diff --git a/content/en/docs/reference/commands/install-cni/index.html b/content/en/docs/reference/commands/install-cni/index.html
index 2c6faca416..17f6587501 100644
--- a/content/en/docs/reference/commands/install-cni/index.html
+++ b/content/en/docs/reference/commands/install-cni/index.html
@@ -1420,6 +1420,12 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
| The SPIFFE bundle trust domain to endpoint mappings. Istiod retrieves the root certificate from each SPIFFE bundle endpoint and uses it to verify client certifiates from that trust domain. The endpoint must be compliant to the SPIFFE Bundle Endpoint standard. For details, please refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md . No need to configure this for root certificates issued via Istiod or web-PKI based root certificates. Use || between <trustdomain, endpoint> tuples. Use | as delimiter between trust domain and endpoint in each tuple. For example: foo|https://url/for/foo||bar|https://url/for/bar |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
diff --git a/content/en/docs/reference/commands/istioctl/index.html b/content/en/docs/reference/commands/istioctl/index.html
index 94b1323d72..9bf4a876d1 100644
--- a/content/en/docs/reference/commands/istioctl/index.html
+++ b/content/en/docs/reference/commands/istioctl/index.html
@@ -7722,6 +7722,12 @@ These environment variables affect the behavior of the istioctl com
A list of comma separated audiences to check in the JWT token before issuing a certificate. The token is accepted if it matches with one of the audiences |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
@@ -7767,7 +7773,7 @@ These environment variables affect the behavior of the istioctl com
XDS_AUTH_PLAINTEXT |
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
diff --git a/content/en/docs/reference/commands/operator/index.html b/content/en/docs/reference/commands/operator/index.html
index 3de8e84022..71536db0a2 100644
--- a/content/en/docs/reference/commands/operator/index.html
+++ b/content/en/docs/reference/commands/operator/index.html
@@ -221,11 +221,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, security, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, security, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -245,7 +245,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, security, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -1001,6 +1001,12 @@ These environment variables affect the behavior of the operator com
A list of comma separated audiences to check in the JWT token before issuing a certificate. The token is accepted if it matches with one of the audiences |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
@@ -1046,7 +1052,7 @@ These environment variables affect the behavior of the operator com
XDS_AUTH_PLAINTEXT |
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
diff --git a/content/en/docs/reference/commands/pilot-agent/index.html b/content/en/docs/reference/commands/pilot-agent/index.html
index 7d956eff8c..80e9679187 100644
--- a/content/en/docs/reference/commands/pilot-agent/index.html
+++ b/content/en/docs/reference/commands/pilot-agent/index.html
@@ -23,11 +23,11 @@ remove_toc_prefix: 'pilot-agent '
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -47,7 +47,7 @@ remove_toc_prefix: 'pilot-agent '
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -77,11 +77,11 @@ See each sub-command's help for details on how to use the generated script.
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -101,7 +101,7 @@ See each sub-command's help for details on how to use the generated script.
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -142,11 +142,11 @@ If it is not installed already, you can install it via your OS's package man
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -166,7 +166,7 @@ If it is not installed already, you can install it via your OS's package man
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -206,11 +206,11 @@ If it is not installed already, you can install it via your OS's package man
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -230,7 +230,7 @@ If it is not installed already, you can install it via your OS's package man
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -269,11 +269,11 @@ to your powershell profile.
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -293,7 +293,7 @@ to your powershell profile.
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -339,11 +339,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -363,7 +363,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -405,12 +405,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -435,7 +435,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -585,12 +585,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -615,7 +615,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -700,11 +700,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -724,7 +724,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -790,11 +790,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -814,7 +814,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -847,12 +847,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -877,7 +877,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -919,11 +919,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -943,7 +943,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -1924,6 +1924,12 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
A list of comma separated audiences to check in the JWT token before issuing a certificate. The token is accepted if it matches with one of the audiences |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
TRUST_DOMAIN |
String |
cluster.local |
@@ -2011,7 +2017,7 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
XDS_AUTH_PLAINTEXT |
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
XDS_AUTH_PROVIDER |
diff --git a/content/en/docs/reference/commands/pilot-discovery/index.html b/content/en/docs/reference/commands/pilot-discovery/index.html
index 310370b667..2a55178e58 100644
--- a/content/en/docs/reference/commands/pilot-discovery/index.html
+++ b/content/en/docs/reference/commands/pilot-discovery/index.html
@@ -269,12 +269,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -299,7 +299,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -1223,6 +1223,12 @@ These environment variables affect the behavior of the pilot-discoveryOIDC token issuer. If set, will be used to check the tokens.
