,6 +184,9 @@ spec:
<td>
<p>Protocol used for communication (http, tcp)</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-api_protocol">
@ -158,6 +195,9 @@ spec:
<td>
<p>The protocol type of the API call (http, https, grpc)</p>
</td>
<td>
No
</td>
</tr>
</tbody>

86
content/en/docs/reference/config/policy-and-telemetry/templates/kubernetes/index.html
View File

@ -51,6 +51,7 @@ Next ID: 33</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -61,6 +62,9 @@ Next ID: 33</p>
<p>Refers to the source.uid for a pod. This is for TCP use cases where the attribute is not present.
attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_pod_ip">
@ -69,6 +73,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to source pod ip address. attribute<em>bindings can refer to this field using $out.source</em>pod_ip</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_pod_name">
@ -77,6 +84,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to source pod name. attribute<em>bindings can refer to this field using $out.source</em>pod_name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_labels">
@ -85,6 +95,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to source pod labels. attribute<em>bindings can refer to this field using $out.source</em>labels</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_namespace">
@ -93,6 +106,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to source pod namespace. attribute<em>bindings can refer to this field using $out.source</em>namespace</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_service_account_name">
@ -101,6 +117,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to source pod service account name. attribute<em>bindings can refer to this field using $out.source</em>service<em>account</em>name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_host_ip">
@ -109,6 +128,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to source pod host ip address. attribute<em>bindings can refer to this field using $out.source</em>host_ip</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_workload_uid">
@ -117,6 +139,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to the Istio workload identifier for the source pod. Attribute<em>bindings can refer to this field using $out.source</em>workload_uid</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_workload_name">
@ -125,6 +150,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to the Istio workload name for the source pod. Attribute<em>bindings can refer to this field using $out.source</em>workload_name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_workload_namespace">
@ -133,6 +161,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to the Istio workload namespace for the source pod. Attribute<em>bindings can refer to this field using $out.source</em>workload_namespace</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-source_owner">
@ -141,6 +172,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<td>
<p>Refers to the (controlling) owner of the source pod. Attribute<em>bindings can refer to this field using $out.source</em>owner</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_pod_uid">
@ -150,6 +184,9 @@ attribute<em>bindings can refer to this field using $out.source</em>pod_uid</p>
<p>Refers to the destination.uid for a pod. This is for TCP use cases where the attribute is not present.
attribute<em>bindings can refer to this field using $out.destination</em>pod_uid</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_pod_ip">
@ -158,6 +195,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination pod ip address. attribute<em>bindings can refer to this field using $out.destination</em>pod_ip</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_pod_name">
@ -166,6 +206,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination pod name. attribute<em>bindings can refer to this field using $out.destination</em>pod_name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_container_name">
@ -174,6 +217,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination container name. attribute<em>bindings can refer to this field using $out.destination</em>container_name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_labels">
@ -182,6 +228,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination pod labels. attribute<em>bindings can refer to this field using $out.destination</em>labels</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_namespace">
@ -190,6 +239,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination pod namespace. attribute<em>bindings can refer to this field using $out.destination</em>namespace</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_service_account_name">
@ -198,6 +250,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination pod service account name. attribute<em>bindings can refer to this field using $out.destination</em>service<em>account</em>name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_host_ip">
@ -206,6 +261,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to destination pod host ip address. attribute<em>bindings can refer to this field using $out.destination</em>host_ip</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_owner">
@ -214,6 +272,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to the (controlling) owner of the destination pod. Attribute<em>bindings can refer to this field using $out.destination</em>owner</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_workload_uid">
@ -222,6 +283,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to the Istio workload identifier for the destination pod. Attribute<em>bindings can refer to this field using $out.destination</em>workload_uid</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_workload_name">
@ -230,6 +294,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to the Istio workload name for the destination pod. Attribute<em>bindings can refer to this field using $out.destination</em>workload_name</p>
</td>
<td>
No
</td>
</tr>
<tr id="OutputTemplate-destination_workload_namespace">
@ -238,6 +305,9 @@ attribute<em>bindings can refer to this field using $out.destination</em>pod_uid
<td>
<p>Refers to the Istio workload name for the destination pod. Attribute<em>bindings can refer to this field using $out.destination</em>workload_namespace</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -257,6 +327,7 @@ Next ID: 8</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -266,6 +337,9 @@ Next ID: 8</p>
<td>
<p>Source pod&rsquo;s uid. Must be of the form: &ldquo;kubernetes://pod.namespace&rdquo;</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_ip">
@ -274,6 +348,9 @@ Next ID: 8</p>
<td>
<p>Source pod&rsquo;s ip.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_uid">
@ -282,6 +359,9 @@ Next ID: 8</p>
<td>
<p>Destination pod&rsquo;s uid. Must be of the form: &ldquo;kubernetes://pod.namespace&rdquo;</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_ip">
@ -290,6 +370,9 @@ Next ID: 8</p>
<td>
<p>Destination pod&rsquo;s ip.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_port">
@ -298,6 +381,9 @@ Next ID: 8</p>
<td>
<p>Destination container&rsquo;s port number.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

