|
|
|
|
@ -4,7 +4,7 @@ source_repo: https://github.com/istio/istio
|
|
|
|
|
title: istioctl
|
|
|
|
|
description: Istio control interface.
|
|
|
|
|
generator: pkg-collateral-docs
|
|
|
|
|
number_of_entries: 54
|
|
|
|
|
number_of_entries: 60
|
|
|
|
|
---
|
|
|
|
|
<p>Istio configuration command line utility for service operators to
|
|
|
|
|
debug and diagnose their Istio mesh.
|
|
|
|
|
@ -668,6 +668,185 @@ istioctl deregister my-svc 172.17.0.2
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h2 id="istioctl-experimental-add-to-mesh">istioctl experimental add-to-mesh</h2>
|
|
|
|
|
<p>Add workloads into Istio service mesh</p>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental add-to-mesh [flags]
|
|
|
|
|
</code></pre>
|
|
|
|
|
<div class="aliases">
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental add [flags]
|
|
|
|
|
</code></pre></div>
|
|
|
|
|
<table class="command-flags">
|
|
|
|
|
<thead>
|
|
|
|
|
<tr>
|
|
|
|
|
<th>Flags</th>
|
|
|
|
|
<th>Shorthand</th>
|
|
|
|
|
<th>Description</th>
|
|
|
|
|
</tr>
|
|
|
|
|
</thead>
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--context <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>The name of the kubeconfig context to use (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--istioNamespace <string></code></td>
|
|
|
|
|
<td><code>-i</code></td>
|
|
|
|
|
<td>Istio system namespace (default `istio-system`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--kubeconfig <string></code></td>
|
|
|
|
|
<td><code>-c</code></td>
|
|
|
|
|
<td>Kubernetes configuration file (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--log_output_level <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, attributes, authn, default, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, rbac, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--namespace <string></code></td>
|
|
|
|
|
<td><code>-n</code></td>
|
|
|
|
|
<td>Config namespace (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h2 id="istioctl-experimental-add-to-mesh-external-service">istioctl experimental add-to-mesh external-service</h2>
|
|
|
|
|
<p>istioctl experimental add-to-mesh external-service create a ServiceEntry and\
|
|
|
|
|
a Service without selector for the specified external service in Istio service mesh.
|
|
|
|
|
The typical usage scenario is Mesh Expansion on VMs.
|
|
|
|
|
THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|
|
|
|
</p>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental add-to-mesh external-service <svcname> <ip>... [name1:]port1 [name2:]port2 ... [flags]
|
|
|
|
|
</code></pre>
|
|
|
|
|
<table class="command-flags">
|
|
|
|
|
<thead>
|
|
|
|
|
<tr>
|
|
|
|
|
<th>Flags</th>
|
|
|
|
|
<th>Shorthand</th>
|
|
|
|
|
<th>Description</th>
|
|
|
|
|
</tr>
|
|
|
|
|
</thead>
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--annotations <stringSlice></code></td>
|
|
|
|
|
<td><code>-a</code></td>
|
|
|
|
|
<td>List of string annotations to apply if creating a service/endpoint; e.g. -a foo=bar,x=y (default `[]`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--context <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>The name of the kubeconfig context to use (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--istioNamespace <string></code></td>
|
|
|
|
|
<td><code>-i</code></td>
|
|
|
|
|
<td>Istio system namespace (default `istio-system`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--kubeconfig <string></code></td>
|
|
|
|
|
<td><code>-c</code></td>
|
|
|
|
|
<td>Kubernetes configuration file (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--labels <stringSlice></code></td>
|
|
|
|
|
<td><code>-l</code></td>
|
|
|
|
|
<td>List of labels to apply if creating a service/endpoint; e.g. -l env=prod,vers=2 (default `[]`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--log_output_level <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, attributes, authn, default, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, rbac, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--namespace <string></code></td>
|
|
|
|
|
<td><code>-n</code></td>
|
|
|
|
|
<td>Config namespace (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--serviceaccount <string></code></td>
|
|
|
|
|
<td><code>-s</code></td>
|
|
|
|
|
<td>Service account to link to the service (default `default`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h3 id="istioctl-experimental-add-to-mesh-external-service Examples">Examples</h3>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental add-to-mesh external-service vmhttp 172.12.23.125,172.12.23.126\
|
|
|
|
|
http:9080 tcp:8888 -l app=test,version=v1 -a env=stage -s stageAdmin
|
|
|
|
|
</code></pre>
|
|
|
|
|
<h2 id="istioctl-experimental-add-to-mesh-service">istioctl experimental add-to-mesh service</h2>
|
|
|
|
|
<p>istioctl experimental add-to-mesh service restarts pods with the Istio sidecar. Use 'add-to-mesh'
|
|
|
|
|
to test deployments for compatibility with Istio. If your service does not function after
|
|
|
|
|
using 'add-to-mesh' you must re-deploy it and troubleshoot it for Istio compatibility.
