mirror of https://github.com/istio/istio.io.git
1103 lines
145 KiB
HTML
1103 lines
145 KiB
HTML
<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Virtual Service"><meta name=description content="Configuration affecting label/content routing, sni routing, etc."><meta name=keywords content="microservices,services,mesh"><meta property="og:title" content="Virtual Service"><meta property="og:type" content="website"><meta property="og:description" content="Configuration affecting label/content routing, sni routing, etc."><meta property="og:url" content="/v1.8/docs/reference/config/networking/virtual-service/"><meta property="og:image" content="/v1.8/img/istio-whitelogo-bluebackground-framed.svg"><meta property="og:image:alt" content="Istio Logo"><meta property="og:image:width" content="112"><meta property="og:image:height" content="150"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.8 / Virtual Service</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
|
||
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.8/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.8/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.8/feed.xml><link rel="shortcut icon" href=/v1.8/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.8/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.8/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.8/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.8/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.8/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.8/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.8/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.8/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.8/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.8/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.8/css/all.css><script src=/v1.8/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.8";const docTitle="Virtual Service";const iconFile="\/v1.8/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.8/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.8/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2"/><polygon points="65 240 225 240 125 270"/><polygon points="65 230 125 220 125 110"/><polygon points="135 220 225 230 135 30"/></svg></span><span class=name>Istioldie 1.8</span></a><div id=hamburger><svg class="icon hamburger"><use xlink:href="/v1.8/img/icons.svg#hamburger"/></svg></div><div id=header-links><a class=current title="Learn how to deploy, use, and operate Istio." href=/v1.8/docs/>Docs</a>
|
||
<a title="Posts about using Istio." href=/v1.8/blog/2020/>Blog<i class=dot data-prefix=/blog></i></a>
|
||
<a title="Timely news about the Istio project." href=/v1.8/news/>News<i class=dot data-prefix=/news></i></a>
|
||
<a title="Frequently Asked Questions about Istio." href=/v1.8/faq/>FAQ</a>
|
||
<a title="Get a bit more in-depth info about the Istio project." href=/v1.8/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon gear"><use xlink:href="/v1.8/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem lang=en id=switch-lang-en class=active>English</a>
|
||
<a tabindex=-1 role=menuitem lang=zh id=switch-lang-zh>中文</a><div role=separator></div><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
|
||
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/docs\/reference\/config\/networking\/virtual-service\/');return false;">Current Release</a>
|
||
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/docs\/reference\/config\/networking\/virtual-service\/');return false;">Next Release</a>
|
||
<a tabindex=-1 role=menuitem href=https://istio.io/archive>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon magnifier"><use xlink:href="/v1.8/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
|
||
<input type=hidden name=ie value=utf-8>
|
||
<input type=hidden name=hl value=en>
|
||
<input type=hidden id=search-page-url value=/v1.8/search>
|
||
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
|
||
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon cancel-x"><use xlink:href="/v1.8/img/icons.svg#cancel-x"/></svg></button></form></nav></header><div class=banner-container></div><main class=primary><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><button class="header dynamic" id=card17 title="Learn about the different parts of the Istio system and the abstractions it uses." aria-controls=card17-body><svg class="icon concepts"><use xlink:href="/v1.8/img/icons.svg#concepts"/></svg>Concepts</button><div class=body aria-labelledby=card17 role=region id=card17-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card17><li role=none><a role=treeitem title="Introduces Istio, the problems it solves, its high-level architecture, and its design goals." href=/v1.8/docs/concepts/what-is-istio/>What is Istio?</a></li><li role=none><a role=treeitem title="Describes the various Istio features focused on traffic routing and control." href=/v1.8/docs/concepts/traffic-management/>Traffic Management</a></li><li role=none><a role=treeitem title="Describes Istio's authorization and authentication functionality." href=/v1.8/docs/concepts/security/>Security</a></li><li role=none><a role=treeitem title="Describes the telemetry and monitoring features provided by Istio." href=/v1.8/docs/concepts/observability/>Observability</a></li><li role=none><a role=treeitem title="Describes Istio's WebAssembly Plugin system." href=/v1.8/docs/concepts/wasm/>Extensibility</a></li></ul></div></div><div class=card><button class="header dynamic" id=card40 title="Instructions for installing the Istio control plane on Kubernetes." aria-controls=card40-body><svg class="icon setup"><use xlink:href="/v1.8/img/icons.svg#setup"/></svg>Setup</button><div class=body aria-labelledby=card40 role=region id=card40-body><ul role=tree aria-expanded=true aria-labelledby=card40><li role=none><a role=treeitem title="Try Istio’s features quickly and easily." href=/v1.8/docs/setup/getting-started/>Getting Started</a></li><li role=treeitem aria-label="Platform Setup"><button aria-hidden=true></button><a title="How to prepare various Kubernetes platforms before installing Istio." href=/v1.8/docs/setup/platform-setup/>Platform Setup</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Instructions to setup an Alibaba Cloud Kubernetes cluster for Istio." href=/v1.8/docs/setup/platform-setup/alicloud/>Alibaba Cloud</a></li><li role=none><a role=treeitem title="Instructions to setup an Azure cluster for Istio." href=/v1.8/docs/setup/platform-setup/azure/>Azure</a></li><li role=none><a role=treeitem title="Instructions to setup Docker Desktop for Istio." href=/v1.8/docs/setup/platform-setup/docker/>Docker Desktop</a></li><li role=none><a role=treeitem title="Instructions to setup a Google Kubernetes Engine cluster for Istio." href=/v1.8/docs/setup/platform-setup/gke/>Google Kubernetes Engine</a></li><li role=none><a role=treeitem title="Instructions to setup an IBM Cloud cluster for Istio." href=/v1.8/docs/setup/platform-setup/ibm/>IBM Cloud</a></li><li role=none><a role=treeitem title="Instructions to setup kind for Istio." href=/v1.8/docs/setup/platform-setup/kind/>kind</a></li><li role=none><a role=treeitem title="Instructions to setup Kops for use with Istio." href=/v1.8/docs/setup/platform-setup/kops/>Kops</a></li><li role=none><a role=treeitem title="Instructions to setup a Gardener cluster for Istio." href=/v1.8/docs/setup/platform-setup/gardener/>Kubernetes Gardener</a></li><li role=none><a role=treeitem title="Instructions to setup a KubeSphere Container Platform for Istio." href=/v1.8/docs/setup/platform-setup/kubesphere/>KubeSphere Container Platform</a></li><li role=none><a role=treeitem title="Instructions to setup MicroK8s for use with Istio." href=/v1.8/docs/setup/platform-setup/microk8s/>MicroK8s</a></li><li role=none><a role=treeitem title="Instructions to setup minikube for Istio." href=/v1.8/docs/setup/platform-setup/minikube/>Minikube</a></li><li role=none><a role=treeitem title="Instructions to setup an OpenShift cluster for Istio." href=/v1.8/docs/setup/platform-setup/openshift/>OpenShift</a></li><li role=none><a role=treeitem title="Instructions to setup an OKE cluster for Istio." href=/v1.8/docs/setup/platform-setup/oci/>Oracle Cloud Infrastructure</a></li></ul></li><li role=treeitem aria-label=Install><button aria-hidden=true></button><a title="Choose the guide that best suits your needs and platform." href=/v1.8/docs/setup/install/>Install</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="Install and customize any Istio configuration profile for in-depth evaluation or production use." href=/v1.8/docs/setup/install/istioctl/>Install with Istioctl</a></li><li role=none><a role=treeitem title="Instructions to install Istio in a Kubernetes cluster using the Istio operator." href=/v1.8/docs/setup/install/operator/>Istio Operator Install</a></li><li role=none><a role=treeitem title="Install and configure Istio for in-depth evaluation." href=/v1.8/docs/setup/install/helm/>Install with Helm</a></li><li role=treeitem aria-label="Install Multicluster"><button aria-hidden=true></button><a title="Install an Istio mesh across multiple Kubernetes clusters." href=/v1.8/docs/setup/install/multicluster/>Install Multicluster</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Initial steps before installing Istio on multiple clusters." href=/v1.8/docs/setup/install/multicluster/before-you-begin/>Before you begin</a></li><li role=none><a role=treeitem title="Install an Istio mesh across multiple primary clusters." href=/v1.8/docs/setup/install/multicluster/multi-primary/>Install Multi-Primary</a></li><li role=none><a role=treeitem title="Install an Istio mesh across primary and remote clusters." href=/v1.8/docs/setup/install/multicluster/primary-remote/>Install Primary-Remote</a></li><li role=none><a role=treeitem title="Install an Istio mesh across multiple primary clusters on different networks." href=/v1.8/docs/setup/install/multicluster/multi-primary_multi-network/>Install Multi-Primary on different networks</a></li><li role=none><a role=treeitem title="Install an Istio mesh across primary and remote clusters on different networks." href=/v1.8/docs/setup/install/multicluster/primary-remote_multi-network/>Install Primary-Remote on different networks</a></li><li role=none><a role=treeitem title="Verify that Istio has been installed properly on multiple clusters." href=/v1.8/docs/setup/install/multicluster/verify/>Verify the installation</a></li></ul></li><li role=none><a role=treeitem title="Deploy Istio and connect a workload running within a virtual machine to it." href=/v1.8/docs/setup/install/virtual-machine/>Virtual Machine Installation</a></li></ul></li><li role=treeitem aria-label=Upgrade><button aria-hidden=true></button><a title="Upgrade, downgrade, and manage Istio accross multiple control plane revisions." href=/v1.8/docs/setup/upgrade/>Upgrade</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Upgrade Istio by first running a canary deployment of a new control plane." href=/v1.8/docs/setup/upgrade/canary/>Canary Upgrades</a></li><li role=none><a role=treeitem title="Upgrade or downgrade Istio in place." href=/v1.8/docs/setup/upgrade/in-place/>In-place Upgrades</a></li><li role=none><a role=treeitem title="Configuring and upgrading Istio with gateways." href=/v1.8/docs/setup/upgrade/gateways/>Managing Gateways with Multiple Revisions [experimental]</a></li></ul></li><li role=treeitem aria-label="More Guides"><button aria-hidden=true></button><a title="More information on additional setup tasks." href=/v1.8/docs/setup/additional-setup/>More Guides</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes the built-in Istio installation configuration profiles." href=/v1.8/docs/setup/additional-setup/config-profiles/>Installation Configuration Profiles</a></li><li role=none><a role=treeitem title="Install the Istio sidecar in application pods automatically using the sidecar injector webhook or manually using istioctl CLI." href=/v1.8/docs/setup/additional-setup/sidecar-injection/>Installing the Sidecar</a></li><li role=none><a role=treeitem title="Install and use Istio with the Istio CNI plugin, allowing operators to deploy services with lower privilege." href=/v1.8/docs/setup/additional-setup/cni/>Install Istio with the Istio CNI plugin</a></li><li role=none><a role=treeitem title="Install an external control plane and remote cluster." href=/v1.8/docs/setup/additional-setup/external-controlplane/>Install Istio with an External Control Plane</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card73 title="How to do single specific targeted activities with the Istio system." aria-controls=card73-body><svg class="icon tasks"><use xlink:href="/v1.8/img/icons.svg#tasks"/></svg>Tasks</button><div class=body aria-labelledby=card73 role=region id=card73-body><ul role=tree aria-expanded=true aria-labelledby=card73><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Tasks that demonstrate Istio's traffic routing features." href=/v1.8/docs/tasks/traffic-management/>Traffic Management</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="This task shows you how to configure dynamic request routing to multiple versions of a microservice." href=/v1.8/docs/tasks/traffic-management/request-routing/>Request Routing</a></li><li role=none><a role=treeitem title="This task shows you how to inject faults to test the resiliency of your application." href=/v1.8/docs/tasks/traffic-management/fault-injection/>Fault Injection</a></li><li role=none><a role=treeitem title="Shows you how to migrate traffic from an old to new version of a service." href=/v1.8/docs/tasks/traffic-management/traffic-shifting/>Traffic Shifting</a></li><li role=none><a role=treeitem title="Shows you how to migrate TCP traffic from an old to new version of a TCP service." href=/v1.8/docs/tasks/traffic-management/tcp-traffic-shifting/>TCP Traffic Shifting</a></li><li role=none><a role=treeitem title="This task shows you how to setup request timeouts in Envoy using Istio." href=/v1.8/docs/tasks/traffic-management/request-timeouts/>Request Timeouts</a></li><li role=none><a role=treeitem title="This task shows you how to configure circuit breaking for connections, requests, and outlier detection." href=/v1.8/docs/tasks/traffic-management/circuit-breaking/>Circuit Breaking</a></li><li role=none><a