4
content/en/docs/reference/config/policy-and-telemetry/templates/listentry/index.html
View File

@ -41,6 +41,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -50,6 +51,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>Specifies the entry to verify in the list. This value can either be a string or an IP address.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

16
content/en/docs/reference/config/policy-and-telemetry/templates/logentry/index.html
View File

@ -52,6 +52,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -61,6 +62,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>Variables that are delivered for each log entry.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-timestamp">
@ -69,6 +73,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>Timestamp is the time value for the log entry</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-severity">
@ -77,6 +84,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>Severity indicates the importance of the log entry.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-monitored_resource_type">
@ -87,6 +97,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
If the logging backend supports monitored resources, these fields are used to populate that resource.
Otherwise these fields will be ignored by the adapter.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-monitored_resource_dimensions">
@ -97,6 +110,9 @@ Otherwise these fields will be ignored by the adapter.</p>
recorded on. If the logging backend supports monitored resources, these fields are used to populate that resource.
Otherwise these fields will be ignored by the adapter.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

13
content/en/docs/reference/config/policy-and-telemetry/templates/metric/index.html
View File

@ -46,6 +46,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -55,6 +56,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>The value being reported.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-dimensions">
@ -63,6 +67,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>The unique identity of the particular metric to report.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-monitored_resource_type">
@ -73,6 +80,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
If the metric backend supports monitored resources, these fields are used to populate that resource. Otherwise
these fields will be ignored by the adapter.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-monitored_resource_dimensions">
@ -83,6 +93,9 @@ these fields will be ignored by the adapter.</p>
If the metric backend supports monitored resources, these fields are used to populate that resource. Otherwise
these fields will be ignored by the adapter.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

4
content/en/docs/reference/config/policy-and-telemetry/templates/quota/index.html
View File

@ -43,6 +43,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -52,6 +53,9 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<td>
<p>The unique identity of the particular quota to manipulate.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

58
content/en/docs/reference/config/policy-and-telemetry/templates/tracespan/index.html
View File

@ -55,6 +55,7 @@ then the expression&rsquo;s <a href="/docs/reference//config/policy-and-telemetr
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -67,6 +68,9 @@ trace share the same Trace ID.</p>
<p>Required.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-span_id">
@ -78,6 +82,9 @@ when the span is created.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-parent_span_id">
@ -89,6 +96,9 @@ instance. If this is a root span, then this field MUST be empty.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-span_name">
@ -104,6 +114,9 @@ This makes it easier to correlate spans in different traces.</p>
<p>Required.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-start_time">
@ -114,6 +127,9 @@ This makes it easier to correlate spans in different traces.</p>
<p>Required.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-end_time">
@ -124,6 +140,9 @@ This makes it easier to correlate spans in different traces.</p>
<p>Required.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-span_tags">
@ -135,6 +154,9 @@ entire span. The values can be specified in the form of expressions.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-httpStatusCode">
@ -144,6 +166,9 @@ entire span. The values can be specified in the form of expressions.</p>
<p>HTTP status code used to set the span status. If unset or set to 0, the
span status will be assumed to be successful.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-client_span">
@ -157,6 +182,9 @@ type.</p>
<p>Optional</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-rewrite_client_span_id">
@ -171,6 +199,9 @@ parent span id of server span to the same newly generated id.</p>
<p>Optional</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_name">
@ -182,6 +213,9 @@ Should usually be set to <code>source.workload.name</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-source_ip">
@ -192,6 +226,9 @@ Should usually be set to <code>source.workload.name</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_name">
@ -203,6 +240,9 @@ Should usually be set to <code>destination.workload.name</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-destination_ip">
@ -213,6 +253,9 @@ Should usually be set to <code>destination.workload.name</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-request_size">
@ -223,6 +266,9 @@ Should usually be set to <code>destination.workload.name</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-request_total_size">
@ -234,6 +280,9 @@ Should usually be set to <code>request.total_size</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-response_size">
@ -244,6 +293,9 @@ Should usually be set to <code>request.total_size</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-response_total_size">
@ -255,6 +307,9 @@ Should usually be set to <code>response.total_size</code>.</p>
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Template-api_protocol">
@ -266,6 +321,9 @@ the <code>api.protocol</code> attribute. Should usually be set to <code>api.prot
<p>Optional.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

