mirror of https://github.com/istio/istio.io.git
11772 lines
216 KiB
HTML
11772 lines
216 KiB
HTML
|
|
|
|
<!DOCTYPE html>
|
|
<html lang="en" itemscope itemtype="https://schema.org/WebPage">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
|
<meta name="theme-color" content="#466BB0"/>
|
|
|
|
|
|
|
|
<meta name="title" content="Route Rules v1alpha3">
|
|
<meta name="description" content="Configuration affecting traffic routing">
|
|
|
|
|
|
<meta name="og:title" content="Route Rules v1alpha3">
|
|
<meta name="og:description" content="Configuration affecting traffic routing">
|
|
<meta name="og:url" content="/v0.8/docs/reference/config/istio.networking.v1alpha3/">
|
|
<meta name="og.site_name" content="Istio">
|
|
|
|
|
|
|
|
<title>Istioldie 0.8 / Route Rules v1alpha3</title>
|
|
|
|
|
|
|
|
|
|
<script>
|
|
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
|
|
ga('create', 'UA-98480406-2', 'auto');
|
|
ga('send', 'pageview');
|
|
</script>
|
|
<script async src='https://www.google-analytics.com/analytics.js'></script>
|
|
|
|
|
|
<script>
|
|
var branchName = "release-0.8";
|
|
</script>
|
|
|
|
|
|
<link rel="alternate" type="application/rss+xml" title="Istio Blog" href="/v0.8/feed.xml">
|
|
|
|
|
|
<link rel="shortcut icon" href="/v0.8/favicons/favicon.ico" >
|
|
<link rel="apple-touch-icon" href="/v0.8/favicons/apple-touch-icon-180x180.png" sizes="180x180">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/favicon-16x16.png" sizes="16x16">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/favicon-32x32.png" sizes="32x32">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/android-36x36.png" sizes="36x36">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/android-48x48.png" sizes="48x48">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/android-72x72.png" sizes="72x72">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/android-96x196.png" sizes="96x196">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/android-144x144.png" sizes="144x144">
|
|
<link rel="icon" type="image/png" href="/v0.8/favicons/android-192x192.png" sizes="192x192">
|
|
|
|
|
|
<link rel="manifest" href="/v0.8/manifest.json">
|
|
<meta name="apple-mobile-web-app-title" content="Istio">
|
|
<meta name="application-name" content="Istio">
|
|
|
|
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic">
|
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
|
|
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.6/css/all.css">
|
|
|
|
|
|
<link rel="stylesheet" href="/v0.8/css/light_theme_archive.css" title="light">
|
|
<link rel="alternate stylesheet" href="/v0.8/css/dark_theme_archive.css" title="dark">
|
|
|
|
|
|
<script src="/v0.8/js/styleSwitcher.min.js"></script>
|
|
</head>
|
|
|
|
<body class="language-unknown">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<header>
|
|
<nav class="navbar navbar-expand-md navbar-dark fixed-top bg-dark justify-content-between">
|
|
<a class="navbar-brand" href="/v0.8/">
|
|
<span class="logo"><svg viewBox="0 0 300 300">
|
|
<circle cx="150" cy="150" r="150" stroke-width="2" />
|
|
<polygon points="65,240 225,240 125,270"/>
|
|
<polygon points="65,230 125,220 125,110"/>
|
|
<polygon points="135,220 225,230 135,30"/>
|
|
</svg>
|
|
</span>
|
|
|
|
|
|
<span class="brand-name">Istioldie 0.8</span>
|
|
|
|
</a>
|
|
|
|
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
|
|
<span class="navbar-toggler-icon"></span>
|
|
</button>
|
|
|
|
<div class="collapse navbar-collapse justify-content-end" id="navbarCollapse">
|
|
<ul id="navbar-links" class="navbar-nav active">
|
|
<li class="nav-item">
|
|
<a class="nav-link active" href="/v0.8/docs/">Docs</a>
|
|
</li>
|
|
<li class="nav-item">
|
|
<a class="nav-link " href="/v0.8/blog/2018/egress-monitoring-access-control/">Blog</a>
|
|
</li>
|
|
<li class="nav-item">
|
|
<a class="nav-link " href="/v0.8/help/">Help</a>
|
|
</li>
|
|
<li class="nav-item">
|
|
<a class="nav-link " href="/v0.8/community/">Community</a>
|
|
</li>
|
|
<li class="nav-item">
|
|
<a class="nav-link " href="/v0.8/about/">About</a>
|
|
</li>
|
|
|
|
<li class="nav-item dropdown" id="gearDropdown" style="white-space: nowrap">
|
|
<a href="" class="nav-link" data-toggle="dropdown" aria-label="Tools" aria-haspopup="true" aria-expanded="false">
|
|
<i style="width: 1em" class='fa fa-lg fa-cog'></i>
|
|
</a>
|
|
|
|
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="gearDropdown">
|
|
<a class="dropdown-item" id="light-theme-item" href="" onclick="setActiveStyleSheet('light');return false;">Light Theme</a>
|
|
<a class="dropdown-item" id="dark-theme-item" href="" onclick="setActiveStyleSheet('dark');return false;">Dark Theme</a>
|
|
|
|
|
|
|
|
<div class="dropdown-divider"></div>
|
|
|
|
<h6 class="dropdown-header">Other versions of this site</h6>
|
|
|
|
|
|
|
|
|
|
|
|
<a href="https://istio.io" class="dropdown-item">Current Release</a>
|
|
<a href="https://preliminary.istio.io" class="dropdown-item">Next Release</a>
|
|
|
|
<a href="https://archive.istio.io" class="dropdown-item">Older Releases</a>
|
|
</div>
|
|
</li>
|
|
|
|
<li class="nav-item">
|
|
