Install and configure Istio CNI plugin on a node, detect and repair pod which is broken by race condition.
install-cni [flags]
| Flags | Description |
|---|---|
--chained-cni-plugin |
Whether to install CNI plugin as a chained or standalone |
--cni-conf-name <string> |
Name of the CNI configuration file (default ``) |
--cni-net-dir <string> |
Directory on the host where CNI network plugins are installed (default `/etc/cni/net.d`) |
--cni-network-config <string> |
CNI configuration template as a string (default ``) |
--cni-network-config-file <string> |
CNI config template as a file (default ``) |
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--kube-ca-file <string> |
CA file for kubeconfig. Defaults to the same as install-cni pod (default ``) |
--kubecfg-file-name <string> |
Name of the kubeconfig file which CNI plugin will use when interacting with API server (default `ZZZ-istio-cni-kubeconfig`) |
--kubeconfig-mode <int> |
File mode of the kubeconfig file (default `384`) |
--log-level <string> |
Fallback value for log level in CNI config file, if not specified in helm template (default `warn`) |
--log-uds-address <string> |
The UDS server address which CNI plugin will copy log ouptut to (default `/var/run/istio-cni/log.sock`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--monitoring-port <int> |
HTTP port to serve prometheus metrics (default `15014`) |
--mounted-cni-net-dir <string> |
Directory on the container where CNI networks are installed (default `/host/etc/cni/net.d`) |
--repair-broken-pod-label-key <string> |
The key portion of the label which will be set by the ace repair if label pods is true (default `cni.istio.io/uninitialized`) |
--repair-broken-pod-label-value <string> |
The value portion of the label which will be set by the race repair if label pods is true (default `true`) |
--repair-delete-pods |
Controller will delete pods when detecting pod broken by race condition |
--repair-enabled |
Whether to enable race condition repair or not |
--repair-field-selectors <string> |
A set of field selectors in label=value format that will be added to the pod list filters (default ``) |
--repair-init-container-exit-code <int> |
Expected exit code for the init container when crash-looping because of CNI misconfiguration (default `126`) |
--repair-init-container-name <string> |
The name of the istio init container (will crash-loop if CNI is not configured for the pod) (default `istio-validation`) |
--repair-init-container-termination-message <string> |
The expected termination message for the init container when crash-looping because of CNI misconfiguration (default ``) |
--repair-label-pods |
Controller will label pods when detecting pod broken by race condition |
--repair-label-selectors <string> |
A set of label selectors in label=value format that will be added to the pod list filters (default ``) |
--repair-node-name <string> |
The name of the managed node (will manage all nodes if unset) (default ``) |
--repair-run-as-daemon |
Controller will run in a loop |
--repair-sidecar-annotation <string> |
An annotation key that indicates this pod contains an istio sidecar. All pods without this annotation will be ignored.The value of the annotation is ignored. (default `sidecar.istio.io/status`) |
--skip-cni-binaries <istio-cni> |
Binaries that should not be installed. Currently Istio only installs one binary istio-cni (default `[]`) |
--skip-tls-verify |
Whether to use insecure TLS in kubeconfig file |
--update-cni-binaries |
Whether to refresh existing binaries when installing CNI |
Generate the autocompletion script for install-cni for the specified shell. See each sub-command's help for details on how to use the generated script.
| Flags | Description |
|---|---|
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
Generate the autocompletion script for the bash shell.
This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager.
To load completions in your current shell session: $ source <(install-cni completion bash)
To load completions for every new session, execute once: Linux: $ install-cni completion bash > /etc/bash_completion.d/install-cni MacOS: $ install-cni completion bash > /usr/local/etc/bash_completion.d/install-cni
You will need to start a new shell for this setup to take effect.
install-cni completion bash
| Flags | Description |
|---|---|
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--no-descriptions |
disable completion descriptions |
Generate the autocompletion script for the fish shell.
To load completions in your current shell session: $ install-cni completion fish | source
To load completions for every new session, execute once: $ install-cni completion fish > ~/.config/fish/completions/install-cni.fish
You will need to start a new shell for this setup to take effect.
install-cni completion fish [flags]
| Flags | Description |
|---|---|
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--no-descriptions |
disable completion descriptions |
Generate the autocompletion script for powershell.
To load completions in your current shell session: PS C:\> install-cni completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command to your powershell profile.
install-cni completion powershell [flags]
| Flags | Description |
|---|---|
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--no-descriptions |
disable completion descriptions |
Generate the autocompletion script for the zsh shell.