role=treeitem title="This task demonstrates the traffic mirroring/shadowing capabilities of Istio." href=/v1.8/docs/tasks/traffic-management/mirroring/>Mirroring</a></li><li role=treeitem aria-label=Ingress><button aria-hidden=true></button><a title="Controlling ingress traffic for an Istio service mesh." href=/v1.8/docs/tasks/traffic-management/ingress/>Ingress</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes how to configure an Istio gateway to expose a service outside of the service mesh." href=/v1.8/docs/tasks/traffic-management/ingress/ingress-control/>Ingress Gateways</a></li><li role=none><a role=treeitem title="Expose a service outside of the service mesh over TLS or mTLS." href=/v1.8/docs/tasks/traffic-management/ingress/secure-ingress/>Secure Gateways</a></li><li role=none><a role=treeitem title="Describes how to configure SNI passthrough for an ingress gateway." href=/v1.8/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/>Ingress Gateway without TLS Termination</a></li><li role=none><a role=treeitem title="Describes how to configure a Kubernetes Ingress object to expose a service outside of the service mesh." href=/v1.8/docs/tasks/traffic-management/ingress/kubernetes-ingress/>Kubernetes Ingress</a></li><li role=none><a role=treeitem title="Describes how to configure the Kubernetes Service APIs with Istio." href=/v1.8/docs/tasks/traffic-management/ingress/service-apis/>Kubernetes Service APIs [Experimental]</a></li></ul></li><li role=treeitem aria-label=Egress><button aria-hidden=true></button><a title="Controlling egress traffic for an Istio service mesh." href=/v1.8/docs/tasks/traffic-management/egress/>Egress</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes how to configure Istio to route traffic from services in the mesh to external services." href=/v1.8/docs/tasks/traffic-management/egress/egress-control/>Accessing External Services</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to perform TLS origination for traffic to external services." href=/v1.8/docs/tasks/traffic-management/egress/egress-tls-origination/>Egress TLS Origination</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to direct traffic to external services through a dedicated gateway." href=/v1.8/docs/tasks/traffic-management/egress/egress-gateway/>Egress Gateways</a></li><li role=none><a role=treeitem title="Describes how to configure an Egress Gateway to perform TLS origination to external services using Secret Discovery Service." href=/v1.8/docs/tasks/traffic-management/egress/egress-gateway-tls-origination-sds/>Egress Gateways with TLS Origination (SDS)</a></li><li role=none><a role=treeitem title="Describes how to configure an Egress Gateway to perform TLS origination to external services using file mount certificates." href=/v1.8/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/>Egress Gateways with TLS Origination (File Mount)</a></li><li role=none><a role=treeitem title="Describes how to enable egress traffic for a set of hosts in a common domain, instead of configuring each and every host separately." href=/v1.8/docs/tasks/traffic-management/egress/wildcard-egress-hosts/>Egress using Wildcard Hosts</a></li><li role=none><a role=treeitem title="Shows how to configure Istio for Kubernetes External Services." href=/v1.8/docs/tasks/traffic-management/egress/egress-kubernetes-services/>Kubernetes Services for Egress Traffic</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to let applications use an external HTTPS proxy." href=/v1.8/docs/tasks/traffic-management/egress/http-proxy/>Using an External HTTPS Proxy</a></li></ul></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Demonstrates how to secure the mesh." href=/v1.8/docs/tasks/security/>Security</a><ul role=group aria-expanded=false><li role=treeitem aria-label="Certificate Management"><button aria-hidden=true></button><a title="Management of the certificates in Istio." href=/v1.8/docs/tasks/security/cert-management/>Certificate Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows how system administrators can configure Istio's CA with a root certificate, signing certificate and key." href=/v1.8/docs/tasks/security/cert-management/plugin-ca-cert/>Plug in CA Certificates</a></li><li role=none><a role=treeitem title="Shows how to provision and manage DNS certificates in Istio." href=/v1.8/docs/tasks/security/cert-management/dns-cert/>Istio DNS Certificate Management</a></li><li role=none><a role=treeitem title="Shows how to use a Custom Certificate Authority (that integrates with the Kubernetes CSR API) to provision Istio workload certificates." href=/v1.8/docs/tasks/security/cert-management/custom-ca-k8s/>Custom CA Integration using Kubernetes CSR [experimental]</a></li></ul></li><li role=treeitem aria-label=Authentication><button aria-hidden=true></button><a title="Controlling mutual TLS and end-user authentication for mesh services." href=/v1.8/docs/tasks/security/authentication/>Authentication</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows you how to use Istio authentication policy to setup mutual TLS and basic end-user authentication." href=/v1.8/docs/tasks/security/authentication/authn-policy/>Authentication Policy</a></li><li role=none><a role=treeitem title="Shows you how to incrementally migrate your Istio services to mutual TLS." href=/v1.8/docs/tasks/security/authentication/mtls-migration/>Mutual TLS Migration</a></li></ul></li><li role=treeitem aria-label=Authorization><button aria-hidden=true></button><a title="Shows how to control access to Istio services." href=/v1.8/docs/tasks/security/authorization/>Authorization</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows how to set up access control for HTTP traffic." href=/v1.8/docs/tasks/security/authorization/authz-http/>Authorization for HTTP traffic</a></li><li role=none><a role=treeitem title="How to set up access control for TCP traffic." href=/v1.8/docs/tasks/security/authorization/authz-tcp/>Authorization for TCP traffic</a></li><li role=none><a role=treeitem title="How to set up access control with JWT in Istio." href=/v1.8/docs/tasks/security/authorization/authz-jwt/>Authorization with JWT</a></li><li role=none><a role=treeitem title="Shows how to set up access control to deny traffic explicitly." href=/v1.8/docs/tasks/security/authorization/authz-deny/>Authorization policies with a deny action</a></li><li role=none><a role=treeitem title="How to set up access control on an ingress gateway." href=/v1.8/docs/tasks/security/authorization/authz-ingress/>Authorization on Ingress Gateway</a></li><li role=none><a role=treeitem title="Shows how to migrate from one trust domain to another without changing authorization policy." href=/v1.8/docs/tasks/security/authorization/authz-td-migration/>Authorization Policy Trust Domain Migration</a></li></ul></li></ul></li><li role=treeitem aria-label=Observability><button aria-hidden=true></button><a title="Demonstrates how to collect telemetry information from the mesh." href=/v1.8/docs/tasks/observability/>Observability</a><ul role=group aria-expanded=false><li role=treeitem aria-label=Metrics><button aria-hidden=true></button><a title="Demonstrates the collection and querying of metrics within Istio." href=/v1.8/docs/tasks/observability/metrics/>Metrics</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to configure Istio to collect metrics for TCP services." href=/v1.8/docs/tasks/observability/metrics/tcp-metrics/>Collecting Metrics for TCP Services</a></li><li role=none><a role=treeitem title="This task shows you how to customize the Istio metrics." href=/v1.8/docs/tasks/observability/metrics/customize-metrics/>Customizing Istio Metrics</a></li><li role=none><a role=treeitem title="This task shows you how to improve telemetry by grouping requests and responses by their type." href=/v1.8/docs/tasks/observability/metrics/classify-metrics/>Classifying Metrics Based on Request or Response (Experimental)</a></li><li role=none><a role=treeitem title="This task shows you how to query for Istio Metrics using Prometheus." href=/v1.8/docs/tasks/observability/metrics/querying-metrics/>Querying Metrics from Prometheus</a></li><li role=none><a role=treeitem title="This task shows you how to setup and use the Istio Dashboard to monitor mesh traffic." href=/v1.8/docs/tasks/observability/metrics/using-istio-dashboard/>Visualizing Metrics with Grafana</a></li></ul></li><li role=treeitem aria-label=Logs><button aria-hidden=true></button><a title="Demonstrates the collection of logs within Istio." href=/v1.8/docs/tasks/observability/logs/>Logs</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to configure Envoy proxies to print access logs to their standard output." href=/v1.8/docs/tasks/observability/logs/access-log/>Getting Envoy's Access Logs</a></li></ul></li><li role=treeitem aria-label="Distributed Tracing"><button aria-hidden=true></button><a title="This task shows you how to configure Istio-enabled applications to collect trace spans." href=/v1.8/docs/tasks/observability/distributed-tracing/>Distributed Tracing</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Overview of distributed tracing in Istio." href=/v1.8/docs/tasks/observability/distributed-tracing/overview/>Overview</a></li><li role=none><a role=treeitem title="Learn how to configure the proxies to send tracing requests to Zipkin." href=/v1.8/docs/tasks/observability/distributed-tracing/zipkin/>Zipkin</a></li><li role=none><a role=treeitem title="Learn how to configure the proxies to send tracing requests to Jaeger." href=/v1.8/docs/tasks/observability/distributed-tracing/jaeger/>Jaeger</a></li><li role=none><a role=treeitem title="How to configure the proxies to send tracing requests to Lightstep." href=/v1.8/docs/tasks/observability/distributed-tracing/lightstep/>Lightstep</a></li><li role=none><a role=treeitem title="How to configure tracing options (beta/development)." href=/v1.8/docs/tasks/observability/distributed-tracing/configurability/>Configurability (Beta/Development)</a></li></ul></li><li role=none><a role=treeitem title="This task shows you how to visualize your services within an Istio mesh." href=/v1.8/docs/tasks/observability/kiali/>Visualizing Your Mesh</a></li><li role=none><a role=treeitem title="This task shows you how to configure external access to the set of Istio telemetry addons." href=/v1.8/docs/tasks/observability/gateways/>Remotely Accessing Telemetry Addons</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card94 title="A variety of fully working example uses for Istio that you can experiment with." aria-controls=card94-body><svg class="icon examples"><use xlink:href="/v1.8/img/icons.svg#examples"/></svg>Examples</button><div class=body aria-labelledby=card94 role=region id=card94-body><ul role=tree aria-expanded=true aria-labelledby=card94><li role=none><a role=treeitem title="Deploys a sample application composed of four separate microservices used to demonstrate various Istio features." href=/v1.8/docs/examples/bookinfo/>Bookinfo Application</a></li><li role=treeitem aria-label="Virtual Machines"><button aria-hidden=true></button><a title="Examples that add workloads running on virtual machines to an Istio mesh." href=/v1.8/docs/examples/virtual-machines/>Virtual Machines</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Learn how to add a service running on a virtual machine to your single-network Istio mesh." href=/v1.8/docs/examples/virtual-machines/single-network/>Example Application using Virtual Machines in a Single Network Mesh</a></li><li role=none><a role=treeitem title="Learn how to add a service running on a virtual machine to your multi-network Istio mesh." href=/v1.8/docs/examples/virtual-machines/multi-network/>Virtual Machines in Multi-Network Meshes</a></li><li role=none><a role=treeitem title="Run the Bookinfo application with a MySQL service running on a virtual machine within your mesh." href=/v1.8/docs/examples/virtual-machines/bookinfo/>Bookinfo with a Virtual Machine</a></li></ul></li><li role=treeitem aria-label="Learn Microservices using Kubernetes and Istio"><button aria-hidden=true></button><a title="This modular tutorial provides new users with hands-on experience using Istio for common microservices scenarios, one step at a time." href=/v1.8/docs/examples/microservices-istio/>Learn Microservices using Kubernetes and Istio</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/prereq/>Prerequisites</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/setup-kubernetes-cluster/>Setup a Kubernetes Cluster</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/setup-local-computer/>Setup a Local Computer</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/single/>Run a Microservice Locally</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/package-service/>Run ratings in Docker</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/bookinfo-kubernetes/>Run Bookinfo with Kubernetes</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/production-testing/>Test in production</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/add-new-microservice-version/>Add a new version of reviews</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/add-istio/>Enable Istio on productpage</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/enable-istio-all-microservices/>Enable Istio on all the microservices</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/istio-ingress-gateway/>Configure Istio Ingress Gateway</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/logs-istio/>Monitoring with Istio</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card118 title="Concepts, tools, and techniques to deploy and manage an Istio mesh." aria-controls=card118-body><svg class="icon guide"><use xlink:href="/v1.8/img/icons.svg#guide"/></svg>Operations</button><div class=body aria-labelledby=card118 role=region id=card118-body><ul role=tree aria-expanded=true aria-labelledby=card118><li role=treeitem aria-label=Deployment><button aria-hidden=true></button><a title="Requirements, concepts, and considerations for setting up an Istio deployment." href=/v1.8/docs/ops/deployment/>Deployment</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes Istio's high-level architecture and design goals." href=/v1.8/docs/ops/deployment/architecture/>Architecture</a></li><li role=none><a role=treeitem