--- WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/api' REPO source_repo: https://github.com/istio/api title: Resource Annotations description: Resource annotations used by Istio. location: https://istio.io/docs/reference/config/annotations/ weight: 60 ---

This page presents the various resource annotations that Istio supports to control its behavior.

galley.istio.io/analyze-suppress

Name	`galley.istio.io/analyze-suppress`
Feature Status	Alpha
Resource Types	[Any]
Description	A comma separated list of configuration analysis message codes to suppress when Istio analyzers are run. For example, to suppress reporting of IST0103 (PodMissingProxy) and IST0108 (UnknownAnnotation) on a resource, apply the annotation 'galley.istio.io/analyze-suppress=IST0108,IST0103'. If the value is '*', then all configuration analysis messages are suppressed.

inject.istio.io/templates

Name	`inject.istio.io/templates`
Feature Status	Alpha
Resource Types	[Pod]
Description	The name of the inject template(s) to use, as a comma separate list. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental for more information.

install.operator.istio.io/chart-owner

Name	`install.operator.istio.io/chart-owner`
Feature Status	Alpha
Resource Types	[Any]
Description	Represents the name of the chart used to create this resource.

install.operator.istio.io/owner-generation

Name	`install.operator.istio.io/owner-generation`
Feature Status	Alpha
Resource Types	[Any]
Description	Represents the generation to which the resource was last reconciled.

install.operator.istio.io/version

Name	`install.operator.istio.io/version`
Feature Status	Alpha
Resource Types	[Any]
Description	Represents the Istio version associated with the resource

istio.io/dry-run

Name	`istio.io/dry-run`
Feature Status	Alpha
Resource Types	[AuthorizationPolicy]
Description	Specifies whether or not the given resource is in dry-run mode. See https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/ for more information.

istio.io/rev

Name	`istio.io/rev`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies a control plane revision to which a given proxy is connected. This annotation is added automatically, not set by a user. In contrary to the label istio.io/rev, it represents the actual revision, not the requested revision.

kubernetes.io/ingress.class

Name	`kubernetes.io/ingress.class`
Feature Status	Stable
Resource Types	[Ingress]
Description	Annotation on an Ingress resources denoting the class of controllers responsible for it.

networking.istio.io/exportTo

Name	`networking.istio.io/exportTo`
Feature Status	Alpha
Resource Types	[Service]
Description	Specifies the namespaces to which this service should be exported to. A value of '*' indicates it is reachable within the mesh '.' indicates it is reachable within its namespace.

prometheus.istio.io/merge-metrics

Name	`prometheus.istio.io/merge-metrics`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies if application Prometheus metric will be merged with Envoy metrics for this workload.

proxy.istio.io/config

Name	`proxy.istio.io/config`
Feature Status	Beta
Resource Types	[Pod]
Description	Overrides for the proxy configuration for this specific proxy. Available options can be found at https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig.

readiness.status.sidecar.istio.io/applicationPorts

Name	`readiness.status.sidecar.istio.io/applicationPorts`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the list of ports exposed by the application container. Used by the Envoy sidecar readiness probe to determine that Envoy is configured and ready to receive traffic.

readiness.status.sidecar.istio.io/failureThreshold

Name	`readiness.status.sidecar.istio.io/failureThreshold`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the failure threshold for the Envoy sidecar readiness probe.

readiness.status.sidecar.istio.io/initialDelaySeconds

Name	`readiness.status.sidecar.istio.io/initialDelaySeconds`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the initial delay (in seconds) for the Envoy sidecar readiness probe.

readiness.status.sidecar.istio.io/periodSeconds

Name	`readiness.status.sidecar.istio.io/periodSeconds`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the period (in seconds) for the Envoy sidecar readiness probe.

sidecar.istio.io/agentLogLevel

Name	`sidecar.istio.io/agentLogLevel`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the log output level for pilot-agent.

sidecar.istio.io/bootstrapOverride

Name	`sidecar.istio.io/bootstrapOverride`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies an alternative Envoy bootstrap configuration file.

