mirror of https://github.com/istio/istio.io.git
94 lines
27 KiB
HTML
94 lines
27 KiB
HTML
<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content=#466BB0><meta name=title content=Glossary><meta name=description content="A glossary of common Istio terms."><meta name=keywords content=microservices,services,mesh><meta property=og:title content=Glossary><meta property=og:type content=website><meta property=og:description content="A glossary of common Istio terms."><meta property=og:url content=/v1.1/help/glossary/><meta property=og:image content=/v1.1/img/istio-whitelogo-bluebackground-framed.svg><meta property=og:image:alt content="Istio Logo"><meta property=og:image:width content=112><meta property=og:image:height content=150><meta property=og:site_name content=Istio><meta name=twitter:card content=summary><meta name=twitter:site content=@IstioMesh><title>Istioldie 1.1 / Glossary</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
|
|
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.1/feed.xml><link rel="shortcut icon" href=/v1.1/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.1/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.1/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.1/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.1/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.1/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.1/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.1/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.1/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.1/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.1/manifest.json><meta name=apple-mobile-web-app-title content=Istio><meta name=application-name content=Istio><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.1/css/all.css></head><body class="language-unknown archive-site"><script src=/v1.1/js/themes_init.min.js></script><script>const branchName="release-1.1";const docTitle="Glossary";const iconFile="\/v1.1/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.1/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.1/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2" /><path d="M65 240H225L125 270z"/><path d="M65 230l60-10V110z"/><path d="M135 220l90 10L135 30z"/></svg></span><span class=name>Istioldie 1.1</span></a><div id=hamburger><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#hamburger"/></svg></div><div id=header-links><a title="Learn how to deploy, use, and operate Istio." href=/v1.1/docs/>Docs</a>
|
|
<a title="Posts about using Istio." href=/v1.1/blog/2019/announcing-1.1.9/>Blog</a>
|
|
<span title="A bunch of resources to help you deploy, configure and use Istio.">Help</span>
|
|
<a title="Get a bit more in-depth info about the Istio project." href=/v1.1/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem lang=en id=switch-lang-en class=active>English</a>
|
|
<a tabindex=-1 role=menuitem lang=zh id=switch-lang-zh>中文</a><div role=separator></div><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
|
|
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/help\/glossary\/');return false;">Current Release</a>
|
|
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/help\/glossary\/');return false;">Next Release</a>
|
|
<a tabindex=-1 role=menuitem href=https://archive.istio.io>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=013699703217164175118:iwwf17ikgf4>
|
|
<input type=hidden name=ie value=utf-8>
|
|
<input type=hidden name=hl value=en>
|
|
<input type=hidden id=search-page-url value=/v1.1/search.html>
|
|
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
|
|
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#cancel-x"/></svg></button></form></nav></header><main class="primary notoc"><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><div id=header0 class=header title="A bunch of resources to help you deploy, configure and use Istio."><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#help"/></svg>Need Help?</div><div class="body default" aria-labelledby=header0><ul role=tree aria-expanded=true aria-labelledby=header0><li role=treeitem aria-label="Operations Guide"><button aria-hidden=true></button><a title="Hints, tips, tricks about running an Istio mesh." href=/v1.1/help/ops/>Operations Guide</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="Describes how to use component-level logging to get insights into a running component's behavior." href=/v1.1/help/ops/component-logging/>Component Logging</a></li><li role=none><a role=treeitem title="Describes how to use ControlZ to get insight into individual running components." href=/v1.1/help/ops/controlz/>Component Introspection</a></li><li role=none><a role=treeitem title="How to do low-level debugging of Istio components." href=/v1.1/help/ops/component-debugging/>Component Debugging</a></li><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Helps you manage the networking aspects