|
|
|
|
|
See https://istio.io/docs/setup/kubernetes/additional-setup/requirements/
|
|
|
|
|
THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|
|
|
|
</p>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental add-to-mesh service [flags]
|
|
|
|
|
</code></pre>
|
|
|
|
|
<table class="command-flags">
|
|
|
|
|
<thead>
|
|
|
|
|
<tr>
|
|
|
|
|
<th>Flags</th>
|
|
|
|
|
<th>Shorthand</th>
|
|
|
|
|
<th>Description</th>
|
|
|
|
|
</tr>
|
|
|
|
|
</thead>
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--context <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>The name of the kubeconfig context to use (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--injectConfigFile <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>injection configuration filename. Cannot be used with --injectConfigMapName (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--injectConfigMapName <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>ConfigMap name for Istio sidecar injection, key should be "config". (default `istio-sidecar-injector`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--istioNamespace <string></code></td>
|
|
|
|
|
<td><code>-i</code></td>
|
|
|
|
|
<td>Istio system namespace (default `istio-system`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--kubeconfig <string></code></td>
|
|
|
|
|
<td><code>-c</code></td>
|
|
|
|
|
<td>Kubernetes configuration file (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--log_output_level <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, attributes, authn, default, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, rbac, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--meshConfigFile <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>mesh configuration filename. Takes precedence over --meshConfigMapName if set (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--meshConfigMapName <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>ConfigMap name for Istio mesh configuration, key should be "mesh" (default `istio`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--namespace <string></code></td>
|
|
|
|
|
<td><code>-n</code></td>
|
|
|
|
|
<td>Config namespace (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--valuesFile <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>injection values configuration filename. (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h3 id="istioctl-experimental-add-to-mesh-service Examples">Examples</h3>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental add-to-mesh service productpage
|
|
|
|
|
</code></pre>
|
|
|
|
|
<h2 id="istioctl-experimental-auth">istioctl experimental auth</h2>
|
|
|
|
|
<p>Commands to inspect and interact with the authentication (TLS, JWT) and authorization (RBAC) policies in the mesh
|
|
|
|
|
check - check the TLS/JWT/RBAC settings based on the Envoy config
|
|
|
|
|
@ -1737,6 +1916,141 @@ customization file. (default `[]`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h2 id="istioctl-experimental-remove-from-mesh">istioctl experimental remove-from-mesh</h2>
|
|
|
|
|
<p>Remove workloads from Istio service mesh</p>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental remove-from-mesh [flags]
|
|
|
|
|
</code></pre>
|
|
|
|
|
<div class="aliases">
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental remove [flags]
|
|
|
|
|
</code></pre></div>
|
|
|
|
|
<table class="command-flags">
|
|
|
|
|
<thead>
|
|
|
|
|
<tr>
|
|
|
|
|
<th>Flags</th>
|
|
|
|
|
<th>Shorthand</th>
|
|
|
|
|
<th>Description</th>
|
|
|
|
|
</tr>
|
|
|
|
|
</thead>
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--context <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>The name of the kubeconfig context to use (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--istioNamespace <string></code></td>
|
|
|
|
|
<td><code>-i</code></td>
|
|
|
|
|
<td>Istio system namespace (default `istio-system`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--kubeconfig <string></code></td>
|
|
|
|
|
<td><code>-c</code></td>
|
|
|
|
|
<td>Kubernetes configuration file (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--log_output_level <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, attributes, authn, default, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, rbac, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--namespace <string></code></td>
|
|
|
|
|
<td><code>-n</code></td>
|
|
|
|
|
<td>Config namespace (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h2 id="istioctl-experimental-remove-from-mesh-external-service">istioctl experimental remove-from-mesh external-service</h2>
|
|
|
|
|
<p>istioctl experimental remove-from-mesh external-service remove the ServiceEntry and\
|
|
|
|
|
the kubernetes Service for the specified external service(eg:services running on VM) from Istio service mesh.
|
|
|
|
|
The typical usage scenario is Mesh Expansion on VMs.