title="Describes the options and considerations when configuring your Istio deployment." href=/v1.8/docs/ops/deployment/deployment-models/>Deployment Models</a></li><li role=none><a role=treeitem title="Istio performance and scalability summary." href=/v1.8/docs/ops/deployment/performance-and-scalability/>Performance and Scalability</a></li><li role=none><a role=treeitem title="Requirements of applications deployed in an Istio-enabled cluster." href=/v1.8/docs/ops/deployment/requirements/>Application Requirements</a></li></ul></li><li role=treeitem aria-label=Configuration><button aria-hidden=true></button><a title="Advanced concepts and features for configuring a running Istio mesh." href=/v1.8/docs/ops/configuration/>Configuration</a><ul role=group aria-expanded=false><li role=treeitem aria-label="Mesh Configuration"><button aria-hidden=true></button><a title="Helps you manage the global mesh configuration." href=/v1.8/docs/ops/configuration/mesh/>Mesh Configuration</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Provides a general overview of Istio's use of Kubernetes webhooks and the related issues that can arise." href=/v1.8/docs/ops/configuration/mesh/webhook/>Dynamic Admission Webhooks Overview</a></li><li role=none><a role=treeitem title="Describes how to wait to apply mesh configuration until a resource reaches a given status or readiness." href=/v1.8/docs/ops/configuration/mesh/config-resource-ready/>Wait for Resource Status to Apply Configuration</a></li><li role=none><a role=treeitem title="Describes Istio's use of Kubernetes webhooks for automatic sidecar injection." href=/v1.8/docs/ops/configuration/mesh/injection-concepts/>Automatic Sidecar Injection</a></li><li role=none><a role=treeitem title="Shows how to do health checking for Istio services." href=/v1.8/docs/ops/configuration/mesh/app-health-check/>Health Checking of Istio Services</a></li></ul></li><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Helps you manage the networking aspects of a running mesh." href=/v1.8/docs/ops/configuration/traffic-management/>Traffic Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Information on how to specify protocols." href=/v1.8/docs/ops/configuration/traffic-management/protocol-selection/>Protocol Selection</a></li><li role=none><a role=treeitem title="Information on how to enable and understand Locality Load Balancing." href=/v1.8/docs/ops/configuration/traffic-management/locality-load-balancing/>Locality Load Balancing</a></li><li role=none><a role=treeitem title="How to configure TLS settings to secure network traffic." href=/v1.8/docs/ops/configuration/traffic-management/tls-configuration/>TLS Configuration</a></li><li role=none><a role=treeitem title="How to configure gateway network topology." href=/v1.8/docs/ops/configuration/traffic-management/network-topologies/>Configuring Gateway Network Topology [experimental]</a></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Helps you manage the security aspects of a running mesh." href=/v1.8/docs/ops/configuration/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Use hardened container images to reduce Istio's attack surface." href=/v1.8/docs/ops/configuration/security/harden-docker-images/>Harden Docker Container Images</a></li><li role=none><a role=treeitem title="Learn how to extend the lifetime of the Istio self-signed root certificate." href=/v1.8/docs/ops/configuration/security/root-transition/>Extending Self-Signed Certificate Lifetime</a></li></ul></li><li role=treeitem aria-label=Observability><button aria-hidden=true></button><a title="Helps you manage telemetry collection and visualization in a running mesh." href=/v1.8/docs/ops/configuration/telemetry/>Observability</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Fine-grained control of Envoy statistics." href=/v1.8/docs/ops/configuration/telemetry/envoy-stats/>Envoy Statistics</a></li><li role=none><a role=treeitem title="Configure Prometheus to monitor multicluster Istio." href=/v1.8/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/>Monitoring Multicluster Istio with Prometheus</a></li></ul></li></ul></li><li role=treeitem aria-label="Best Practices"><button aria-hidden=true></button><a title="Best practices for setting up and managing an Istio service mesh." href=/v1.8/docs/ops/best-practices/>Best Practices</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="General best practices when setting up an Istio service mesh." href=/v1.8/docs/ops/best-practices/deployment/>Deployment Best Practices</a></li><li role=none><a role=treeitem title="Configuration best practices to avoid networking or traffic management issues." href=/v1.8/docs/ops/best-practices/traffic-management/>Traffic Management Best Practices</a></li><li role=none><a role=treeitem title="Best practices for securing applications using Istio." href=/v1.8/docs/ops/best-practices/security/>Security Best Practices</a></li><li role=none><a role=treeitem title="Best practices for observing applications using Istio." href=/v1.8/docs/ops/best-practices/observability/>Observability Best Practices</a></li></ul></li><li role=treeitem aria-label="Common Problems"><button aria-hidden=true></button><a title="Describes how to identify and resolve common problems in Istio." href=/v1.8/docs/ops/common-problems/>Common Problems</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Techniques to address common Istio traffic management and network problems." href=/v1.8/docs/ops/common-problems/network-issues/>Traffic Management Problems</a></li><li role=none><a role=treeitem title="Techniques to address common Istio authentication, authorization, and general security-related problems." href=/v1.8/docs/ops/common-problems/security-issues/>Security Problems</a></li><li role=none><a role=treeitem title="Dealing with telemetry collection issues." href=/v1.8/docs/ops/common-problems/observability-issues/>Observability Problems</a></li><li role=none><a role=treeitem title="Resolve common problems with Istio's use of Kubernetes webhooks for automatic sidecar injection." href=/v1.8/docs/ops/common-problems/injection/>Sidecar Injection Problems</a></li><li role=none><a role=treeitem title="Describes how to resolve configuration validation problems." href=/v1.8/docs/ops/common-problems/validation/>Configuration Validation Problems</a></li></ul></li><li role=treeitem aria-label="Diagnostic Tools"><button aria-hidden=true></button><a title="Tools and techniques to help troubleshoot an Istio mesh." href=/v1.8/docs/ops/diagnostic-tools/>Diagnostic Tools</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Istio includes a supplemental tool that provides debugging and diagnosis for Istio service mesh deployments." href=/v1.8/docs/ops/diagnostic-tools/istioctl/>Using the Istioctl Command-line Tool</a></li><li role=none><a role=treeitem title="Describes tools and techniques to diagnose Envoy configuration issues related to traffic management." href=/v1.8/docs/ops/diagnostic-tools/proxy-cmd/>Debugging Envoy and Istiod</a></li><li role=none><a role=treeitem title="Shows you how to use istioctl describe to verify the configurations of a pod in your mesh." href=/v1.8/docs/ops/diagnostic-tools/istioctl-describe/>Understand your Mesh with Istioctl Describe</a></li><li role=none><a role=treeitem title="Shows you how to use istioctl analyze to identify potential issues with your configuration." href=/v1.8/docs/ops/diagnostic-tools/istioctl-analyze/>Diagnose your Configuration with Istioctl Analyze</a></li><li role=none><a role=treeitem title="Describes how to use ControlZ to get insight into a running istiod component." href=/v1.8/docs/ops/diagnostic-tools/controlz/>Istiod Introspection</a></li><li role=none><a role=treeitem title="Describes how to use component-level logging to get insights into a running component's behavior." href=/v1.8/docs/ops/diagnostic-tools/component-logging/>Component Logging</a></li></ul></li><li role=treeitem aria-label=Integrations><button aria-hidden=true></button><a title="Other softwares that Istio can integrate with to provide additional functionality." href=/v1.8/docs/ops/integrations/>Integrations</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Information on how to integrate with cert-manager." href=/v1.8/docs/ops/integrations/certmanager/>cert-manager</a></li><li role=none><a role=treeitem title="Information on how to integrate with Grafana to set up Istio dashboards." href=/v1.8/docs/ops/integrations/grafana/>Grafana</a></li><li role=none><a role=treeitem title="How to integrate with Jaeger." href=/v1.8/docs/ops/integrations/jaeger/>Jaeger</a></li><li role=none><a role=treeitem title="Information on how to integrate with Kiali." href=/v1.8/docs/ops/integrations/kiali/>Kiali</a></li><li role=none><a role=treeitem title="How to integrate with Prometheus." href=/v1.8/docs/ops/integrations/prometheus/>Prometheus</a></li><li role=none><a role=treeitem title="How to integrate with Zipkin." href=/v1.8/docs/ops/integrations/zipkin/>Zipkin</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card169 title="Detailed authoritative reference material such as command-line options, configuration options, and API calling parameters." aria-controls=card169-body><svg class="icon reference"><use xlink:href="/v1.8/img/icons.svg#reference"/></svg>Reference</button><div class="body default" aria-labelledby=card169 role=region id=card169-body><ul role=tree aria-expanded=true aria-labelledby=card169><li role=treeitem aria-label=Configuration><button class=show aria-hidden=true></button><a title="Detailed information on configuration options." href=/v1.8/docs/reference/config/>Configuration</a><ul role=group aria-expanded=true><li role=none><a role=treeitem title="Configuration affecting Istio control plane installation version and shape." href=/v1.8/docs/reference/config/istio.operator.v1alpha1/>IstioOperator Options</a></li><li role=none><a role=treeitem title="Configuration affecting the service mesh as a whole." href=/v1.8/docs/reference/config/istio.mesh.v1alpha1/>Global Mesh Options</a></li><li role=none><a role=treeitem title="Describes the structure of messages generated by Istio analyzers." href=/v1.8/docs/reference/config/istio.analysis.v1alpha1/>Analysis Messages</a></li><li role=none><a role=treeitem title="Describes the role of the `status` field in configuration workflow." href=/v1.8/docs/reference/config/config-status/>Configuration Status Field</a></li><li role=treeitem aria-label="Proxy Extensions"><button aria-hidden=true></button><a title="Describes how to configure Istio proxy extensions." href=/v1.8/docs/reference/config/proxy_extensions/>Proxy Extensions</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration for Metadata Exchange Filter." href=/v1.8/docs/reference/config/proxy_extensions/metadata_exchange/>Metadata Exchange Config</a></li><li role=none><a role=treeitem title="Configuration for Stackdriver filter." href=/v1.8/docs/reference/config/proxy_extensions/stackdriver/>Stackdriver Config</a></li><li role=none><a role=treeitem title="Configuration for Attribute Generation plugin." href=/v1.8/docs/reference/config/proxy_extensions/attributegen/>AttributeGen Config</a></li><li role=none><a role=treeitem title="Configuration for AccessLogPolicy Filter." href=/v1.8/docs/reference/config/proxy_extensions/accesslogpolicy/>AccessLogPolicy Config</a></li><li role=none><a role=treeitem title="Configuration for Stats Filter." href=/v1.8/docs/reference/config/proxy_extensions/stats/>Stats Config</a></li><li role=none><a role=treeitem title="How to enable telemetry generation with the Wasm runtime (experimental)." href=/v1.8/docs/reference/config/proxy_extensions/wasm_telemetry/>Wasm-based Telemetry (Experimental)</a></li></ul></li><li role=treeitem aria-label="Traffic Management"><button class=show aria-hidden=true></button><a title="Describes how to configure HTTP/TCP routing features." href=/v1.8/docs/reference/config/networking/>Traffic Management</a><ul role=group aria-expanded=true class=leaf-section><li role=none><a role=treeitem title="Configuration affecting load balancing, outlier detection, etc." href=/v1.8/docs/reference/config/networking/destination-rule/>Destination Rule</a></li><li role=none><a role=treeitem title="Customizing Envoy configuration generated by Istio." href=/v1.8/docs/reference/config/networking/envoy-filter/>Envoy Filter</a></li><li role=none><a role=treeitem title="Configuration affecting edge load balancer." href=/v1.8/docs/reference/config/networking/gateway/>Gateway</a></li><li role=none><a role=treeitem title="Configuration affecting service registry." href=/v1.8/docs/reference/config/networking/service-entry/>Service Entry</a></li><li role=none><a role=treeitem title="Configuration affecting network reachability of a sidecar." href=/v1.8/docs/reference/config/networking/sidecar/>Sidecar</a></li><li role=none><a role=treeitem title="Describes a collection of workload instances." href=/v1.8/docs/reference/config/networking/workload-group/>Workload Group</a></li><li role=none><a role=treeitem title="Configuration affecting VMs onboarded into the mesh." href=/v1.8/docs/reference/config/networking/workload-entry/>Workload Entry</a></li><li role=none><span role=treeitem class=current title="Configuration affecting label/content routing, sni routing, etc.">Virtual Service</span></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Describes how to configure Istio's security features." href=/v1.8/docs/reference/config/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration to validate JWT." href=/v1.8/docs/reference/config/security/jwt/>JWTRule</a></li><li role=none><a role=treeitem title="Peer authentication configuration for workloads." href=/v1.8/docs/reference/config/security/peer_authentication/>PeerAuthentication</a></li><li role=none><a role=treeitem title="Request authentication configuration for workloads." href=/v1.8/docs/reference/config/security/request_authentication/>RequestAuthentication</a></li><li role=none><a role=treeitem title="Configuration for access control on workloads." href=/v1.8/docs/reference/config/security/authorization-policy/>Authorization Policy</a></li><li role=none><a role=treeitem title="Describes the supported conditions in authorization policies." href=/v1.8/docs/reference/config/security/conditions/>Authorization