of a running mesh." href=/v1.1/help/ops/traffic-management/>Traffic Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="An introduction to Istio networking operational aspects." href=/v1.1/help/ops/traffic-management/introduction/>Introduction to Network Operations</a></li><li role=none><a role=treeitem title="Provides specific deployment and configuration guidelines." href=/v1.1/help/ops/traffic-management/deploy-guidelines/>Deployment and Configuration Guidelines</a></li><li role=none><a role=treeitem title="Describes common networking issues and how to recognize and avoid them." href=/v1.1/help/ops/traffic-management/troubleshooting/>Troubleshooting Networking Issues</a></li><li role=none><a role=treeitem title="Describes tools and techniques to diagnose Envoy configuration issues related to traffic management." href=/v1.1/help/ops/traffic-management/proxy-cmd/>Debugging Envoy and Pilot</a></li><li role=none><a role=treeitem title="Information on how to enable and understand Locality Load Balancing." href=/v1.1/help/ops/traffic-management/locality-load-balancing/>Locality Load Balancing</a></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Helps you manage the security aspects of a running mesh." href=/v1.1/help/ops/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Demonstrates how to debug authorization." href=/v1.1/help/ops/security/debugging-authorization/>Debugging Authorization</a></li><li role=none><a role=treeitem title="What to do if Citadel is not behaving properly." href=/v1.1/help/ops/security/repairing-citadel/>Repairing Citadel</a></li><li role=none><a role=treeitem title="What to do if you suspect problems with Istio keys and certificates." href=/v1.1/help/ops/security/keys-and-certs/>Keys and Certificates</a></li><li role=none><a role=treeitem title="What to do if mutual TLS authentication isn't working." href=/v1.1/help/ops/security/mutual-tls/>Mutual TLS</a></li><li role=none><a role=treeitem title="Authorization is enabled, but requests make it through anyway." href=/v1.1/help/ops/security/authorization-permissive/>Authorization Too Permissive</a></li><li role=none><a role=treeitem title="Authorization is enabled and no requests make it through to the service." href=/v1.1/help/ops/security/authorization-restrictive/>Authorization Too Restrictive</a></li><li role=none><a role=treeitem title="What to do if end-user authentication doesn't work." href=/v1.1/help/ops/security/end-user-auth/>End User Authentication</a></li><li role=none><a role=treeitem title="Learn how to extend the lifetime of the Istio self-signed root certificate." href=/v1.1/help/ops/security/root-transition/>Extending Self-Signed Certificate Lifetime</a></li></ul></li><li role=treeitem aria-label=Telemetry><button aria-hidden=true></button><a title="Helps you manage telemetry collection and visualization in a running mesh." href=/v1.1/help/ops/telemetry/>Telemetry</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Diagnose problems where metrics are not being collected." href=/v1.1/help/ops/telemetry/missing-metrics/>Missing Metrics</a></li><li role=none><a role=treeitem title="Dealing with Grafana issues." href=/v1.1/help/ops/telemetry/grafana/>Grafana</a></li><li role=none><a role=treeitem title="Fine-grained control of Envoy statistics." href=/v1.1/help/ops/telemetry/envoy-stats/>Envoy Statistics</a></li></ul></li><li role=treeitem aria-label="Installation and Setup"><button aria-hidden=true></button><a title="Helps you diagnose and repair Istio installations." href=/v1.1/help/ops/setup/>Installation and Setup</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Provides a general overview of Istio's use of Kubernetes webhooks and the related issues that can arise." href=/v1.1/help/ops/setup/webhook/>Dynamic Admission Webhooks Overview</a></li><li role=none><a role=treeitem title="Describes Istio's use of Kubernetes webhooks for server-side configuration validation." href=/v1.1/help/ops/setup/validation/>Configuration Validation Webhook</a></li><li role=none><a role=treeitem title="Describes Istio's use of Kubernetes webhooks for automatic sidecar injection." href=/v1.1/help/ops/setup/injection/>Sidecar Injection Webhook</a></li><li role=none><a role=treeitem title="Describes how to check which capabilities are allowed for your pods." href=/v1.1/help/ops/setup/required-pod-capabilities/>Required Pod Capabilities</a></li><li role=none><a role=treeitem title="Shows how to do health checking for Istio services." href=/v1.1/help/ops/setup/app-health-check/>Health Checking of Istio Services</a></li></ul></li><li role=none><a role=treeitem title="Advice on tackling common problems with Istio." href=/v1.1/help/ops/misc/>Miscellaneous</a></li></ul></li><li role=treeitem aria-label=FAQ><button aria-hidden=true></button><a title="Frequently Asked Questions about Istio." href=/v1.1/help/faq/>FAQ</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="General