62
content/en/docs/reference/config/security/v1beta1/authorization-policy/index.html
View File

@ -140,6 +140,7 @@ spec:
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -151,6 +152,9 @@ spec:
If not set, the authorization policy will be applied to all workloads in the
same namespace as the authorization policy.</p>
</td>
<td>
No
</td>
</tr>
<tr id="AuthorizationPolicy-rules">
@ -161,6 +165,9 @@ same namespace as the authorization policy.</p>
<p>If not set, access is denied unless explicitly allowed by other authorization policy.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -176,6 +183,7 @@ same namespace as the authorization policy.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -186,6 +194,9 @@ same namespace as the authorization policy.</p>
<p>Required. The name of an Istio attribute.
See the <a href="/docs/reference/config/">full list of supported attributes</a>.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Condition-values">
@ -194,6 +205,9 @@ See the <a href="/docs/reference/config/">full list of supported attributes</a>.
<td>
<p>Required. The allowed values for the attribute.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -209,6 +223,7 @@ See the <a href="/docs/reference/config/">full list of supported attributes</a>.
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -220,6 +235,9 @@ See the <a href="/docs/reference/config/">full list of supported attributes</a>.
<p>If not set, any host is allowed. Must be used only with HTTP.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Operation-ports">
@ -230,6 +248,9 @@ See the <a href="/docs/reference/config/">full list of supported attributes</a>.
<p>If not set, any port is allowed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Operation-methods">
@ -242,6 +263,9 @@ For gRPC service, this should be the fully-qualified name in the form of
<p>If not set, any method is allowed. Must be used only with HTTP or gRPC.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Operation-paths">
@ -252,6 +276,9 @@ For gRPC service, this should be the fully-qualified name in the form of
<p>If not set, any path is allowed. Must be used only with HTTP.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -274,6 +301,7 @@ the condition is matched.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -285,6 +313,9 @@ the condition is matched.</p>
<p>If not set, any source is allowed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-to">
@ -295,6 +326,9 @@ the condition is matched.</p>
<p>If not set, any operation is allowed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Rule-when">
@ -305,6 +339,9 @@ the condition is matched.</p>
<p>If not set, any condition is allowed.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -320,6 +357,7 @@ the condition is matched.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -329,6 +367,9 @@ the condition is matched.</p>
<td>
<p>Source specifies the source of a request.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -344,6 +385,7 @@ the condition is matched.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -353,6 +395,9 @@ the condition is matched.</p>
<td>
<p>Operation specifies the operation of a request.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -368,6 +413,7 @@ the condition is matched.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -380,6 +426,9 @@ matches to the &ldquo;source.principal&rdquo; attribute.</p>
<p>If not set, any principal is allowed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Source-request_principals">
@ -391,6 +440,9 @@ matches to the &ldquo;request.auth.principal&rdquo; attribute.</p>
<p>If not set, any request principal is allowed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Source-namespaces">
@ -402,6 +454,9 @@ attribute.</p>
<p>If not set, any namespace is allowed.</p>
</td>
<td>
No
</td>
</tr>
<tr id="Source-ip_blocks">
@ -413,6 +468,9 @@ Single IP (e.g. &ldquo;1.2.3.4&rdquo;) and CIDR (e.g. &ldquo;1.2.3.0/24&rdquo;)
<p>If not set, any IP is allowed.</p>
</td>
<td>
No
</td>
</tr>
</tbody>
@ -433,6 +491,7 @@ selected. Currently, only label based selection mechanism is supported.</p>
<th>Field</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody>
@ -444,6 +503,9 @@ selected. Currently, only label based selection mechanism is supported.</p>
on which a policy should be applied. The scope of label search is restricted to
the configuration namespace in which the resource is present.</p>
</td>
<td>
No
</td>
</tr>
</tbody>

9
data/analysis.yaml
View File

@ -91,3 +91,12 @@ messages:
type: string
- name: injectionVersion
type: string
- name: "SchemaValidationError"
code: IST0106
level: Error
description: "The resource has one or more schema validation errors."
template: "The resource has one or more schema validation errors: %v"
args:
- name: combinedErr
type: error