If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:
$ echo "autoload -U compinit; compinit" >> ~/.zshrc
To load completions for every new session, execute once: # Linux: $ install-cni completion zsh > "${fpath[1]}/_install-cni" # macOS: $ install-cni completion zsh > /usr/local/share/zsh/site-functions/_install-cni
You will need to start a new shell for this setup to take effect.
install-cni completion zsh [flags]
| Flags | Description |
|---|---|
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> |
The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--no-descriptions |
disable completion descriptions |
Prints out build version information
install-cni version [flags]
| Flags | Shorthand | Description |
|---|---|---|
--ctrlz_address <string> |
The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | |
--ctrlz_port <uint16> |
The IP port to use for the ControlZ introspection facility (default `9876`) | |
--log_as_json |
Whether to format output as JSON or in plain console-friendly format | |
--log_caller <string> |
Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default ``) | |
--log_output_level <string> |
Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | |
--log_rotate <string> |
The path for the optional rotating log file (default ``) | |
--log_rotate_max_age <int> |
The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | |
--log_rotate_max_backups <int> |
The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | |
--log_rotate_max_size <int> |
The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | |
--log_stacktrace_level <string> |
Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | |
--log_target <stringArray> |
The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | |
--output <string> |
-o |
One of 'yaml' or 'json'. (default ``) |
--short |
-s |
Use --short=false to generate full version information |
install-cni command. Please use with caution as these environment variables are experimental and can change anytime.
| Variable Name | Type | Default Value | Description |
|---|---|---|---|
CHAINED_CNI_PLUGIN |
Boolean | true |
Whether to install CNI plugin as a chained or standalone |
CNI_CONF_NAME |
String | |
Name of the CNI configuration file |
CNI_NETWORK_CONFIG |
String | |
CNI configuration template as a string |
CNI_NETWORK_CONFIG_FILE |
String | |
CNI config template as a file |
CNI_NET_DIR |
String | /etc/cni/net.d |
Directory on the host where CNI network plugins are installed |
KUBECFG_FILE_NAME |
String | ZZZ-istio-cni-kubeconfig |
Name of the kubeconfig file which CNI plugin will use when interacting with API server |
KUBECONFIG_MODE |
Integer | 384 |
File mode of the kubeconfig file |
KUBE_CA_FILE |
String | |
CA file for kubeconfig. Defaults to the same as install-cni pod |
LOG_LEVEL |
String | warn |
Fallback value for log level in CNI config file, if not specified in helm template |
LOG_UDS_ADDRESS |
String | /var/run/istio-cni/log.sock |
The UDS server address which CNI plugin will copy log ouptut to |
MONITORING_PORT |
Integer | 15014 |
HTTP port to serve prometheus metrics |
MOUNTED_CNI_NET_DIR |
String | /host/etc/cni/net.d |
Directory on the container where CNI networks are installed |
REPAIR_BROKEN_POD_LABEL_KEY |
String | cni.istio.io/uninitialized |
The key portion of the label which will be set by the ace repair if label pods is true |
REPAIR_BROKEN_POD_LABEL_VALUE |
String | true |
The value portion of the label which will be set by the race repair if label pods is true |
REPAIR_DELETE_PODS |
Boolean | false |
Controller will delete pods when detecting pod broken by race condition |
REPAIR_ENABLED |
Boolean | true |
Whether to enable race condition repair or not |
REPAIR_FIELD_SELECTORS |
String | |
A set of field selectors in label=value format that will be added to the pod list filters |
REPAIR_INIT_CONTAINER_EXIT_CODE |
Integer | 126 |
Expected exit code for the init container when crash-looping because of CNI misconfiguration |
REPAIR_INIT_CONTAINER_NAME |
String | istio-validation |
The name of the istio init container (will crash-loop if CNI is not configured for the pod) |
REPAIR_INIT_CONTAINER_TERMINATION_MESSAGE |
String | |
The expected termination message for the init container when crash-looping because of CNI misconfiguration |
REPAIR_LABEL_PODS |
Boolean | false |
Controller will label pods when detecting pod broken by race condition |
REPAIR_LABEL_SELECTORS |
String | |
A set of label selectors in label=value format that will be added to the pod list filters |
REPAIR_NODE_NAME |
String | |
The name of the managed node (will manage all nodes if unset) |
REPAIR_RUN_AS_DAEMON |
Boolean | false |
Controller will run in a loop |
REPAIR_SIDECAR_ANNOTATION |
String | sidecar.istio.io/status |
An annotation key that indicates this pod contains an istio sidecar. All pods without this annotation will be ignored.The value of the annotation is ignored. |
SKIP_CNI_BINARIES |
String | |
Binaries that should not be installed. Currently Istio only installs one binary `istio-cni` |
SKIP_TLS_VERIFY |
Boolean | false |
Whether to use insecure TLS in kubeconfig file |
UPDATE_CNI_BINARIES |
Boolean | true |
Whether to refresh existing binaries when installing CNI |
| Metric Name | Type | Description |
|---|---|---|
istio_build | LastValue | Istio component build info |
istio_cni_install_ready | LastValue | Whether the CNI plugin installation is ready or not |
istio_cni_installs_total | Sum | Total number of CNI plugins installed by the Istio CNI installer |
istio_cni_repair_pods_repaired_total | Sum | Total number of pods repaired by repair controller |