Q & A." href=/v1.1/help/faq/general/>General</a></li><li role=none><a role=treeitem title="Setup Q & A." href=/v1.1/help/faq/setup/>Setup</a></li><li role=none><a role=treeitem title="Security Q & A." href=/v1.1/help/faq/security/>Security</a></li><li role=none><a role=treeitem title="Mixer Q & A." href=/v1.1/help/faq/mixer/>Mixer</a></li><li role=none><a role=treeitem title="Metrics and Logs Q & A." href=/v1.1/help/faq/metrics-and-logs/>Metrics and Logs</a></li><li role=none><a role=treeitem title="Distributed Tracing Q & A." href=/v1.1/help/faq/distributed-tracing/>Distributed Tracing</a></li><li role=none><a role=treeitem title="Traffic Management Q & A." href=/v1.1/help/faq/traffic-management/>Traffic Management</a></li></ul></li><li role=none><span role=treeitem class=current title="A glossary of common Istio terms.">Glossary</span></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title="Toggle the navigation bar"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.1/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.1/help/ title="A bunch of resources to help you deploy, configure and use Istio.">Help</a></li><li>Glossary</li></ol></nav><article aria-labelledby=title><div class=title-area><i class=title-icon><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#glossary"/></svg></i><div><h1 id=title>Glossary</h1></div></div><div class=glossary><div class=trampolines><a href=#A aria-label="Words starting with the letter A">A</a>
|
|
|
|
|
<a href=#D aria-label="Words starting with the letter D">D</a>
|
|
|
|
|
<a href=#E aria-label="Words starting with the letter E">E</a>
|
|
|
|
|
<a href=#M aria-label="Words starting with the letter M">M</a>
|
|
|
|
|
<a href=#P aria-label="Words starting with the letter P">P</a>
|
|
|
|
|
<a href=#S aria-label="Words starting with the letter S">S</a>
|
|
|
|
|
<a href=#T aria-label="Words starting with the letter T">T</a>
|
|
|
|
|
<a href=#W aria-label="Words starting with the letter W">W</a></div><div class=entries><div id=A class=letter><h4>A</h4><dl><dt id=adapters>Adapters</dt><dd aria-labelledby=adapters><p>Adapters are plug-ins to Mixer, Istio’s <a href=/v1.1/docs/concepts/policies-and-telemetry/>policy and telemetry</a> component, which enable it to interface
|
|
with an open-ended set of infrastructure backends that deliver core functionality, such as logging,
|
|
monitoring, quotas, ACL checking, and more.
|
|
The exact set of adapters used at runtime is determined through configuration and can easily be
|
|
extended to target new or custom infrastructure backends.</p><p><a href=/v1.1/docs/concepts/policies-and-telemetry/#adapters>Learn more about adapters</a>.</p></dd><dt id=attribute>Attribute</dt><dd aria-labelledby=attribute><p>Attributes control the runtime behavior of services running in the mesh.
|
|
Attributes are named and typed pieces of metadata describing ingress and egress traffic and the
|
|
environment this traffic occurs in. An Istio attribute carries a specific piece
|
|
of information such as the error code of an API request, the latency of an API request, or the
|
|
original IP address of a TCP connection. For example:</p><pre><code class=language-yaml data-expandlinks=true>request.path: xyz/abc
|
|
request.size: 234
|
|
request.time: 12:34:56.789 04/17/2017
|
|
source.ip: 192.168.0.1
|
|
destination.workload.name: example
|
|
</code></pre><p>Attributes are used by Istio’s <a href=/v1.1/docs/concepts/policies-and-telemetry/>policy and telemetry</a> features.</p></dd></dl></div><div id=D class=letter><h4>D</h4><dl><dt id=destination>Destination</dt><dd aria-labelledby=destination><p>The remote upstream service <a href=#envoy>Envoy</a> is talking to on behalf of a <a href=#source>source</a> <a href=#workload>workload</a>.
|
|
There can be one or more <a href=#service-version>service versions</a> for a given <a href=#service>service</a> and Envoy chooses the version based on
|
|
routing rules.</p></dd></dl></div><div id=E class=letter><h4>E</h4><dl><dt id=envoy>Envoy</dt><dd aria-labelledby=envoy><p>The high-performance proxy that Istio uses to mediate inbound and outbound traffic for all <a href=#service>services</a> in the
|
|
<a href=#service-mesh>service mesh</a>. <a href=https://envoyproxy.github.io/envoy/>Learn more about Envoy</a>.</p></dd></dl></div><div id=M class=letter><h4>M</h4><dl><dt id=micro-segmentation>Micro-Segmentation</dt><dd aria-labelledby=micro-segmentation><p>Micro-segmentation is a security technique that creates secure zones in cloud deployments and allows organizations to
|
|
isolate workloads from one another and secure them individually.</p></dd><dt id=mixer>Mixer</dt><dd aria-labelledby=mixer><p>The Istio component responsible for enforcing access control and usage policies across the <a href=#service-mesh>service mesh</a> and collecting telemetry data
|
|
from <a href=#envoy>Envoy</a> and other services.