sidecar.istio.io/componentLogLevel

Name	`sidecar.istio.io/componentLogLevel`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the component log level for Envoy.

sidecar.istio.io/controlPlaneAuthPolicy

Name	`sidecar.istio.io/controlPlaneAuthPolicy`
Feature Status	Deprecated
Resource Types	[Pod]
Description	Specifies the auth policy used by the Istio control plane. If NONE, traffic will not be encrypted. If MUTUAL_TLS, traffic between Envoy sidecar will be wrapped into mutual TLS connections.

sidecar.istio.io/discoveryAddress

Name	`sidecar.istio.io/discoveryAddress`
Feature Status	Deprecated
Resource Types	[Pod]
Description	Specifies the XDS discovery address to be used by the Envoy sidecar.

sidecar.istio.io/enableCoreDump

Name	`sidecar.istio.io/enableCoreDump`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies whether or not an Envoy sidecar should enable core dump.

sidecar.istio.io/extraStatTags

Name	`sidecar.istio.io/extraStatTags`
Feature Status	Deprecated
Resource Types	[Pod]
Description	An additional list of tags to extract from the in-proxy Istio Wasm telemetry. Each additional tag needs to be present in this list.

sidecar.istio.io/inject

Name	`sidecar.istio.io/inject`
Feature Status	Deprecated
Resource Types	[Pod]
Description	Specifies whether or not an Envoy sidecar should be automatically injected into the workload. Deprecated in favor of `sidecar.istio.io/inject` label.

sidecar.istio.io/interceptionMode

Name	`sidecar.istio.io/interceptionMode`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the mode used to redirect inbound connections to Envoy (REDIRECT or TPROXY).

sidecar.istio.io/logLevel

Name	`sidecar.istio.io/logLevel`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the log level for Envoy.

sidecar.istio.io/proxyCPU

Name	`sidecar.istio.io/proxyCPU`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the requested CPU setting for the Envoy sidecar.

sidecar.istio.io/proxyCPULimit

Name	`sidecar.istio.io/proxyCPULimit`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the CPU limit for the Envoy sidecar.

sidecar.istio.io/proxyImage

Name	`sidecar.istio.io/proxyImage`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the Docker image to be used by the Envoy sidecar.

sidecar.istio.io/proxyImageType

Name	`sidecar.istio.io/proxyImageType`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the Docker image type to be used by the Envoy sidecar. Istio publishes debug and distroless image types for every release tag.

sidecar.istio.io/proxyMemory

Name	`sidecar.istio.io/proxyMemory`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the requested memory setting for the Envoy sidecar.

sidecar.istio.io/proxyMemoryLimit

Name	`sidecar.istio.io/proxyMemoryLimit`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the memory limit for the Envoy sidecar.

sidecar.istio.io/rewriteAppHTTPProbers

Name	`sidecar.istio.io/rewriteAppHTTPProbers`
Feature Status	Alpha
Resource Types	[Pod]
Description	Rewrite HTTP readiness and liveness probes to be redirected to the Envoy sidecar.

sidecar.istio.io/statsHistogramBuckets

Name	`sidecar.istio.io/statsHistogramBuckets`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the custom histogram buckets with a prefix matcher to separate the Istio mesh metrics from the Envoy stats, e.g. `{"istiocustom":[1,5,10,50,100,500,1000,5000,10000],"cluster.xds-grpc":[1,5,10,25,50,100,250,500,1000,2500,5000,10000]}`. Default buckets are `[0.5,1,5,10,25,50,100,250,500,1000,2500,5000,10000,30000,60000,300000,600000,1800000,3600000]`.

sidecar.istio.io/statsInclusionPrefixes

Name	`sidecar.istio.io/statsInclusionPrefixes`
Feature Status	Deprecated
Resource Types	[Pod]
Description	Specifies the comma separated list of prefixes of the stats to be emitted by Envoy.