<a id="search_show" class="nav-link" href="" aria-label="Search"><i style="width: 1em" class="fa fa-lg fa-search"></i></a>
|
|
</li>
|
|
</ul>
|
|
|
|
<form name="cse" id="search_form" class="form-inline mr-sm-2" role="search">
|
|
<input type="hidden" name="cx" value="013699703217164175118:iwwf17ikgf4" />
|
|
<input type="hidden" name="ie" value="utf-8" />
|
|
<input type="hidden" name="hl" value="en" />
|
|
<input type="hidden" id="search_page_url" value="/v0.8/search.html" />
|
|
<input id="search_textbox" class="form-control" name="q" type="text" aria-label="Search this site"/>
|
|
<button id="search_close" type="reset" aria-label="Cancel Search"><i class="far fa-lg fa-times-circle"></i></button>
|
|
</form>
|
|
</div>
|
|
</nav>
|
|
</header>
|
|
|
|
|
|
|
|
|
|
|
|
<div class="container-fluid">
|
|
<div class="row row-offcanvas">
|
|
<div class="col-0 col-md-3 col-xl-2 sidebar-offcanvas">
|
|
|
|
|
|
<nav class="sidebar d-print-none">
|
|
<div class="spacer"></div>
|
|
<div class="directory" role="tablist">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="card">
|
|
<div class="card-header" role="tab" id="header7">
|
|
<a data-toggle="collapse" href="#collapse7" title="Concepts help you learn about the different parts of the Istio system and the abstractions it uses." role="button" aria-controls="collapse7">
|
|
<div>
|
|
Concepts
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<div id="collapse7" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header7">
|
|
<div class="card-body">
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="A broad overview of the Istio system." href="/v0.8/docs/concepts/what-is-istio/">What is Istio? </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Provides a conceptual introduction to Istio, including the problems it solves and its high-level architecture." href="/v0.8/docs/concepts/what-is-istio/overview/">Overview</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes the core principles that Istio's design adheres to." href="/v0.8/docs/concepts/what-is-istio/goals/">Design Goals</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Describes the various Istio features focused on traffic routing and control." href="/v0.8/docs/concepts/traffic-management/">Traffic Management </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Provides a conceptual overview of traffic management in Istio and the features it enables." href="/v0.8/docs/concepts/traffic-management/overview/">Overview</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Introduces Pilot, the component responsible for managing a distributed deployment of Envoy proxies in the service mesh." href="/v0.8/docs/concepts/traffic-management/pilot/">Pilot</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how requests are routed between services in an Istio service mesh." href="/v0.8/docs/concepts/traffic-management/request-routing/">Request Routing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how traffic is load balanced across instances of a service in the mesh." href="/v0.8/docs/concepts/traffic-management/load-balancing/">Discovery & Load Balancing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="An overview of failure recovery capabilities in Envoy that can be leveraged by unmodified applications to improve robustness and prevent cascading failures." href="/v0.8/docs/concepts/traffic-management/handling-failures/">Handling Failures</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Introduces the idea of systematic fault injection that can be used to uncover conflicting failure recovery policies across services." href="/v0.8/docs/concepts/traffic-management/fault-injection/">Fault Injection</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Provides a high-level overview of the configuration model used by Istio to configure traffic management rules in the service mesh." href="/v0.8/docs/concepts/traffic-management/rules-configuration/">Rules Configuration</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Describes Istio's authorization and authentication functionality." href="/v0.8/docs/concepts/security/">Security </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes Istio's authentication policy" href="/v0.8/docs/concepts/security/authn-policy/">Authentication Policy</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes Istio's mutual TLS authentication architecture which provides a strong service identity and secure communication channels between services." href="/v0.8/docs/concepts/security/mutual-tls/">Mutual TLS Authentication</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes Istio RBAC which provides access control for services in Istio Mesh." href="/v0.8/docs/concepts/security/rbac/">Istio Role-Based Access Control (RBAC)</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Introduces the policy control snd telemetry collection mechanisms." href="/v0.8/docs/concepts/policies-and-telemetry/">Policies and Telemetry </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes the design of the policy and telemetry mechanisms." href="/v0.8/docs/concepts/policies-and-telemetry/overview/">Overview</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="An overview of the key concepts used to configure Istio's policy enforcement and telemetry collection features." href="/v0.8/docs/concepts/policies-and-telemetry/config/">Configuration</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="card">