Policy Conditions</a></li></ul></li><li role=treeitem aria-label="Common Types"><button aria-hidden=true></button><a title="Describes common types in Istio API." href=/v1.8/docs/reference/config/type/>Common Types</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Definition of a workload selector." href=/v1.8/docs/reference/config/type/workload-selector/>Workload Selector</a></li></ul></li><li role=none><a role=treeitem title="Istio standard metrics exported by Istio telemetry." href=/v1.8/docs/reference/config/metrics/>Istio Standard Metrics</a></li><li role=none><a role=treeitem title="Resource annotations used by Istio." href=/v1.8/docs/reference/config/annotations/>Resource Annotations</a></li><li role=treeitem aria-label="Configuration Analysis Messages"><button aria-hidden=true></button><a title="Documents the individual error and warning messages produced during configuration analysis." href=/v1.8/docs/reference/config/analysis/>Configuration Analysis Messages</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0113/>MTLSPolicyConflict</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0109/>ConflictingMeshGatewayVirtualServiceHosts</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0110/>ConflictingSidecarWorkloadSelectors</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0116/>DeploymentAssociatedToMultipleServices</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0117/>DeploymentRequiresServiceAssociated</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0002/>Deprecated</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0104/>GatewayPortNotOnWorkload</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0001/>InternalError</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0125/>InvalidAnnotation</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0122/>InvalidRegexp</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0105/>IstioProxyImageMismatch</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0119/>JwtFailureDueToInvalidServicePortPrefix</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0107/>MisplacedAnnotation</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0108/>UnknownAnnotation</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0111/>MultipleSidecarsWithoutWorkloadSelectors</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0123/>NamespaceMultipleInjectionLabels</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0102/>NamespaceNotInjected</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0127/>NoMatchingWorkloadsFound</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0128/>NoServerCertificateVerificationDestinationLevel</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0129/>NoServerCertificateVerificationPortLevel</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/message-format/>Analyzer Message Format</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0131/>VirtualServiceIneffectiveMatch</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0118/>PortNameIsNotUnderNamingConvention</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0101/>ReferencedResourceNotFound</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0106/>SchemaValidationError</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0130/>VirtualServiceUnreachableRule</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0103/>PodMissingProxy</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0112/>VirtualServiceDestinationPortSelectorRequired</a></li></ul></li></ul></li><li role=treeitem aria-label=Commands><button aria-hidden=true></button><a title="Describes usage and options of the Istio commands and utilities." href=/v1.8/docs/reference/commands/>Commands</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Istio control interface." href=/v1.8/docs/reference/commands/istioctl/>istioctl</a></li><li role=none><a role=treeitem title="Istio Pilot." href=/v1.8/docs/reference/commands/pilot-discovery/>pilot-discovery</a></li><li role=none><a role=treeitem title="The Istio operator." href=/v1.8/docs/reference/commands/operator/>operator</a></li><li role=none><a role=treeitem title="Istio Pilot agent." href=/v1.8/docs/reference/commands/pilot-agent/>pilot-agent</a></li></ul></li><li role=none><a role=treeitem title="A glossary of common Istio terms." href=/v1.8/docs/reference/glossary/>Glossary</a></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title="Toggle the navigation bar"><svg class="icon pull"><use xlink:href="/v1.8/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.8/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.8/docs/ title="Learn how to deploy, use, and operate Istio.">Docs</a></li><li><a href=/v1.8/docs/reference/ title="Detailed authoritative reference material such as command-line options, configuration options, and API calling parameters.">Reference</a></li><li><a href=/v1.8/docs/reference/config/ title="Detailed information on configuration options.">Configuration</a></li><li><a href=/v1.8/docs/reference/config/networking/ title="Describes how to configure HTTP/TCP routing features.">Traffic Management</a></li><li>Virtual Service</li></ol></nav><article aria-labelledby=title><div class=title-area><div style=width:100%><h1 id=title>Virtual Service</h1><p class=byline><span title="6151 words"><svg class="icon clock"><use xlink:href="/v1.8/img/icons.svg#clock"/></svg><span> </span>29 minute read</span>
|
||
<span> </span>
|
||
<span></span></p></div></div><nav class=toc-inlined aria-label="Table of Contents"><div><hr><ol><li role=none aria-label=VirtualService><a href=#VirtualService>VirtualService</a><li role=none aria-label=Destination><a href=#Destination>Destination</a><li role=none aria-label=HTTPRoute><a href=#HTTPRoute>HTTPRoute</a><li role=none aria-label=Delegate><a href=#Delegate>Delegate</a><li role=none aria-label=Headers><a href=#Headers>Headers</a><li role=none aria-label=TLSRoute><a href=#TLSRoute>TLSRoute</a><li role=none aria-label=TCPRoute><a href=#TCPRoute>TCPRoute</a><li role=none aria-label=HTTPMatchRequest><a href=#HTTPMatchRequest>HTTPMatchRequest</a><li role=none aria-label=HTTPRouteDestination><a href=#HTTPRouteDestination>HTTPRouteDestination</a><li role=none aria-label=RouteDestination><a href=#RouteDestination>RouteDestination</a><li role=none aria-label=L4MatchAttributes><a href=#L4MatchAttributes>L4MatchAttributes</a><li role=none aria-label=TLSMatchAttributes><a href=#TLSMatchAttributes>TLSMatchAttributes</a><li role=none aria-label=HTTPRedirect><a href=#HTTPRedirect>HTTPRedirect</a><li role=none aria-label=HTTPRewrite><a href=#HTTPRewrite>HTTPRewrite</a><li role=none aria-label=StringMatch><a href=#StringMatch>StringMatch</a><li role=none aria-label=HTTPRetry><a href=#HTTPRetry>HTTPRetry</a><li role=none aria-label=CorsPolicy><a href=#CorsPolicy>CorsPolicy</a><li role=none aria-label=HTTPFaultInjection><a href=#HTTPFaultInjection>HTTPFaultInjection</a><li role=none aria-label=PortSelector><a href=#PortSelector>PortSelector</a><li role=none aria-label=Percent><a href=#Percent>Percent</a><li role=none aria-label=Headers.HeaderOperations><a href=#Headers-HeaderOperations>Headers.HeaderOperations</a><li role=none aria-label=HTTPFaultInjection.Delay><a href=#HTTPFaultInjection-Delay>HTTPFaultInjection.Delay</a><li role=none aria-label=HTTPFaultInjection.Abort><a href=#HTTPFaultInjection-Abort>HTTPFaultInjection.Abort</a><li role=none aria-label=google.protobuf.UInt32Value><a href=#google-protobuf-UInt32Value>google.protobuf.UInt32Value</a></ol><hr></div></nav><p>Configuration affecting traffic routing. Here are a few terms useful to define
|
||
in the context of traffic routing.</p><p><code>Service</code> a unit of application behavior bound to a unique name in a
|
||
service registry. Services consist of multiple network <em>endpoints</em>
|
||
implemented by workload instances running on pods, containers, VMs etc.</p><p><code>Service versions (a.k.a. subsets)</code> - In a continuous deployment
|
||
scenario, for a given service, there can be distinct subsets of
|
||
instances running different variants of the application binary. These
|
||
variants are not necessarily different API versions. They could be
|
||
iterative changes to the same service, deployed in different
|
||
environments (prod, staging, dev, etc.). Common scenarios where this
|
||
occurs include A/B testing, canary rollouts, etc. The choice of a
|
||
particular version can be decided based on various criterion (headers,
|
||
url, etc.) and/or by weights assigned to each version. Each service has
|
||
a default version consisting of all its instances.</p><p><code>Source</code> - A downstream client calling a service.</p><p><code>Host</code> - The address used by a client when attempting to connect to a
|
||
service.</p><p><code>Access model</code> - Applications address only the destination service
|
||
(Host) without knowledge of individual service versions (subsets). The
|
||
actual choice of the version is determined by the proxy/sidecar, enabling the
|
||
application code to decouple itself from the evolution of dependent
|
||
services.</p><p>A <code>VirtualService</code> defines a set of traffic routing rules to apply when a host is
|
||
addressed. Each routing rule defines matching criteria for traffic of a specific
|
||
protocol. If the traffic is matched, then it is sent to a named destination service
|
||
(or subset/version of it) defined in the registry.</p><p>The source of traffic can also be matched in a routing rule. This allows routing
|
||
to be customized for specific client contexts.</p><p>The following example on Kubernetes, routes all HTTP traffic by default to
|
||
pods of the reviews service with label “version: v1”. In addition,
|
||
HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will
|
||
be rewritten to /newcatalog and sent to pods with label “version: v2”.</p><div id=tabset-docs-reference-config-networking-virtual-service-1 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-1-0-panel id=tabset-docs-reference-config-networking-virtual-service-1-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-1-1-panel id=tabset-docs-reference-config-networking-virtual-service-1-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-1-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-1-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- name: "reviews-v2-routes"
|
||
match:
|
||
- uri:
|
||
prefix: "/wpcatalog"
|
||
- uri:
|
||
prefix: "/consumercatalog"
|
||
rewrite:
|
||
uri: "/newcatalog"
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v2
|
||
- name: "reviews-v1-route"
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-1-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-1-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- name: "reviews-v2-routes"
|
||
match:
|
||
- uri:
|
||
prefix: "/wpcatalog"
|
||
- uri:
|
||
prefix: "/consumercatalog"
|
||
rewrite:
|
||
uri: "/newcatalog"
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v2
|
||
- name: "reviews-v1-route"
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
</code></pre></div></div></div><p>A subset/version of a route destination is identified with a reference
|
||
to a named service subset which must be declared in a corresponding
|
||
<code>DestinationRule</code>.</p><div id=tabset-docs-reference-config-networking-virtual-service-2 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-2-0-panel id=tabset-docs-reference-config-networking-virtual-service-2-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-2-1-panel id=tabset-docs-reference-config-networking-virtual-service-2-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-2-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-2-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: reviews-destination
|
||
spec:
|
||
host: reviews.prod.svc.cluster.local
|
||
subsets:
|
||
- name: v1
|
||
labels:
|
||
version: v1
|
||
- name: v2
|
||
labels:
|
||
version: v2
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-2-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-2-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: reviews-destination
|
||
spec:
|
||
host: reviews.prod.svc.cluster.local
|
||
subsets:
|
||
- name: v1
|
||
labels:
|
||
version: v1
|
||
- name: v2
|
||
labels:
|
||
version: v2
|
||
</code></pre></div></div></div><h2 id=VirtualService>VirtualService</h2><section><p>Configuration affecting traffic routing.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=VirtualService-hosts><td><code>hosts</code></td><td><code>string[]</code></td><td><p>The destination hosts to which traffic is being sent. Could
|
||
be a DNS name with wildcard prefix or an IP address. Depending on the
|
||
platform, short-names can also be used instead of a FQDN (i.e. has no
|
||
dots in the name). In such a scenario, the FQDN of the host would be
|
||
derived based on the underlying platform.</p><p>A single VirtualService can be used to describe all the traffic
|
||
properties of the corresponding hosts, including those for multiple
|
||
HTTP and TCP ports. Alternatively, the traffic properties of a host
|
||
can be defined using more than one VirtualService, with certain
|
||
caveats. Refer to the
|
||
<a href=/v1.8/docs/ops/best-practices/traffic-management/#split-virtual-services>Operations Guide</a>
|
||
for details.</p><p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
||
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
||
the short name based on the namespace of the rule, not the service. A
|
||
rule in the “default” namespace containing a host “reviews” will be
|
||
interpreted as “reviews.default.svc.cluster.local”, irrespective of
|
||
the actual namespace associated with the reviews service. <em>To avoid
|
||
potential misconfigurations, it is recommended to always use fully
|
||
qualified domain names over short names.</em></p><p>The hosts field applies to both HTTP and TCP services. Service inside
|
||
the mesh, i.e., those found in the service registry, must always be
|
||
referred to using their alphanumeric names. IP addresses are allowed
|
||
only for services defined via the Gateway.</p><p><em>Note</em>: It must be empty for a delegate VirtualService.</p></td><td>No</td></tr><tr id=VirtualService-gateways><td><code>gateways</code></td><td><code>string[]</code></td><td><p>The names of gateways and sidecars that should apply these routes.