sidecar.istio.io/statsInclusionRegexps

Name	`sidecar.istio.io/statsInclusionRegexps`
Feature Status	Deprecated
Resource Types	[Pod]
Description	Specifies the comma separated list of regexes the stats should match to be emitted by Envoy.

sidecar.istio.io/statsInclusionSuffixes

Name	`sidecar.istio.io/statsInclusionSuffixes`
Feature Status	Deprecated
Resource Types	[Pod]
Description	Specifies the comma separated list of suffixes of the stats to be emitted by Envoy.

sidecar.istio.io/status

Name	`sidecar.istio.io/status`
Feature Status	Alpha
Resource Types	[Pod]
Description	Generated by Envoy sidecar injection that indicates the status of the operation. Includes a version hash of the executed template, as well as names of injected resources.

sidecar.istio.io/userVolume

Name	`sidecar.istio.io/userVolume`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies one or more user volumes (as a JSON array) to be added to the Envoy sidecar.

sidecar.istio.io/userVolumeMount

Name	`sidecar.istio.io/userVolumeMount`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies one or more user volume mounts (as a JSON array) to be added to the Envoy sidecar.

status.sidecar.istio.io/port

Name	`status.sidecar.istio.io/port`
Feature Status	Alpha
Resource Types	[Pod]
Description	Specifies the HTTP status Port for the Envoy sidecar. If zero, the sidecar will not provide status.

topology.istio.io/controlPlaneClusters

Name	`topology.istio.io/controlPlaneClusters`
Feature Status	Alpha
Resource Types	[Namespace]
Description	A comma-separated list of clusters (or * for any) running istiod that should attempt leader election for a remote cluster thats system namespace includes this annotation. Istiod will not attempt to lead unannotated remote clusters.

traffic.istio.io/nodeSelector

Name	`traffic.istio.io/nodeSelector`
Feature Status	Stable
Resource Types	[Service]
Description	This annotation is a set of node-labels (key1=value,key2=value). If the annotated Service is of type NodePort and is a multi-network gateway (see topology.istio.io/network), the addresses for selected nodes will be used for cross-network communication.

traffic.sidecar.istio.io/excludeInboundPorts

Name	`traffic.sidecar.istio.io/excludeInboundPorts`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of inbound ports to be excluded from redirection to Envoy. Only applies when all inbound traffic (i.e. '*') is being redirected.

traffic.sidecar.istio.io/excludeInterfaces

Name	`traffic.sidecar.istio.io/excludeInterfaces`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of interfaces to be excluded from Istio traffic capture

traffic.sidecar.istio.io/excludeOutboundIPRanges

Name	`traffic.sidecar.istio.io/excludeOutboundIPRanges`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of IP ranges in CIDR form to be excluded from redirection. Only applies when all outbound traffic (i.e. '*') is being redirected.

traffic.sidecar.istio.io/excludeOutboundPorts

Name	`traffic.sidecar.istio.io/excludeOutboundPorts`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of outbound ports to be excluded from redirection to Envoy.

traffic.sidecar.istio.io/includeInboundPorts

Name	`traffic.sidecar.istio.io/includeInboundPorts`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of inbound ports for which traffic is to be redirected to Envoy. The wildcard character '*' can be used to configure redirection for all ports. An empty list will disable all inbound redirection.

traffic.sidecar.istio.io/includeOutboundIPRanges

Name	`traffic.sidecar.istio.io/includeOutboundIPRanges`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of IP ranges in CIDR form to redirect to Envoy (optional). The wildcard character '*' can be used to redirect all outbound traffic. An empty list will disable all outbound redirection.

traffic.sidecar.istio.io/includeOutboundPorts

Name	`traffic.sidecar.istio.io/includeOutboundPorts`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of outbound ports for which traffic is to be redirected to Envoy, regardless of the destination IP.

traffic.sidecar.istio.io/kubevirtInterfaces

Name	`traffic.sidecar.istio.io/kubevirtInterfaces`
Feature Status	Alpha
Resource Types	[Pod]
Description	A comma separated list of virtual interfaces whose inbound traffic (from VM) will be treated as outbound.