|
|
<div class="card-header" role="tab" id="header22">
|
|
<a data-toggle="collapse" href="#collapse22" title="Setup contains instructions for installing the Istio control plane in various environments (e.g., Kubernetes, Consul, etc.), as well as instructions for installing the sidecar in the application deployment." role="button" aria-controls="collapse22">
|
|
<div>
|
|
Setup
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<div id="collapse22" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header22">
|
|
<div class="card-body">
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Instructions for installing the Istio control plane on Kubernetes and adding VMs into the mesh." href="/v0.8/docs/setup/kubernetes/">Kubernetes </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Quick start instructions to setup the Istio service mesh in a Kubernetes cluster." href="/v0.8/docs/setup/kubernetes/quick-start/">Quick Start</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Quick Start instructions to setup the Istio service using Google Kubernetes Engine (GKE)" href="/v0.8/docs/setup/kubernetes/quick-start-gke-dm/">Quick Start with Google Kubernetes Engine</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Install Istio with the included Helm chart." href="/v0.8/docs/setup/kubernetes/helm-install/">Installation with Helm</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Install Istio with the included Ansible playbook." href="/v0.8/docs/setup/kubernetes/ansible-install/">Installation with Ansible</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Instructions for installing the Istio sidecar in application pods automatically using the sidecar injector webhook or manually using istioctl CLI." href="/v0.8/docs/setup/kubernetes/sidecar-injection/">Installing the Istio Sidecar</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Instructions for integrating VMs and bare metal hosts into an Istio mesh deployed on Kubernetes." href="/v0.8/docs/setup/kubernetes/mesh-expansion/">Mesh Expansion</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Install Istio with multicluster support." href="/v0.8/docs/setup/kubernetes/multicluster-install/">Istio Multicluster</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This guide demonstrates how to upgrade the Istio control plane and data plane independently." href="/v0.8/docs/setup/kubernetes/upgrading-istio/">Upgrading Istio</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad." href="/v0.8/docs/setup/consul/">Nomad & Consul </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Quick Start instructions to setup the Istio service mesh with Docker Compose." href="/v0.8/docs/setup/consul/quick-start/">Quick Start on Docker</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad." href="/v0.8/docs/setup/consul/install/">Installation</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Instructions for installing the Istio control plane in a Eureka based environment." href="/v0.8/docs/setup/eureka/">Eureka </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Quick Start instructions to setup the Istio service mesh with Docker Compose." href="/v0.8/docs/setup/eureka/quick-start/">Quick Start on Docker</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Instructions for installing the Istio control plane in an Eureka based environment." href="/v0.8/docs/setup/eureka/install/">Installation</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="card">
|
|
<div class="card-header" role="tab" id="header37">
|
|
<a data-toggle="collapse" href="#collapse37" title="Tasks show you how to do a single specific targeted activity with the Istio system." role="button" aria-controls="collapse37">
|
|
<div>
|
|
Tasks
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<div id="collapse37" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header37">
|
|
<div class="card-body">
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Describes tasks that demonstrate traffic routing features of Istio service mesh." href="/v0.8/docs/tasks/traffic-management/">Traffic Management </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to configure dynamic request routing based on weights and HTTP headers." href="/v0.8/docs/tasks/traffic-management/request-routing/">Configuring Request Routing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows how to inject delays and test the resiliency of your application." href="/v0.8/docs/tasks/traffic-management/fault-injection/">Fault Injection</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows you how to migrate traffic from an old to new version of a service." href="/v0.8/docs/tasks/traffic-management/traffic-shifting/">Traffic Shifting</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to setup request timeouts in Envoy using Istio." href="/v0.8/docs/tasks/traffic-management/request-timeouts/">Setting