|
||
Gateways in other namespaces may be referred to by
|
||
<code><gateway namespace>/<gateway name></code>; specifying a gateway with no
|
||
namespace qualifier is the same as specifying the VirtualService’s
|
||
namespace. A single VirtualService is used for sidecars inside the mesh as
|
||
well as for one or more gateways. The selection condition imposed by this
|
||
field can be overridden using the source field in the match conditions
|
||
of protocol-specific routes. The reserved word <code>mesh</code> is used to imply
|
||
all the sidecars in the mesh. When this field is omitted, the default
|
||
gateway (<code>mesh</code>) will be used, which would apply the rule to all
|
||
sidecars in the mesh. If a list of gateway names is provided, the
|
||
rules will apply only to the gateways. To apply the rules to both
|
||
gateways and sidecars, specify <code>mesh</code> as one of the gateway names.</p></td><td>No</td></tr><tr id=VirtualService-http><td><code>http</code></td><td><code><a href=#HTTPRoute>HTTPRoute[]</a></code></td><td><p>An ordered list of route rules for HTTP traffic. HTTP routes will be
|
||
applied to platform service ports named ‘http-<em>’/‘http2-</em>’/‘grpc-*’, gateway
|
||
ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service
|
||
entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching
|
||
an incoming request is used.</p></td><td>No</td></tr><tr id=VirtualService-tls><td><code>tls</code></td><td><code><a href=#TLSRoute>TLSRoute[]</a></code></td><td><p>An ordered list of route rule for non-terminated TLS & HTTPS
|
||
traffic. Routing is typically performed using the SNI value presented
|
||
by the ClientHello message. TLS routes will be applied to platform
|
||
service ports named ‘https-<em>’, ‘tls-</em>’, unterminated gateway ports using
|
||
HTTPS/TLS protocols (i.e. with “passthrough” TLS mode) and service
|
||
entry ports using HTTPS/TLS protocols. The first rule matching an
|
||
incoming request is used. NOTE: Traffic ‘https-<em>’ or ‘tls-</em>’ ports
|
||
without associated virtual service will be treated as opaque TCP
|
||
traffic.</p></td><td>No</td></tr><tr id=VirtualService-tcp><td><code>tcp</code></td><td><code><a href=#TCPRoute>TCPRoute[]</a></code></td><td><p>An ordered list of route rules for opaque TCP traffic. TCP routes will
|
||
be applied to any port that is not a HTTP or TLS port. The first rule
|
||
matching an incoming request is used.</p></td><td>No</td></tr><tr id=VirtualService-export_to><td><code>exportTo</code></td><td><code>string[]</code></td><td><p>A list of namespaces to which this virtual service is exported. Exporting a
|
||
virtual service allows it to be used by sidecars and gateways defined in
|
||
other namespaces. This feature provides a mechanism for service owners
|
||
and mesh administrators to control the visibility of virtual services
|
||
across namespace boundaries.</p><p>If no namespaces are specified then the virtual service is exported to all
|
||
namespaces by default.</p><p>The value “.” is reserved and defines an export to the same namespace that
|
||
the virtual service is declared in. Similarly the value “*” is reserved and
|
||
defines an export to all namespaces.</p><p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
|
||
“.” or “*” (i.e., the current namespace or all namespaces).</p></td><td>No</td></tr></tbody></table></section><h2 id=Destination>Destination</h2><section><p>Destination indicates the network addressable service to which the
|
||
request/connection will be sent after processing a routing rule. The
|
||
destination.host should unambiguously refer to a service in the service
|
||
registry. Istio’s service registry is composed of all the services found
|
||
in the platform’s service registry (e.g., Kubernetes services, Consul
|
||
services), as well as services declared through the
|
||
<a href=/v1.8/docs/reference/config/networking/service-entry/#ServiceEntry>ServiceEntry</a> resource.</p><p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
||
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
||
the short name based on the namespace of the rule, not the service. A
|
||
rule in the “default” namespace containing a host “reviews will be
|
||
interpreted as “reviews.default.svc.cluster.local”, irrespective of the
|
||
actual namespace associated with the reviews service. <em>To avoid potential
|
||
misconfigurations, it is recommended to always use fully qualified
|
||
domain names over short names.</em></p><p>The following Kubernetes example routes all traffic by default to pods
|
||
of the reviews service with label “version: v1” (i.e., subset v1), and
|
||
some to subset v2, in a Kubernetes environment.</p><div id=tabset-docs-reference-config-networking-virtual-service-3 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-3-0-panel id=tabset-docs-reference-config-networking-virtual-service-3-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-3-1-panel id=tabset-docs-reference-config-networking-virtual-service-3-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-3-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-3-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
namespace: foo
|
||
spec:
|
||
hosts:
|
||
- reviews # interpreted as reviews.foo.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- uri:
|
||
prefix: "/wpcatalog"
|
||
- uri:
|
||
prefix: "/consumercatalog"
|
||
rewrite:
|
||
uri: "/newcatalog"
|
||
route:
|
||
- destination:
|
||
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
||
subset: v2
|
||
- route:
|
||
- destination:
|
||
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
||
subset: v1
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-3-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-3-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
namespace: foo
|
||
spec:
|
||
hosts:
|
||
- reviews # interpreted as reviews.foo.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- uri:
|
||
prefix: "/wpcatalog"
|
||
- uri:
|
||
prefix: "/consumercatalog"
|
||
rewrite:
|
||
uri: "/newcatalog"
|
||
route:
|
||
- destination:
|
||
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
||
subset: v2
|
||
- route:
|
||
- destination:
|
||
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
||
subset: v1
|
||
</code></pre></div></div></div><p>And the associated DestinationRule</p><div id=tabset-docs-reference-config-networking-virtual-service-4 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-4-0-panel id=tabset-docs-reference-config-networking-virtual-service-4-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-4-1-panel id=tabset-docs-reference-config-networking-virtual-service-4-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-4-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-4-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: reviews-destination
|
||
namespace: foo
|
||
spec:
|
||
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
||
subsets:
|
||
- name: v1
|
||
labels:
|
||
version: v1
|
||
- name: v2
|
||
labels:
|
||
version: v2
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-4-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-4-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: reviews-destination
|
||
namespace: foo
|
||
spec:
|
||
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
||
subsets:
|
||
- name: v1
|
||
labels:
|
||
version: v1
|
||
- name: v2
|
||
labels:
|
||
version: v2
|
||
</code></pre></div></div></div><p>The following VirtualService sets a timeout of 5s for all calls to
|
||
productpage.prod.svc.cluster.local service in Kubernetes. Notice that
|
||
there are no subsets defined in this rule. Istio will fetch all
|
||
instances of productpage.prod.svc.cluster.local service from the service
|
||
registry and populate the sidecar’s load balancing pool. Also, notice
|
||
that this rule is set in the istio-system namespace but uses the fully
|
||
qualified domain name of the productpage service,
|
||
productpage.prod.svc.cluster.local. Therefore the rule’s namespace does
|
||
not have an impact in resolving the name of the productpage service.</p><div id=tabset-docs-reference-config-networking-virtual-service-5 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-5-0-panel id=tabset-docs-reference-config-networking-virtual-service-5-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-5-1-panel id=tabset-docs-reference-config-networking-virtual-service-5-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-5-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-5-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: my-productpage-rule
|
||
namespace: istio-system
|
||
spec:
|
||
hosts:
|
||
- productpage.prod.svc.cluster.local # ignores rule namespace
|
||
http:
|
||
- timeout: 5s
|
||
route:
|
||
- destination:
|
||
host: productpage.prod.svc.cluster.local
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-5-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-5-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: my-productpage-rule
|
||
namespace: istio-system
|
||
spec:
|
||
hosts:
|
||
- productpage.prod.svc.cluster.local # ignores rule namespace
|
||
http:
|
||
- timeout: 5s
|
||
route:
|
||
- destination:
|
||
host: productpage.prod.svc.cluster.local
|
||
</code></pre></div></div></div><p>To control routing for traffic bound to services outside the mesh, external
|
||
services must first be added to Istio’s internal service registry using the
|
||
ServiceEntry resource. VirtualServices can then be defined to control traffic
|
||
bound to these external services. For example, the following rules define a
|
||
Service for wikipedia.org and set a timeout of 5s for HTTP requests.</p><div id=tabset-docs-reference-config-networking-virtual-service-6 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-6-0-panel id=tabset-docs-reference-config-networking-virtual-service-6-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-6-1-panel id=tabset-docs-reference-config-networking-virtual-service-6-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-6-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-6-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-wikipedia
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: example-http
|
||
protocol: HTTP
|
||
resolution: DNS
|
||
|
||
apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: my-wiki-rule
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
http:
|
||
- timeout: 5s
|
||
route:
|
||
- destination:
|
||
host: wikipedia.org
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-6-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-6-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-wikipedia
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: example-http
|
||
protocol: HTTP
|
||
resolution: DNS
|
||
|
||
apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: my-wiki-rule
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
http:
|
||
- timeout: 5s
|
||
route:
|
||
- destination:
|
||
host: wikipedia.org
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Destination-host><td><code>host</code></td><td><code>string</code></td><td><p>The name of a service from the service registry. Service
|
||
names are looked up from the platform’s service registry (e.g.,
|
||
Kubernetes services, Consul services, etc.) and from the hosts
|
||
declared by <a href=/v1.8/docs/reference/config/networking/service-entry/#ServiceEntry>ServiceEntry</a>. Traffic forwarded to
|
||
destinations that are not found in either of the two, will be dropped.</p><p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
||
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
||
the short name based on the namespace of the rule, not the service. A
|
||
rule in the “default” namespace containing a host “reviews will be
|
||
interpreted as “reviews.default.svc.cluster.local”, irrespective of
|
||
the actual namespace associated with the reviews service. To avoid
|
||
potential misconfiguration, it is recommended to always use fully
|
||
qualified domain names over short names.</p></td><td>Yes</td></tr><tr id=Destination-subset><td><code>subset</code></td><td><code>string</code></td><td><p>The name of a subset within the service. Applicable only to services
|
||
within the mesh. The subset must be defined in a corresponding
|
||
DestinationRule.</p></td><td>No</td></tr><tr id=Destination-port><td><code>port</code></td><td><code><a href=#PortSelector>PortSelector</a></code></td><td><p>Specifies the port on the host that is being addressed. If a service
|
||
exposes only a single port it is not required to explicitly select the
|
||
port.</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPRoute>HTTPRoute</h2><section><p>Describes match conditions and actions for routing HTTP/1.1, HTTP2, and
|
||
gRPC traffic. See VirtualService for usage examples.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPRoute-name><td><code>name</code></td><td><code>string</code></td><td><p>The name assigned to the route for debugging purposes. The
|
||
route’s name will be concatenated with the match’s name and will
|
||
be logged in the access logs for requests matching this
|
||
route/match.</p></td><td>No</td></tr><tr id=HTTPRoute-match><td><code>match</code></td><td><code><a href=#HTTPMatchRequest>HTTPMatchRequest[]</a></code></td><td><p>Match conditions to be satisfied for the rule to be
|
||
activated. All conditions inside a single match block have AND
|
||
semantics, while the list of match blocks have OR semantics. The rule
|
||
is matched if any one of the match blocks succeed.</p></td><td>No</td></tr><tr id=HTTPRoute-route><td><code>route</code></td><td><code><a href=#HTTPRouteDestination>HTTPRouteDestination[]</a></code></td><td><p>A HTTP rule can either redirect or forward (default) traffic. The
|
||
forwarding target can be one of several versions of a service (see
|
||
glossary in beginning of document). Weights associated with the
|
||
service version determine the proportion of traffic it receives.</p></td><td>No</td></tr><tr id=HTTPRoute-redirect><td><code>redirect</code></td><td><code><a href=#HTTPRedirect>HTTPRedirect</a></code></td><td><p>A HTTP rule can either redirect or forward (default) traffic. If
|
||
traffic passthrough option is specified in the rule,
|
||
route/redirect will be ignored. The redirect primitive can be used to
|
||
send a HTTP 301 redirect to a different URI or Authority.</p></td><td>No</td></tr><tr id=HTTPRoute-delegate><td><code>delegate</code></td><td><code><a href=#Delegate>Delegate</a></code></td><td><p>Delegate is used to specify the particular VirtualService which
|
||
can be used to define delegate HTTPRoute.
|
||
It can be set only when <code>Route</code> and <code>Redirect</code> are empty, and the route rules of the
|
||
delegate VirtualService will be merged with that in the current one.
|
||
<strong>NOTE</strong>:
|
||
1. Only one level delegation is supported.
|
||
2. The delegate’s HTTPMatchRequest must be a strict subset of the root’s,
|
||
otherwise there is a conflict and the HTTPRoute will not take effect.</p></td><td>No</td></tr><tr id=HTTPRoute-rewrite><td><code>rewrite</code></td><td><code><a href=#HTTPRewrite>HTTPRewrite</a></code></td><td><p>Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with
|
||
Redirect primitive. Rewrite will be performed before forwarding.</p></td><td>No</td></tr><tr id=HTTPRoute-timeout><td><code>timeout</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>Duration</a></code></td><td><p>Timeout for HTTP requests, default is disabled.</p></td><td>No</td></tr><tr id=HTTPRoute-retries><td><code>retries</code></td><td><code><a href=#HTTPRetry>HTTPRetry</a></code></td><td><p>Retry policy for HTTP requests.</p></td><td>No</td></tr><tr id=HTTPRoute-fault><td><code>fault</code></td><td><code><a href=#HTTPFaultInjection>HTTPFaultInjection</a></code></td><td><p>Fault injection policy to apply on HTTP traffic at the client side.
|
||
Note that timeouts or retries will not be enabled when faults are
|
||
enabled on the client side.</p></td><td>No</td></tr><tr id=HTTPRoute-mirror><td><code>mirror</code></td><td><code><a href=#Destination>Destination</a></code></td><td><p>Mirror HTTP traffic to a another destination in addition to forwarding
|
||
the requests to the intended destination. Mirrored traffic is on a
|
||
best effort basis where the sidecar/gateway will not wait for the
|
||
mirrored cluster to respond before returning the response from the
|
||
original destination. Statistics will be generated for the mirrored
|
||
destination.</p></td><td>No</td></tr><tr id=HTTPRoute-mirror_percentage><td><code>mirrorPercentage</code></td><td><code><a href=#Percent>Percent</a></code></td><td><p>Percentage of the traffic to be mirrored by the <code>mirror</code> field.
|
||
If this field is absent, all the traffic (100%) will be mirrored.
|
||
Max value is 100.</p></td><td>No</td></tr><tr id=HTTPRoute-cors_policy><td><code>corsPolicy</code></td><td><code><a href=#CorsPolicy>CorsPolicy</a></code></td><td><p>Cross-Origin Resource Sharing policy (CORS). Refer to
|
||
<a href=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>CORS</a>
|
||
for further details about cross origin resource sharing.</p></td><td>No</td></tr><tr id=HTTPRoute-headers><td><code>headers</code></td><td><code><a href=#Headers>Headers</a></code></td><td><p>Header manipulation rules</p></td><td>No</td></tr><tr id=HTTPRoute-mirror_percent class=deprecated><td><code>mirrorPercent</code></td><td><code><a href=#google-protobuf-UInt32Value>UInt32Value</a></code></td><td><p>Percentage of the traffic to be mirrored by the <code>mirror</code> field.
|
||
Use of integer <code>mirror_percent</code> value is deprecated. Use the
|
||
double <code>mirror_percentage</code> field instead</p></td><td>No</td></tr></tbody></table></section><h2 id=Delegate>Delegate</h2><section><p>Describes the delegate VirtualService.
|
||
The following routing rules forward the traffic to <code>/productpage</code> by a delegate VirtualService named <code>productpage</code>,
|
||
forward the traffic to <code>/reviews</code> by a delegate VirtualService named <code>reviews</code>.</p><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: bookinfo
|
||
spec:
|
||
hosts:
|
||
- "bookinfo.com"
|
||
gateways:
|
||
- mygateway
|
||
http:
|
||
- match:
|
||
- uri:
|
||
prefix: "/productpage"
|
||
delegate:
|
||
name: productpage
|
||
namespace: nsA
|
||
- match:
|
||
- uri:
|
||
prefix: "/reviews"
|
||
delegate:
|
||
name: reviews
|
||
namespace: nsB
|
||
</code></pre><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: productpage
|
||
namespace: nsA
|
||
spec:
|
||
http:
|
||
- match:
|
||
- uri:
|
||
prefix: "/productpage/v1/"
|
||
route:
|
||
- destination:
|
||
host: productpage-v1.nsA.svc.cluster.local
|
||
- route:
|
||
- destination:
|
||
host: productpage.nsA.svc.cluster.local
|
||
</code></pre><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews
|
||
namespace: nsB
|
||
spec:
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: reviews.nsB.svc.cluster.local
|
||
</code></pre><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Delegate-name><td><code>name</code></td><td><code>string</code></td><td><p>Name specifies the name of the delegate VirtualService.</p></td><td>No</td></tr><tr id=Delegate-namespace><td><code>namespace</code></td><td><code>string</code></td><td><p>Namespace specifies the namespace where the delegate VirtualService resides.