|
|
<a href=/v1.1/docs/concepts/policies-and-telemetry/>Learn more about Mixer</a>.</p></dd><dt id=mixer-handler>Mixer Handler</dt><dd aria-labelledby=mixer-handler><p>Handlers represent fully configured Mixer adapters. A single binary adapter can be used
|
|
with different configurations, each such configuration is known as a handler. At
|
|
runtime, Mixer routes <a href=#mixer-instance>instances</a> to one or more handlers.</p></dd><dt id=mixer-instance>Mixer Instance</dt><dd aria-labelledby=mixer-instance><p>An instance represents a chunk of Mixer data that is produced by inspecting a
|
|
a set of request <a href=#attribute>attributes</a> and applying the operator-supplied configuration.
|
|
Instances are delivered to individual <a href=#mixer-handler>handlers</a>, on their way to
|
|
infrastructure backends.</p></dd><dt id=mutual-tls-authentication>Mutual TLS Authentication</dt><dd aria-labelledby=mutual-tls-authentication><p>Mutual TLS provides strong service-to-service authentication with built-in identity and credential management.
|
|
<a href=/v1.1/docs/concepts/security/#mutual-tls-authentication>Learn more about mutual TLS authentication</a>.</p></dd></dl></div><div id=P class=letter><h4>P</h4><dl><dt id=pilot>Pilot</dt><dd aria-labelledby=pilot><p>The Istio component that programs the <a href=#envoy>Envoy</a> proxies, responsible for service discovery, load balancing, and routing.</p></dd></dl></div><div id=S class=letter><h4>S</h4><dl><dt id=secure-naming>Secure Naming</dt><dd aria-labelledby=secure-naming><p>Provides a mapping between a <a href=#service-name>service name</a> and the <a href=#workload-instance-principal>workload instance principals</a> that are authorized to
|
|
run the <a href=#workload-instance>workload instances</a> implementing a <a href=#service>service</a>.</p></dd><dt id=service>Service</dt><dd aria-labelledby=service><p>A delineated group of related behaviors within a <a href=#service-mesh>service mesh</a>. Services are identified using a
|
|
<a href=#service-name>service name</a>,
|
|
and Istio policies such as load balancing and routing are applied using these names.
|
|
A service is typically materialized by one or more <a href=#service-endpoint>service endpoints</a>, and may consist of multiple
|
|
<a href=#service-version>service versions</a>.</p></dd><dt id=service-consumer>Service Consumer</dt><dd aria-labelledby=service-consumer><p>The agent that is using a <a href=#service>service</a>.</p></dd><dt id=service-endpoint>Service Endpoint</dt><dd aria-labelledby=service-endpoint><p>The network-reachable manifestation of a <a href=#service>service</a>.
|
|
Service endpoints are exposed by <a href=#workload-instance>workload instances</a>.
|
|
Not all services have service endpoints.</p></dd><dt id=service-mesh>Service Mesh</dt><dd aria-labelledby=service-mesh><p>A shared set of names and identities that allows for common policy enforcement and telemetry collection.
|
|
<a href=#service-name>Service names</a> and <a href=#workload-instance-principal>workload instance principals</a> are unique within a service mesh.</p></dd><dt id=service-name>Service Name</dt><dd aria-labelledby=service-name><p>A unique name for a <a href=#service>service</a>, identifying it within the <a href=#service-mesh>service mesh</a>.
|
|
A service may not be renamed and maintain its identity, each service name is unique.
|
|
A service may have multiple <a href=#service-version>versions</a>, but a service name is version-independent.</p></dd><dt id=service-operator>Service Operator</dt><dd aria-labelledby=service-operator><p>The agent that manages a <a href=#service>service</a> within a <a href=#service-mesh>service mesh</a> by manipulating configuration state
|
|
and monitoring the service’s health via a variety of dashboards.</p></dd><dt id=service-producer>Service Producer</dt><dd aria-labelledby=service-producer><p>The agent that creates a <a href=#service>service</a>.</p></dd><dt id=service-registry>Service Registry</dt><dd aria-labelledby=service-registry><p>Istio maintains an internal service registry containing the set of <a href=#service>services</a>,
|
|
and their corresponding <a href=#service-endpoint>service endpoints</a>, running in a service mesh.