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
@@ -1274,7 +1280,7 @@ These environment variables affect the behavior of the pilot-discoveryXDS_AUTH_PLAINTEXT
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
diff --git a/content/zh/docs/reference/commands/install-cni/index.html b/content/zh/docs/reference/commands/install-cni/index.html
index 2c6faca416..17f6587501 100644
--- a/content/zh/docs/reference/commands/install-cni/index.html
+++ b/content/zh/docs/reference/commands/install-cni/index.html
@@ -1420,6 +1420,12 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
The SPIFFE bundle trust domain to endpoint mappings. Istiod retrieves the root certificate from each SPIFFE bundle endpoint and uses it to verify client certifiates from that trust domain. The endpoint must be compliant to the SPIFFE Bundle Endpoint standard. For details, please refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md . No need to configure this for root certificates issued via Istiod or web-PKI based root certificates. Use || between <trustdomain, endpoint> tuples. Use | as delimiter between trust domain and endpoint in each tuple. For example: foo|https://url/for/foo||bar|https://url/for/bar |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
diff --git a/content/zh/docs/reference/commands/istioctl/index.html b/content/zh/docs/reference/commands/istioctl/index.html
index 94b1323d72..9bf4a876d1 100644
--- a/content/zh/docs/reference/commands/istioctl/index.html
+++ b/content/zh/docs/reference/commands/istioctl/index.html
@@ -7722,6 +7722,12 @@ These environment variables affect the behavior of the istioctl com
A list of comma separated audiences to check in the JWT token before issuing a certificate. The token is accepted if it matches with one of the audiences |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
@@ -7767,7 +7773,7 @@ These environment variables affect the behavior of the istioctl com
XDS_AUTH_PLAINTEXT |
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
diff --git a/content/zh/docs/reference/commands/operator/index.html b/content/zh/docs/reference/commands/operator/index.html
index 3de8e84022..71536db0a2 100644
--- a/content/zh/docs/reference/commands/operator/index.html
+++ b/content/zh/docs/reference/commands/operator/index.html
@@ -221,11 +221,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, security, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, security, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -245,7 +245,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, patch, processing, proxyconfig, retry, security, serviceentry, spiffe, status, telemetry, tpath, translator, trustBundle, util, validation, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -1001,6 +1001,12 @@ These environment variables affect the behavior of the operator com
A list of comma separated audiences to check in the JWT token before issuing a certificate. The token is accepted if it matches with one of the audiences |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
@@ -1046,7 +1052,7 @@ These environment variables affect the behavior of the operator com
XDS_AUTH_PLAINTEXT |
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
diff --git a/content/zh/docs/reference/commands/pilot-agent/index.html b/content/zh/docs/reference/commands/pilot-agent/index.html
index 7d956eff8c..80e9679187 100644
--- a/content/zh/docs/reference/commands/pilot-agent/index.html
+++ b/content/zh/docs/reference/commands/pilot-agent/index.html
@@ -23,11 +23,11 @@ remove_toc_prefix: 'pilot-agent '
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -47,7 +47,7 @@ remove_toc_prefix: 'pilot-agent '
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -77,11 +77,11 @@ See each sub-command's help for details on how to use the generated script.
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -101,7 +101,7 @@ See each sub-command's help for details on how to use the generated script.
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -142,11 +142,11 @@ If it is not installed already, you can install it via your OS's package man
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -166,7 +166,7 @@ If it is not installed already, you can install it via your OS's package man
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -206,11 +206,11 @@ If it is not installed already, you can install it via your OS's package man
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -230,7 +230,7 @@ If it is not installed already, you can install it via your OS's package man
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -269,11 +269,11 @@ to your powershell profile.
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -293,7 +293,7 @@ to your powershell profile.
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -339,11 +339,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -363,7 +363,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -405,12 +405,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -435,7 +435,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -585,12 +585,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -615,7 +615,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -700,11 +700,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -724,7 +724,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -790,11 +790,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -814,7 +814,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -847,12 +847,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -877,7 +877,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -919,11 +919,11 @@ to enable it. You can execute the following once:
--log_caller <string> |
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] (default ``) |
--log_output_level <string> |
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -943,7 +943,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, authn, authorization, ca, cache, citadelclient, controllers, default, delta, dns, gateway, gcecred, googleca, googlecas, grpcgen, healthcheck, iptables, klog, kube, mockcred, model, proxyconfig, retry, sds, security, serviceentry, spiffe, status, stsclient, stsserver, telemetry, token, trustBundle, validation, wasm, wle, xdsproxy] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -1924,6 +1924,12 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
A list of comma separated audiences to check in the JWT token before issuing a certificate. The token is accepted if it matches with one of the audiences |
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
TRUST_DOMAIN |
String |
cluster.local |
@@ -2011,7 +2017,7 @@ Only applies when traffic from all groups (i.e. "*") is being redirected
XDS_AUTH_PLAINTEXT |
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |
XDS_AUTH_PROVIDER |
diff --git a/content/zh/docs/reference/commands/pilot-discovery/index.html b/content/zh/docs/reference/commands/pilot-discovery/index.html
index 310370b667..2a55178e58 100644
--- a/content/zh/docs/reference/commands/pilot-discovery/index.html
+++ b/content/zh/docs/reference/commands/pilot-discovery/index.html
@@ -269,12 +269,12 @@ to enable it. You can execute the following once:
--log_caller <string> |
|
-Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] (default ``) |
+Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] (default ``) |
--log_output_level <string> |
|
-Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
+Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
@@ -299,7 +299,7 @@ to enable it. You can execute the following once:
--log_stacktrace_level <string> |
|
-Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
+Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, file, gateway, grpcgen, installer, klog, kube, model, monitor, pkica, pkira, processing, proxyconfig, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, telemetry, tpath, trustBundle, util, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
@@ -1223,6 +1223,12 @@ These environment variables affect the behavior of the pilot-discoveryOIDC token issuer. If set, will be used to check the tokens.
+TRUSTED_GATEWAY_CIDR |
+String |
+ |
+If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authenication mechanisms like XFCC. This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network |
+
+
UNSAFE_ENABLE_ADMIN_ENDPOINTS |
Boolean |
false |
@@ -1274,7 +1280,7 @@ These environment variables affect the behavior of the pilot-discoveryXDS_AUTH_PLAINTEXT
Boolean |
false |
-Authenticate plain text requests - used if Istiod is behind a gateway handling TLS |
+Authenticate plain text requests - used if Istiod is running on a secure/trusted network |