|
|
|
|
|
THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|
|
|
|
</p>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental remove-from-mesh external-service <svcname> [flags]
|
|
|
|
|
</code></pre>
|
|
|
|
|
<table class="command-flags">
|
|
|
|
|
<thead>
|
|
|
|
|
<tr>
|
|
|
|
|
<th>Flags</th>
|
|
|
|
|
<th>Shorthand</th>
|
|
|
|
|
<th>Description</th>
|
|
|
|
|
</tr>
|
|
|
|
|
</thead>
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--context <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>The name of the kubeconfig context to use (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--istioNamespace <string></code></td>
|
|
|
|
|
<td><code>-i</code></td>
|
|
|
|
|
<td>Istio system namespace (default `istio-system`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--kubeconfig <string></code></td>
|
|
|
|
|
<td><code>-c</code></td>
|
|
|
|
|
<td>Kubernetes configuration file (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--log_output_level <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, attributes, authn, default, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, rbac, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--namespace <string></code></td>
|
|
|
|
|
<td><code>-n</code></td>
|
|
|
|
|
<td>Config namespace (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h3 id="istioctl-experimental-remove-from-mesh-external-service Examples">Examples</h3>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental remove-from-mesh external-service vmhttp
|
|
|
|
|
</code></pre>
|
|
|
|
|
<h2 id="istioctl-experimental-remove-from-mesh-service">istioctl experimental remove-from-mesh service</h2>
|
|
|
|
|
<p>istioctl experimental remove-from-mesh service restarts pods with the Istio sidecar un-injected.
|
|
|
|
|
THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
|
|
|
|
|
</p>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental remove-from-mesh service [flags]
|
|
|
|
|
</code></pre>
|
|
|
|
|
<table class="command-flags">
|
|
|
|
|
<thead>
|
|
|
|
|
<tr>
|
|
|
|
|
<th>Flags</th>
|
|
|
|
|
<th>Shorthand</th>
|
|
|
|
|
<th>Description</th>
|
|
|
|
|
</tr>
|
|
|
|
|
</thead>
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--context <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>The name of the kubeconfig context to use (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--istioNamespace <string></code></td>
|
|
|
|
|
<td><code>-i</code></td>
|
|
|
|
|
<td>Istio system namespace (default `istio-system`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--kubeconfig <string></code></td>
|
|
|
|
|
<td><code>-c</code></td>
|
|
|
|
|
<td>Kubernetes configuration file (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--log_output_level <string></code></td>
|
|
|
|
|
<td></td>
|
|
|
|
|
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, attributes, authn, default, grpcAdapter, kube-converter, mcp, meshconfig, model, name, patch, rbac, tpath, translator, util, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>--namespace <string></code></td>
|
|
|
|
|
<td><code>-n</code></td>
|
|
|
|
|
<td>Config namespace (default ``)</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
<h3 id="istioctl-experimental-remove-from-mesh-service Examples">Examples</h3>
|
|
|
|
|
<pre class="language-bash"><code>istioctl experimental remove-from-mesh service productpage
|
|
|
|
|
</code></pre>
|
|
|
|
|
<h2 id="istioctl-kube-inject">istioctl kube-inject</h2>
|
|
|
|
|
<p></p>
|
|
|
|
|
<p>kube-inject manually injects the Envoy sidecar into Kubernetes
|
|
|
|
|
@ -2706,6 +3020,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|
|
|
|
<td>If enabled, protocol sniffing will be used on ports whose port protocol is not specified or unsupported</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND</code></td>
|
|
|
|
|
<td>Boolean</td>
|
|
|
|
|
<td><code>true</code></td>
|
|
|
|
|
<td>If enabled, protocol sniffing will be used for inbound listeners</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>PILOT_ENABLE_REDIS_FILTER</code></td>
|
|
|
|
|
<td>Boolean</td>
|
|
|
|
|
<td><code>false</code></td>
|
|
|
|
|
@ -2718,6 +3038,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|
|
|
|
<td>Enables the use of HTTP 1.0 in the outbound HTTP listeners, to support legacy applications.</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>PILOT_INBOUND_PROTOCOL_DETECTION_TIMEOUT</code></td>
|
|
|
|
|
<td>Time Duration</td>
|
|
|
|
|
<td><code>1s</code></td>
|
|
|
|
|
<td>Protocol detection timeout for inbound listener</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>PILOT_INITIAL_FETCH_TIMEOUT</code></td>
|
|
|
|
|
<td>Time Duration</td>
|
|
|
|
|
<td><code>0s</code></td>
|
|
|
|
|
@ -2760,6 +3086,12 @@ These environment variables affect the behavior of the <code>istioctl</code> com
|
|
|
|
|
<td>UseRemoteAddress sets useRemoteAddress to true for side car outbound listeners.</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>PILOT_SKIP_VALIDATE_TRUST_DOMAIN</code></td>
|
|
|
|
|
<td>Boolean</td>
|
|
|
|
|
<td><code>false</code></td>
|
|
|
|
|
<td>Skip validating the peer is from the same trust domain when mTLS is enabled in authentication policy</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td><code>PILOT_TRACE_SAMPLING</code></td>
|
|
|
|
|
<td>Floating-Point</td>
|
|
|
|
|
<td><code>100</code></td>
|
|
|
|
|
|
Martin Taillefer
GitHub