|
||
By default, it is same to the root’s.</p></td><td>No</td></tr></tbody></table></section><h2 id=Headers>Headers</h2><section><p>Message headers can be manipulated when Envoy forwards requests to,
|
||
or responses from, a destination service. Header manipulation rules can
|
||
be specified for a specific route destination or for all destinations.
|
||
The following VirtualService adds a <code>test</code> header with the value <code>true</code>
|
||
to requests that are routed to any <code>reviews</code> service destination.
|
||
It also removes the <code>foo</code> response header, but only from responses
|
||
coming from the <code>v1</code> subset (version) of the <code>reviews</code> service.</p><div id=tabset-docs-reference-config-networking-virtual-service-7 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-7-0-panel id=tabset-docs-reference-config-networking-virtual-service-7-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-7-1-panel id=tabset-docs-reference-config-networking-virtual-service-7-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-7-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-7-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- headers:
|
||
request:
|
||
set:
|
||
test: true
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v2
|
||
weight: 25
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
headers:
|
||
response:
|
||
remove:
|
||
- foo
|
||
weight: 75
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-7-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-7-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- headers:
|
||
request:
|
||
set:
|
||
test: true
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v2
|
||
weight: 25
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
headers:
|
||
response:
|
||
remove:
|
||
- foo
|
||
weight: 75
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Headers-request><td><code>request</code></td><td><code><a href=#Headers-HeaderOperations>HeaderOperations</a></code></td><td><p>Header manipulation rules to apply before forwarding a request
|
||
to the destination service</p></td><td>No</td></tr><tr id=Headers-response><td><code>response</code></td><td><code><a href=#Headers-HeaderOperations>HeaderOperations</a></code></td><td><p>Header manipulation rules to apply before returning a response
|
||
to the caller</p></td><td>No</td></tr></tbody></table></section><h2 id=TLSRoute>TLSRoute</h2><section><p>Describes match conditions and actions for routing unterminated TLS
|
||
traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS
|
||
traffic arriving at port 443 of gateway called “mygateway” to internal
|
||
services in the mesh based on the SNI value.</p><div id=tabset-docs-reference-config-networking-virtual-service-8 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-8-0-panel id=tabset-docs-reference-config-networking-virtual-service-8-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-8-1-panel id=tabset-docs-reference-config-networking-virtual-service-8-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-8-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-8-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: bookinfo-sni
|
||
spec:
|
||
hosts:
|
||
- "*.bookinfo.com"
|
||
gateways:
|
||
- mygateway
|
||
tls:
|
||
- match:
|
||
- port: 443
|
||
sniHosts:
|
||
- login.bookinfo.com
|
||
route:
|
||
- destination:
|
||
host: login.prod.svc.cluster.local
|
||
- match:
|
||
- port: 443
|
||
sniHosts:
|
||
- reviews.bookinfo.com
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-8-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-8-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: bookinfo-sni
|
||
spec:
|
||
hosts:
|
||
- "*.bookinfo.com"
|
||
gateways:
|
||
- mygateway
|
||
tls:
|
||
- match:
|
||
- port: 443
|
||
sniHosts:
|
||
- login.bookinfo.com
|
||
route:
|
||
- destination:
|
||
host: login.prod.svc.cluster.local
|
||
- match:
|
||
- port: 443
|
||
sniHosts:
|
||
- reviews.bookinfo.com
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=TLSRoute-match><td><code>match</code></td><td><code><a href=#TLSMatchAttributes>TLSMatchAttributes[]</a></code></td><td><p>Match conditions to be satisfied for the rule to be
|
||
activated. All conditions inside a single match block have AND
|
||
semantics, while the list of match blocks have OR semantics. The rule
|
||
is matched if any one of the match blocks succeed.</p></td><td>Yes</td></tr><tr id=TLSRoute-route><td><code>route</code></td><td><code><a href=#RouteDestination>RouteDestination[]</a></code></td><td><p>The destination to which the connection should be forwarded to.</p></td><td>No</td></tr></tbody></table></section><h2 id=TCPRoute>TCPRoute</h2><section><p>Describes match conditions and actions for routing TCP traffic. The
|
||
following routing rule forwards traffic arriving at port 27017 for
|
||
mongo.prod.svc.cluster.local to another Mongo server on port 5555.</p><div id=tabset-docs-reference-config-networking-virtual-service-9 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-9-0-panel id=tabset-docs-reference-config-networking-virtual-service-9-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-9-1-panel id=tabset-docs-reference-config-networking-virtual-service-9-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-9-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-9-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: bookinfo-mongo
|
||
spec:
|
||
hosts:
|
||
- mongo.prod.svc.cluster.local
|
||
tcp:
|
||
- match:
|
||
- port: 27017
|
||
route:
|
||
- destination:
|
||
host: mongo.backup.svc.cluster.local
|
||
port:
|
||
number: 5555
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-9-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-9-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: bookinfo-mongo
|
||
spec:
|
||
hosts:
|
||
- mongo.prod.svc.cluster.local
|
||
tcp:
|
||
- match:
|
||
- port: 27017
|
||
route:
|
||
- destination:
|
||
host: mongo.backup.svc.cluster.local
|
||
port:
|
||
number: 5555
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=TCPRoute-match><td><code>match</code></td><td><code><a href=#L4MatchAttributes>L4MatchAttributes[]</a></code></td><td><p>Match conditions to be satisfied for the rule to be
|
||
activated. All conditions inside a single match block have AND
|
||
semantics, while the list of match blocks have OR semantics. The rule
|
||
is matched if any one of the match blocks succeed.</p></td><td>No</td></tr><tr id=TCPRoute-route><td><code>route</code></td><td><code><a href=#RouteDestination>RouteDestination[]</a></code></td><td><p>The destination to which the connection should be forwarded to.</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPMatchRequest>HTTPMatchRequest</h2><section><p>HttpMatchRequest specifies a set of criterion to be met in order for the
|
||
rule to be applied to the HTTP request. For example, the following
|
||
restricts the rule to match only requests where the URL path
|
||
starts with /ratings/v2/ and the request contains a custom <code>end-user</code> header
|
||
with value <code>jason</code>.</p><div id=tabset-docs-reference-config-networking-virtual-service-10 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-10-0-panel id=tabset-docs-reference-config-networking-virtual-service-10-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-10-1-panel id=tabset-docs-reference-config-networking-virtual-service-10-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-10-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-10-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- headers:
|
||
end-user:
|
||
exact: jason
|
||
uri:
|
||
prefix: "/ratings/v2/"
|
||
ignoreUriCase: true
|
||
route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-10-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-10-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- headers:
|
||
end-user:
|
||
exact: jason
|
||
uri:
|
||
prefix: "/ratings/v2/"
|
||
ignoreUriCase: true
|
||
route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
</code></pre></div></div></div><p>HTTPMatchRequest CANNOT be empty.
|
||
<strong>Note:</strong> No regex string match can be set when delegate VirtualService is specified.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPMatchRequest-name><td><code>name</code></td><td><code>string</code></td><td><p>The name assigned to a match. The match’s name will be
|
||
concatenated with the parent route’s name and will be logged in
|
||
the access logs for requests matching this route.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-uri><td><code>uri</code></td><td><code><a href=#StringMatch>StringMatch</a></code></td><td><p>URI to match
|
||
values are case-sensitive and formatted as follows:</p><ul><li><p><code>exact: "value"</code> for exact string match</p></li><li><p><code>prefix: "value"</code> for prefix-based match</p></li><li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li></ul><p><strong>Note:</strong> Case-insensitive matching could be enabled via the
|
||
<code>ignore_uri_case</code> flag.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-scheme><td><code>scheme</code></td><td><code><a href=#StringMatch>StringMatch</a></code></td><td><p>URI Scheme
|
||
values are case-sensitive and formatted as follows:</p><ul><li><p><code>exact: "value"</code> for exact string match</p></li><li><p><code>prefix: "value"</code> for prefix-based match</p></li><li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li></ul></td><td>No</td></tr><tr id=HTTPMatchRequest-method><td><code>method</code></td><td><code><a href=#StringMatch>StringMatch</a></code></td><td><p>HTTP Method
|
||
values are case-sensitive and formatted as follows:</p><ul><li><p><code>exact: "value"</code> for exact string match</p></li><li><p><code>prefix: "value"</code> for prefix-based match</p></li><li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li></ul></td><td>No</td></tr><tr id=HTTPMatchRequest-authority><td><code>authority</code></td><td><code><a href=#StringMatch>StringMatch</a></code></td><td><p>HTTP Authority
|
||
values are case-sensitive and formatted as follows:</p><ul><li><p><code>exact: "value"</code> for exact string match</p></li><li><p><code>prefix: "value"</code> for prefix-based match</p></li><li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li></ul></td><td>No</td></tr><tr id=HTTPMatchRequest-headers><td><code>headers</code></td><td><code>map<string, <a href=#StringMatch>StringMatch</a>></code></td><td><p>The header keys must be lowercase and use hyphen as the separator,
|
||
e.g. <em>x-request-id</em>.</p><p>Header values are case-sensitive and formatted as follows:</p><ul><li><p><code>exact: "value"</code> for exact string match</p></li><li><p><code>prefix: "value"</code> for prefix-based match</p></li><li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li></ul><p>If the value is empty and only the name of header is specfied, presence of the header is checked.
|
||
<strong>Note:</strong> The keys <code>uri</code>, <code>scheme</code>, <code>method</code>, and <code>authority</code> will be ignored.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-port><td><code>port</code></td><td><code>uint32</code></td><td><p>Specifies the ports on the host that is being addressed. Many services
|
||
only expose a single port or label ports with the protocols they support,
|
||
in these cases it is not required to explicitly select the port.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-source_labels><td><code>sourceLabels</code></td><td><code>map<string, string></code></td><td><p>One or more labels that constrain the applicability of a rule to
|
||
workloads with the given labels. If the VirtualService has a list of
|
||
gateways specified in the top-level <code>gateways</code> field, it must include the reserved gateway
|
||
<code>mesh</code> for this field to be applicable.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-gateways><td><code>gateways</code></td><td><code>string[]</code></td><td><p>Names of gateways where the rule should be applied. Gateway names
|
||
in the top-level <code>gateways</code> field of the VirtualService (if any) are overridden. The gateway
|
||
match is independent of sourceLabels.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-query_params><td><code>queryParams</code></td><td><code>map<string, <a href=#StringMatch>StringMatch</a>></code></td><td><p>Query parameters for matching.</p><p>Ex:
|
||
- For a query parameter like “?key=true”, the map key would be “key” and
|
||
the string match could be defined as <code>exact: "true"</code>.
|
||
- For a query parameter like “?key”, the map key would be “key” and the
|
||
string match could be defined as <code>exact: ""</code>.
|
||
- For a query parameter like “?key=123”, the map key would be “key” and the
|
||
string match could be defined as <code>regex: "\d+$"</code>. Note that this
|
||
configuration will only match values like “123” but not “a123” or “123a”.</p><p><strong>Note:</strong> <code>prefix</code> matching is currently not supported.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-ignore_uri_case><td><code>ignoreUriCase</code></td><td><code>bool</code></td><td><p>Flag to specify whether the URI matching should be case-insensitive.</p><p><strong>Note:</strong> The case will be ignored only in the case of <code>exact</code> and <code>prefix</code>
|
||
URI matches.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-without_headers><td><code>withoutHeaders</code></td><td><code>map<string, <a href=#StringMatch>StringMatch</a>></code></td><td><p>withoutHeader has the same syntax with the header, but has opposite meaning.
|
||
If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one.</p></td><td>No</td></tr><tr id=HTTPMatchRequest-source_namespace><td><code>sourceNamespace</code></td><td><code>string</code></td><td><p>Source namespace constraining the applicability of a rule to workloads in that namespace.
|
||
If the VirtualService has a list of gateways specified in the top-level <code>gateways</code> field,
|
||
it must include the reserved gateway <code>mesh</code> for this field to be applicable.</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPRouteDestination>HTTPRouteDestination</h2><section><p>Each routing rule is associated with one or more service versions (see
|
||
glossary in beginning of document). Weights associated with the version
|
||
determine the proportion of traffic it receives. For example, the
|
||
following rule will route 25% of traffic for the “reviews” service to
|
||
instances with the “v2” tag and the remaining traffic (i.e., 75%) to
|
||
“v1”.</p><div id=tabset-docs-reference-config-networking-virtual-service-11 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-11-0-panel id=tabset-docs-reference-config-networking-virtual-service-11-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-11-1-panel id=tabset-docs-reference-config-networking-virtual-service-11-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-11-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-11-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v2
|
||
weight: 25
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
weight: 75
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-11-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-11-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v2
|
||
weight: 25
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
weight: 75
|
||
</code></pre></div></div></div><p>And the associated DestinationRule</p><div id=tabset-docs-reference-config-networking-virtual-service-12 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-12-0-panel id=tabset-docs-reference-config-networking-virtual-service-12-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-12-1-panel id=tabset-docs-reference-config-networking-virtual-service-12-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-12-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-12-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: reviews-destination
|
||
spec:
|
||
host: reviews.prod.svc.cluster.local
|
||
subsets:
|
||
- name: v1
|
||
labels:
|
||
version: v1
|
||
- name: v2
|
||
labels:
|
||
version: v2
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-12-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-12-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: reviews-destination
|
||
spec:
|
||
host: reviews.prod.svc.cluster.local
|
||
subsets:
|
||
- name: v1
|
||
labels:
|
||
version: v1
|
||
- name: v2
|
||
labels:
|
||
version: v2
|
||
</code></pre></div></div></div><p>Traffic can also be split across two entirely different services without
|
||
having to define new subsets. For example, the following rule forwards 25% of
|
||
traffic to reviews.com to dev.reviews.com</p><div id=tabset-docs-reference-config-networking-virtual-service-13 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-13-0-panel id=tabset-docs-reference-config-networking-virtual-service-13-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-13-1-panel id=tabset-docs-reference-config-networking-virtual-service-13-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-13-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-13-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route-two-domains
|
||
spec:
|
||
hosts:
|
||
- reviews.com
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: dev.reviews.com
|
||
weight: 25
|
||
- destination:
|
||
host: reviews.com
|
||
weight: 75
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-13-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-13-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route-two-domains
|
||
spec:
|
||
hosts:
|
||
- reviews.com
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: dev.reviews.com
|
||
weight: 25
|
||
- destination:
|
||
host: reviews.com
|
||
weight: 75
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPRouteDestination-destination><td><code>destination</code></td><td><code><a href=#Destination>Destination</a></code></td><td><p>Destination uniquely identifies the instances of a service
|
||
to which the request/connection should be forwarded to.</p></td><td>Yes</td></tr><tr id=HTTPRouteDestination-weight><td><code>weight</code></td><td><code>int32</code></td><td><p>The proportion of traffic to be forwarded to the service
|
||
version. (0-100). Sum of weights across destinations SHOULD BE == 100.