|
|
Istio uses the service registry to generate <a href=#envoy>Envoy</a> configuration.</p><p>Istio does not provide <a href=https://en.wikipedia.org/wiki/Service_discovery>service discovery</a>,
|
|
although most services are automatically added to the registry by Pilot
|
|
adapters that reflect the discovered services of the underlying platform (Kubernetes, Consul, plain DNS).
|
|
Additional services can also be registered manually using a
|
|
<a href=/v1.1/docs/concepts/traffic-management/#service-entries><code>ServiceEntry</code></a> configuration.</p></dd><dt id=service-version>Service Version</dt><dd aria-labelledby=service-version><p>Distinct variants of a <a href=#service>service</a>, typically backed by a different versions of a <a href=#workload>workload</a> binary.
|
|
Common scenarios where multiple <a href=#service-version>service versions</a> may be used include A/B testing, canary rollouts, etc.
|
|
Each service has a default version.</p></dd><dt id=source>Source</dt><dd aria-labelledby=source><p>The downstream client of the <a href=#envoy>Envoy</a> proxy.
|
|
Within the <a href=#service-mesh>service mesh</a> a source is typically a
|
|
<a href=#workload>workload</a>, but the source for ingress traffic may include other clients such as a
|
|
browser or mobile app.</p></dd></dl></div><div id=T class=letter><h4>T</h4><dl><dt id=tls-origination>TLS Origination</dt><dd aria-labelledby=tls-origination><p>TLS origination occurs when an Istio proxy (sidecar or egress gateway) is configured to accept unencrypted
|
|
internal HTTP connections, encrypt the requests, and then forward them to HTTPS servers that are secured
|
|
using simple or mutual TLS. This is the opposite of <a href=https://en.wikipedia.org/wiki/TLS_termination_proxy>TLS termination</a>
|
|
where an ingress proxy accepts incoming TLS connections, decrypts the TLS, and passes unencrypted
|
|
requests on to internal mesh services.</p></dd></dl></div><div id=W class=letter><h4>W</h4><dl><dt id=workload>Workload</dt><dd aria-labelledby=workload><p>A binary deployed by operators to deliver some function in Istio. Workloads have names, namespaces, and unique ids. These properties are available in policy and telemetry configuration
|
|
using the following <a href=#attribute>attributes</a>:</p><ul><li><code>source.workload.name</code>, <code>source.workload.namespace</code>, <code>source.workload.uid</code></li><li><code>destination.workload.name</code>, <code>destination.workload.namespace</code>, <code>destination.workload.uid</code></li></ul><p>In Kubernetes, a workload typically corresponds to a Kubernetes deployment, while a workload instance corresponds to an individual pod managed
|
|
by the deployment.</p></dd><dt id=workload-instance>Workload Instance</dt><dd aria-labelledby=workload-instance><p>A single instantiation of a workload’s binary.
|
|
A workload instance can expose zero or more <a href=#service-endpoint>service endpoints</a>,
|
|
and can consume zero or more <a href=#service>services</a>.</p><p>Workload instances have a number of properties:</p><ul><li>Name and namespace</li><li>Unique ID</li><li>IP Address</li><li>Labels</li><li>Principal</li></ul><p>These properties are available in policy and telemetry configuration
|
|
using the many <a href=/v1.1/docs/reference/config/policy-and-telemetry/attribute-vocabulary/><code>source.*</code> and <code>destination.*</code> attributes</a>.</p></dd><dt id=workload-instance-principal>Workload Instance Principal</dt><dd aria-labelledby=workload-instance-principal><p>The verifiable authority under which a <a href=#workload-instance>workload instance</a> runs.
|
|
Istio’s service-to-service authentication is used to produce the workload principal.
|
|
By default workload principals are compliant with the SPIFFE ID format.</p><p>Workload instance principals are available in policy and telemetry configuration
|
|
using the <code>source.principal</code> and <code>destination.principal</code> <a href=#attribute>attributes</a>.</p></dd></dl></div></div></div></article><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.1.9 now" href=https://github.com/istio/istio/releases/tag/1.1.9 aria-label="Download Istio"><span>download</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#download"/></svg>
|
|
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#discourse"/></svg></a>
|
|
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#stackoverflow"/></svg></a>
|
|
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
|
|
1.1.9<br>© 2019 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on June 18, 2019</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#github"/></svg></a>
|
|
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://istio.slack.com aria-label=slack><span>slack</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#slack"/></svg></a>
|
|
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#drive"/></svg></a>
|
|
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#top"/></svg></button></div></body></html> |