|
||
If there is only one destination in a rule, the weight value is assumed to
|
||
be 100.</p></td><td>No</td></tr><tr id=HTTPRouteDestination-headers><td><code>headers</code></td><td><code><a href=#Headers>Headers</a></code></td><td><p>Header manipulation rules</p></td><td>No</td></tr></tbody></table></section><h2 id=RouteDestination>RouteDestination</h2><section><p>L4 routing rule weighted destination.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=RouteDestination-destination><td><code>destination</code></td><td><code><a href=#Destination>Destination</a></code></td><td><p>Destination uniquely identifies the instances of a service
|
||
to which the request/connection should be forwarded to.</p></td><td>Yes</td></tr><tr id=RouteDestination-weight><td><code>weight</code></td><td><code>int32</code></td><td><p>The proportion of traffic to be forwarded to the service
|
||
version. If there is only one destination in a rule, all traffic will be
|
||
routed to it irrespective of the weight.</p></td><td>No</td></tr></tbody></table></section><h2 id=L4MatchAttributes>L4MatchAttributes</h2><section><p>L4 connection match attributes. Note that L4 connection matching support
|
||
is incomplete.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=L4MatchAttributes-destination_subnets><td><code>destinationSubnets</code></td><td><code>string[]</code></td><td><p>IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
|
||
a.b.c.d/xx form or just a.b.c.d.</p></td><td>No</td></tr><tr id=L4MatchAttributes-port><td><code>port</code></td><td><code>uint32</code></td><td><p>Specifies the port on the host that is being addressed. Many services
|
||
only expose a single port or label ports with the protocols they support,
|
||
in these cases it is not required to explicitly select the port.</p></td><td>No</td></tr><tr id=L4MatchAttributes-source_labels><td><code>sourceLabels</code></td><td><code>map<string, string></code></td><td><p>One or more labels that constrain the applicability of a rule to
|
||
workloads with the given labels. If the VirtualService has a list of
|
||
gateways specified in the top-level <code>gateways</code> field, it should include the reserved gateway
|
||
<code>mesh</code> in order for this field to be applicable.</p></td><td>No</td></tr><tr id=L4MatchAttributes-gateways><td><code>gateways</code></td><td><code>string[]</code></td><td><p>Names of gateways where the rule should be applied. Gateway names
|
||
in the top-level <code>gateways</code> field of the VirtualService (if any) are overridden. The gateway
|
||
match is independent of sourceLabels.</p></td><td>No</td></tr><tr id=L4MatchAttributes-source_namespace><td><code>sourceNamespace</code></td><td><code>string</code></td><td><p>Source namespace constraining the applicability of a rule to workloads in that namespace.
|
||
If the VirtualService has a list of gateways specified in the top-level <code>gateways</code> field,
|
||
it must include the reserved gateway <code>mesh</code> for this field to be applicable.</p></td><td>No</td></tr></tbody></table></section><h2 id=TLSMatchAttributes>TLSMatchAttributes</h2><section><p>TLS connection match attributes.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=TLSMatchAttributes-sni_hosts><td><code>sniHosts</code></td><td><code>string[]</code></td><td><p>SNI (server name indicator) to match on. Wildcard prefixes
|
||
can be used in the SNI value, e.g., *.com will match foo.example.com
|
||
as well as example.com. An SNI value must be a subset (i.e., fall
|
||
within the domain) of the corresponding virtual serivce’s hosts.</p></td><td>Yes</td></tr><tr id=TLSMatchAttributes-destination_subnets><td><code>destinationSubnets</code></td><td><code>string[]</code></td><td><p>IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
|
||
a.b.c.d/xx form or just a.b.c.d.</p></td><td>No</td></tr><tr id=TLSMatchAttributes-port><td><code>port</code></td><td><code>uint32</code></td><td><p>Specifies the port on the host that is being addressed. Many services
|
||
only expose a single port or label ports with the protocols they
|
||
support, in these cases it is not required to explicitly select the
|
||
port.</p></td><td>No</td></tr><tr id=TLSMatchAttributes-source_labels><td><code>sourceLabels</code></td><td><code>map<string, string></code></td><td><p>One or more labels that constrain the applicability of a rule to
|
||
workloads with the given labels. If the VirtualService has a list of
|
||
gateways specified in the top-level <code>gateways</code> field, it should include the reserved gateway
|
||
<code>mesh</code> in order for this field to be applicable.</p></td><td>No</td></tr><tr id=TLSMatchAttributes-gateways><td><code>gateways</code></td><td><code>string[]</code></td><td><p>Names of gateways where the rule should be applied. Gateway names
|
||
in the top-level <code>gateways</code> field of the VirtualService (if any) are overridden. The gateway
|
||
match is independent of sourceLabels.</p></td><td>No</td></tr><tr id=TLSMatchAttributes-source_namespace><td><code>sourceNamespace</code></td><td><code>string</code></td><td><p>Source namespace constraining the applicability of a rule to workloads in that namespace.
|
||
If the VirtualService has a list of gateways specified in the top-level <code>gateways</code> field,
|
||
it must include the reserved gateway <code>mesh</code> for this field to be applicable.</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPRedirect>HTTPRedirect</h2><section><p>HTTPRedirect can be used to send a 301 redirect response to the caller,
|
||
where the Authority/Host and the URI in the response can be swapped with
|
||
the specified values. For example, the following rule redirects
|
||
requests for /v1/getProductRatings API on the ratings service to
|
||
/v1/bookRatings provided by the bookratings service.</p><div id=tabset-docs-reference-config-networking-virtual-service-14 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-14-0-panel id=tabset-docs-reference-config-networking-virtual-service-14-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-14-1-panel id=tabset-docs-reference-config-networking-virtual-service-14-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-14-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-14-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- uri:
|
||
exact: /v1/getProductRatings
|
||
redirect:
|
||
uri: /v1/bookRatings
|
||
authority: newratings.default.svc.cluster.local
|
||
...
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-14-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-14-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- uri:
|
||
exact: /v1/getProductRatings
|
||
redirect:
|
||
uri: /v1/bookRatings
|
||
authority: newratings.default.svc.cluster.local
|
||
...
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPRedirect-uri><td><code>uri</code></td><td><code>string</code></td><td><p>On a redirect, overwrite the Path portion of the URL with this
|
||
value. Note that the entire path will be replaced, irrespective of the
|
||
request URI being matched as an exact path or prefix.</p></td><td>No</td></tr><tr id=HTTPRedirect-authority><td><code>authority</code></td><td><code>string</code></td><td><p>On a redirect, overwrite the Authority/Host portion of the URL with
|
||
this value.</p></td><td>No</td></tr><tr id=HTTPRedirect-redirect_code><td><code>redirectCode</code></td><td><code>uint32</code></td><td><p>On a redirect, Specifies the HTTP status code to use in the redirect
|
||
response. The default response code is MOVED_PERMANENTLY (301).</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPRewrite>HTTPRewrite</h2><section><p>HTTPRewrite can be used to rewrite specific parts of a HTTP request
|
||
before forwarding the request to the destination. Rewrite primitive can
|
||
be used only with HTTPRouteDestination. The following example
|
||
demonstrates how to rewrite the URL prefix for api call (/ratings) to
|
||
ratings service before making the actual API call.</p><div id=tabset-docs-reference-config-networking-virtual-service-15 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-15-0-panel id=tabset-docs-reference-config-networking-virtual-service-15-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-15-1-panel id=tabset-docs-reference-config-networking-virtual-service-15-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-15-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-15-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- uri:
|
||
prefix: /ratings
|
||
rewrite:
|
||
uri: /v1/bookRatings
|
||
route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-15-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-15-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- uri:
|
||
prefix: /ratings
|
||
rewrite:
|
||
uri: /v1/bookRatings
|
||
route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPRewrite-uri><td><code>uri</code></td><td><code>string</code></td><td><p>rewrite the path (or the prefix) portion of the URI with this
|
||
value. If the original URI was matched based on prefix, the value
|
||
provided in this field will replace the corresponding matched prefix.</p></td><td>No</td></tr><tr id=HTTPRewrite-authority><td><code>authority</code></td><td><code>string</code></td><td><p>rewrite the Authority/Host header with this value.</p></td><td>No</td></tr></tbody></table></section><h2 id=StringMatch>StringMatch</h2><section><p>Describes how to match a given string in HTTP headers. Match is
|
||
case-sensitive.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=StringMatch-exact class="oneof oneof-start"><td><code>exact</code></td><td><code>string (oneof)</code></td><td><p>exact string match</p></td><td>No</td></tr><tr id=StringMatch-prefix class=oneof><td><code>prefix</code></td><td><code>string (oneof)</code></td><td><p>prefix-based match</p></td><td>No</td></tr><tr id=StringMatch-regex class=oneof><td><code>regex</code></td><td><code>string (oneof)</code></td><td><p>RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPRetry>HTTPRetry</h2><section><p>Describes the retry policy to use when a HTTP request fails. For
|
||
example, the following rule sets the maximum number of retries to 3 when
|
||
calling ratings:v1 service, with a 2s timeout per retry attempt.</p><div id=tabset-docs-reference-config-networking-virtual-service-16 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-16-0-panel id=tabset-docs-reference-config-networking-virtual-service-16-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-16-1-panel id=tabset-docs-reference-config-networking-virtual-service-16-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-16-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-16-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
retries:
|
||
attempts: 3
|
||
perTryTimeout: 2s
|
||
retryOn: gateway-error,connect-failure,refused-stream
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-16-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-16-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
retries:
|
||
attempts: 3
|
||
perTryTimeout: 2s
|
||
retryOn: gateway-error,connect-failure,refused-stream
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPRetry-attempts><td><code>attempts</code></td><td><code>int32</code></td><td><p>Number of retries to be allowed for a given request. The interval
|
||
between retries will be determined automatically (25ms+). When request
|
||
<code>timeout</code> of the <a href=/v1.8/docs/reference/config/networking/virtual-service/#HTTPRoute>HTTP route</a>
|
||
or <code>per_try_timeout</code> is configured, the actual number of retries attempted also depends on
|
||
the specified request <code>timeout</code> and <code>per_try_timeout</code> values.</p></td><td>Yes</td></tr><tr id=HTTPRetry-per_try_timeout><td><code>perTryTimeout</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>Duration</a></code></td><td><p>Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.
|
||
Default is same value as request
|
||
<code>timeout</code> of the <a href=/v1.8/docs/reference/config/networking/virtual-service/#HTTPRoute>HTTP route</a>,
|
||
which means no timeout.</p></td><td>No</td></tr><tr id=HTTPRetry-retry_on><td><code>retryOn</code></td><td><code>string</code></td><td><p>Specifies the conditions under which retry takes place.
|
||
One or more policies can be specified using a ‘,’ delimited list.
|
||
See the <a href=https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on>retry policies</a>
|
||
and <a href=https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on>gRPC retry policies</a> for more details.</p></td><td>No</td></tr><tr id=HTTPRetry-retry_remote_localities><td><code>retryRemoteLocalities</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>BoolValue</a></code></td><td><p>Flag to specify whether the retries should retry to other localities.
|
||
See the <a href=https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration>retry plugin configuration</a> for more details.</p></td><td>No</td></tr></tbody></table></section><h2 id=CorsPolicy>CorsPolicy</h2><section><p>Describes the Cross-Origin Resource Sharing (CORS) policy, for a given
|
||
service. Refer to <a href=https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS>CORS</a>
|
||
for further details about cross origin resource sharing. For example,
|
||
the following rule restricts cross origin requests to those originating
|
||
from example.com domain using HTTP POST/GET, and sets the
|
||
<code>Access-Control-Allow-Credentials</code> header to false. In addition, it only
|
||
exposes <code>X-Foo-bar</code> header and sets an expiry period of 1 day.</p><div id=tabset-docs-reference-config-networking-virtual-service-17 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-17-0-panel id=tabset-docs-reference-config-networking-virtual-service-17-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-17-1-panel id=tabset-docs-reference-config-networking-virtual-service-17-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-17-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-17-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
corsPolicy:
|
||
allowOrigins:
|
||
- exact: https://example.com
|
||
allowMethods:
|
||
- POST
|
||
- GET
|
||
allowCredentials: false
|
||
allowHeaders:
|
||
- X-Foo-Bar
|
||
maxAge: "24h"
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-17-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-17-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
corsPolicy:
|
||
allowOrigins:
|
||
- exact: https://example.com
|
||
allowMethods:
|
||
- POST
|
||
- GET
|
||
allowCredentials: false
|
||
allowHeaders:
|
||
- X-Foo-Bar
|
||
maxAge: "24h"
|
||
</code></pre></div></div></div><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=CorsPolicy-allow_origins><td><code>allowOrigins</code></td><td><code><a href=#StringMatch>StringMatch[]</a></code></td><td><p>String patterns that match allowed origins.
|
||
An origin is allowed if any of the string matchers match.
|
||
If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client.</p></td><td>No</td></tr><tr id=CorsPolicy-allow_methods><td><code>allowMethods</code></td><td><code>string[]</code></td><td><p>List of HTTP methods allowed to access the resource. The content will
|
||
be serialized into the Access-Control-Allow-Methods header.</p></td><td>No</td></tr><tr id=CorsPolicy-allow_headers><td><code>allowHeaders</code></td><td><code>string[]</code></td><td><p>List of HTTP headers that can be used when requesting the
|
||
resource. Serialized to Access-Control-Allow-Headers header.</p></td><td>No</td></tr><tr id=CorsPolicy-expose_headers><td><code>exposeHeaders</code></td><td><code>string[]</code></td><td><p>A list of HTTP headers that the browsers are allowed to
|
||
access. Serialized into Access-Control-Expose-Headers header.</p></td><td>No</td></tr><tr id=CorsPolicy-max_age><td><code>maxAge</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>Duration</a></code></td><td><p>Specifies how long the results of a preflight request can be
|
||
cached. Translates to the <code>Access-Control-Max-Age</code> header.</p></td><td>No</td></tr><tr id=CorsPolicy-allow_credentials><td><code>allowCredentials</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue>BoolValue</a></code></td><td><p>Indicates whether the caller is allowed to send the actual request
|
||
(not the preflight) using credentials. Translates to
|
||
<code>Access-Control-Allow-Credentials</code> header.</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPFaultInjection>HTTPFaultInjection</h2><section><p>HTTPFaultInjection can be used to specify one or more faults to inject
|
||
while forwarding HTTP requests to the destination specified in a route.
|
||
Fault specification is part of a VirtualService rule. Faults include
|
||
aborting the Http request from downstream service, and/or delaying
|
||
proxying of requests. A fault rule MUST HAVE delay or abort or both.</p><p><em>Note:</em> Delay and abort faults are independent of one another, even if
|
||
both are specified simultaneously.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPFaultInjection-delay><td><code>delay</code></td><td><code><a href=#HTTPFaultInjection-Delay>Delay</a></code></td><td><p>Delay requests before forwarding, emulating various failures such as
|
||
network issues, overloaded upstream service, etc.</p></td><td>No</td></tr><tr id=HTTPFaultInjection-abort><td><code>abort</code></td><td><code><a href=#HTTPFaultInjection-Abort>Abort</a></code></td><td><p>Abort Http request attempts and return error codes back to downstream
|
||
service, giving the impression that the upstream service is faulty.</p></td><td>No</td></tr></tbody></table></section><h2 id=PortSelector>PortSelector</h2><section><p>PortSelector specifies the number of a port to be used for
|
||
matching or selection for final routing.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=PortSelector-number><td><code>number</code></td><td><code>uint32</code></td><td><p>Valid port number</p></td><td>No</td></tr></tbody></table></section><h2 id=Percent>Percent</h2><section><p>Percent specifies a percentage in the range of [0.0, 100.0].</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Percent-value><td><code>value</code></td><td><code>double</code></td><td></td><td>No</td></tr></tbody></table></section><h2 id=Headers-HeaderOperations>Headers.HeaderOperations</h2><section><p>HeaderOperations Describes the header manipulations to apply</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Headers-HeaderOperations-set><td><code>set</code></td><td><code>map<string, string></code></td><td><p>Overwrite the headers specified by key with the given values</p></td><td>No</td></tr><tr id=Headers-HeaderOperations-add><td><code>add</code></td><td><code>map<string, string></code></td><td><p>Append the given values to the headers specified by keys
|
||
(will create a comma-separated list of values)</p></td><td>No</td></tr><tr id=Headers-HeaderOperations-remove><td><code>remove</code></td><td><code>string[]</code></td><td><p>Remove a the specified headers</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPFaultInjection-Delay>HTTPFaultInjection.Delay</h2><section><p>Delay specification is used to inject latency into the request
|
||
forwarding path. The following example will introduce a 5 second delay
|
||
in 1 out of every 1000 requests to the “v1” version of the “reviews”
|
||
service from all pods with label env: prod</p><div id=tabset-docs-reference-config-networking-virtual-service-18 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-18-0-panel id=tabset-docs-reference-config-networking-virtual-service-18-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-18-1-panel id=tabset-docs-reference-config-networking-virtual-service-18-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-18-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-18-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- sourceLabels:
|
||
env: prod
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
fault:
|
||
delay:
|
||
percentage:
|
||
value: 0.1
|
||
fixedDelay: 5s
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-18-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-18-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: reviews-route
|
||
spec:
|
||
hosts:
|
||
- reviews.prod.svc.cluster.local
|
||
http:
|
||
- match:
|
||
- sourceLabels:
|
||
env: prod
|
||
route:
|
||
- destination:
|
||
host: reviews.prod.svc.cluster.local
|
||
subset: v1
|
||
fault:
|
||
delay:
|
||
percentage:
|
||
value: 0.1
|
||
fixedDelay: 5s
|
||
</code></pre></div></div></div><p>The <em>fixedDelay</em> field is used to indicate the amount of delay in seconds.
|
||
The optional <em>percentage</em> field can be used to only delay a certain
|
||
percentage of requests. If left unspecified, all request will be delayed.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPFaultInjection-Delay-fixed_delay class="oneof oneof-start"><td><code>fixedDelay</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>Duration (oneof)</a></code></td><td><p>Add a fixed delay before forwarding the request. Format:
|
||
1h/1m/1s/1ms. MUST be >=1ms.</p></td><td>Yes</td></tr><tr id=HTTPFaultInjection-Delay-percentage><td><code>percentage</code></td><td><code><a href=#Percent>Percent</a></code></td><td><p>Percentage of requests on which the delay will be injected.</p></td><td>No</td></tr><tr id=HTTPFaultInjection-Delay-percent class=deprecated><td><code>percent</code></td><td><code>int32</code></td><td><p>Percentage of requests on which the delay will be injected (0-100).
|
||
Use of integer <code>percent</code> value is deprecated. Use the double <code>percentage</code>
|
||
field instead.</p></td><td>No</td></tr></tbody></table></section><h2 id=HTTPFaultInjection-Abort>HTTPFaultInjection.Abort</h2><section><p>Abort specification is used to prematurely abort a request with a
|
||
pre-specified error code. The following example will return an HTTP 400
|
||
error code for 1 out of every 1000 requests to the “ratings” service “v1”.</p><div id=tabset-docs-reference-config-networking-virtual-service-19 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-virtual-service-19-0-panel id=tabset-docs-reference-config-networking-virtual-service-19-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-virtual-service-19-1-panel id=tabset-docs-reference-config-networking-virtual-service-19-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-virtual-service-19-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-19-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
fault:
|
||
abort:
|
||
percentage:
|
||
value: 0.1
|
||
httpStatus: 400
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-virtual-service-19-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-virtual-service-19-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: ratings-route
|
||
spec:
|
||
hosts:
|
||
- ratings.prod.svc.cluster.local
|
||
http:
|
||
- route:
|
||
- destination:
|
||
host: ratings.prod.svc.cluster.local
|
||
subset: v1
|
||
fault:
|
||
abort:
|
||
percentage:
|
||
value: 0.1
|
||
httpStatus: 400
|
||
</code></pre></div></div></div><p>The <em>httpStatus</em> field is used to indicate the HTTP status code to
|
||
return to the caller. The optional <em>percentage</em> field can be used to only
|
||
abort a certain percentage of requests. If not specified, all requests are
|
||
aborted.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=HTTPFaultInjection-Abort-http_status class="oneof oneof-start"><td><code>httpStatus</code></td><td><code>int32 (oneof)</code></td><td><p>HTTP status code to use to abort the Http request.</p></td><td>Yes</td></tr><tr id=HTTPFaultInjection-Abort-percentage><td><code>percentage</code></td><td><code><a href=#Percent>Percent</a></code></td><td><p>Percentage of requests to be aborted with the error code provided.</p></td><td>No</td></tr></tbody></table></section><h2 id=google-protobuf-UInt32Value>google.protobuf.UInt32Value</h2><section><p>Wrapper message for <code>uint32</code>.</p><p>The JSON representation for <code>UInt32Value</code> is JSON number.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=google-protobuf-UInt32Value-value><td><code>value</code></td><td><code>uint32</code></td><td><p>The uint32 value.</p></td><td>No</td></tr></tbody></table></section></article><nav class=pagenav><div class=left><a title="Configuration affecting network reachability of a sidecar." href=/v1.8/docs/reference/config/networking/sidecar/><svg class="icon left-arrow"><use xlink:href="/v1.8/img/icons.svg#left-arrow"/></svg>Sidecar</a></div><div class=right><a title="Configuration affecting VMs onboarded into the mesh." href=/v1.8/docs/reference/config/networking/workload-entry/>Workload Entry<svg class="icon right-arrow"><use xlink:href="/v1.8/img/icons.svg#right-arrow"/></svg></a></div></nav><div id=feedback><div id=feedback-initial>Was this information useful?<br><button class="btn feedback" onclick="sendFeedback('en',1)">Yes</button>
|
||
<button class="btn feedback" onclick="sendFeedback('en',0)">No</button></div><div id=feedback-comment>Do you have any suggestions for improvement?<br><br><input id=feedback-textbox type=text placeholder="Help us improve..." data-lang=en></div><div id=feedback-thankyou>Thanks for your feedback!</div></div><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div><div class=toc-container><nav class=toc aria-label="Table of Contents"><div id=toc><ol><li role=none aria-label=VirtualService><a href=#VirtualService>VirtualService</a><li role=none aria-label=Destination><a href=#Destination>Destination</a><li role=none aria-label=HTTPRoute><a href=#HTTPRoute>HTTPRoute</a><li role=none aria-label=Delegate><a href=#Delegate>Delegate</a><li role=none aria-label=Headers><a href=#Headers>Headers</a><li role=none aria-label=TLSRoute><a href=#TLSRoute>TLSRoute</a><li role=none aria-label=TCPRoute><a href=#TCPRoute>TCPRoute</a><li role=none aria-label=HTTPMatchRequest><a href=#HTTPMatchRequest>HTTPMatchRequest</a><li role=none aria-label=HTTPRouteDestination><a href=#HTTPRouteDestination>HTTPRouteDestination</a><li role=none aria-label=RouteDestination><a href=#RouteDestination>RouteDestination</a><li role=none aria-label=L4MatchAttributes><a href=#L4MatchAttributes>L4MatchAttributes</a><li role=none aria-label=TLSMatchAttributes><a href=#TLSMatchAttributes>TLSMatchAttributes</a><li role=none aria-label=HTTPRedirect><a href=#HTTPRedirect>HTTPRedirect</a><li role=none aria-label=HTTPRewrite><a href=#HTTPRewrite>HTTPRewrite</a><li role=none aria-label=StringMatch><a href=#StringMatch>StringMatch</a><li role=none aria-label=HTTPRetry><a href=#HTTPRetry>HTTPRetry</a><li role=none aria-label=CorsPolicy><a href=#CorsPolicy>CorsPolicy</a><li role=none aria-label=HTTPFaultInjection><a href=#HTTPFaultInjection>HTTPFaultInjection</a><li role=none aria-label=PortSelector><a href=#PortSelector>PortSelector</a><li role=none aria-label=Percent><a href=#Percent>Percent</a><li role=none aria-label=Headers.HeaderOperations><a href=#Headers-HeaderOperations>Headers.HeaderOperations</a><li role=none aria-label=HTTPFaultInjection.Delay><a href=#HTTPFaultInjection-Delay>HTTPFaultInjection.Delay</a><li role=none aria-label=HTTPFaultInjection.Abort><a href=#HTTPFaultInjection-Abort>HTTPFaultInjection.Abort</a><li role=none aria-label=google.protobuf.UInt32Value><a href=#google-protobuf-UInt32Value>google.protobuf.UInt32Value</a></ol></div></nav></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.8.3 now" href=/v1.8/docs/setup/getting-started/#download aria-label="Download Istio"><span>download</span><svg class="icon download"><use xlink:href="/v1.8/img/icons.svg#download"/></svg>
|
||
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon discourse"><use xlink:href="/v1.8/img/icons.svg#discourse"/></svg></a>
|
||
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon stackoverflow"><use xlink:href="/v1.8/img/icons.svg#stackoverflow"/></svg></a>
|
||
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://slack.istio.io aria-label=slack><span>slack</span><svg class="icon slack"><use xlink:href="/v1.8/img/icons.svg#slack"/></svg></a>
|
||
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon twitter"><use xlink:href="/v1.8/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
|
||
1.8.3<br>© 2020 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on February 9, 2021</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon github"><use xlink:href="/v1.8/img/icons.svg#github"/></svg></a>
|
||
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon drive"><use xlink:href="/v1.8/img/icons.svg#drive"/></svg></a>
|
||
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon working-groups"><use xlink:href="/v1.8/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon top"><use xlink:href="/v1.8/img/icons.svg#top"/></svg></button></div></body></html> |