Request Timeouts</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how to configure Istio to expose a service outside of the service mesh." href="/v0.8/docs/tasks/traffic-management/ingress/">Control Ingress Traffic</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how to configure Istio to expose a service outside of the service mesh, over TLS or Mutual TLS." href="/v0.8/docs/tasks/traffic-management/secure-ingress/">Securing Gateways with HTTPS</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how to configure Istio to route traffic from services in the mesh to external services." href="/v0.8/docs/tasks/traffic-management/egress/">Control Egress Traffic</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how to configure Istio to perform TLS origination for traffic to external services" href="/v0.8/docs/tasks/traffic-management/egress-tls-origination/">TLS Origination for Egress Traffic</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes how to configure Istio to direct traffic to external services through a dedicated gateway service" href="/v0.8/docs/tasks/traffic-management/egress-gateway/">Configure an Egress Gateway</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task demonstrates the circuit-breaking capability for resilient applications" href="/v0.8/docs/tasks/traffic-management/circuit-breaking/">Circuit Breaking</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task demonstrates the traffic shadowing/mirroring capabilities of Istio" href="/v0.8/docs/tasks/traffic-management/mirroring/">Mirroring</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Demonstrates how to secure the mesh." href="/v0.8/docs/tasks/security/">Security </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows you how to use Istio authentication policy to setup mutual TLS and basic end-user authentication." href="/v0.8/docs/tasks/security/authn-policy/">Basic Authentication Policy</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows you how to verify and test Istio's automatic mutual TLS authentication." href="/v0.8/docs/tasks/security/mutual-tls/">Testing Mutual TLS</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows how to control access to a service using the Kubernetes labels." href="/v0.8/docs/tasks/security/basic-access-control/">Basic Access Control</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows how to securely control access to a service using service accounts." href="/v0.8/docs/tasks/security/secure-access-control/">Secure Access Control</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows how to set up role-based access control for services in Istio mesh." href="/v0.8/docs/tasks/security/role-based-access-control/">Role-Based Access Control</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows how operators can configure Citadel with existing root certificate, signing certificate and key." href="/v0.8/docs/tasks/security/plugin-ca-cert/">Plugging in external CA key and certificate</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows how to enable Citadel health checking with Kubernetes." href="/v0.8/docs/tasks/security/health-check/">Citadel health checking</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Shows how to enable mutual TLS on HTTPS services." href="/v0.8/docs/tasks/security/https-overlay/">Mutual TLS over HTTPS</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Demonstrates policy enforcement features." href="/v0.8/docs/tasks/policy-enforcement/">Policies </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to use Istio to dynamically limit the traffic to a service." href="/v0.8/docs/tasks/policy-enforcement/rate-limiting/">Enabling Rate Limits</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Demonstrates how to collect telemetry information from the mesh." href="/v0.8/docs/tasks/telemetry/">Telemetry </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="How to configure the proxies to send tracing requests to Zipkin or Jaeger" href="/v0.8/docs/tasks/telemetry/distributed-tracing/">Distributed Tracing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to configure Istio to collect metrics and logs." href="/v0.8/docs/tasks/telemetry/metrics-logs/">Collecting Metrics and Logs</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to configure Istio to collect metrics for TCP services." href="/v0.8/docs/tasks/telemetry/tcp-metrics/">Collecting Metrics for TCP services</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to query for Istio Metrics using Prometheus." href="/v0.8/docs/tasks/telemetry/querying-metrics/">Querying Metrics from Prometheus</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to setup and use the Istio Dashboard to monitor mesh traffic." href="/v0.8/docs/tasks/telemetry/using-istio-dashboard/">Visualizing Metrics with Grafana</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to generate a graph of services within an Istio mesh." href="/v0.8/docs/tasks/telemetry/servicegraph/">Generating a Service Graph</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This task shows you how to configure Istio to log to a Fluentd daemon" href="/v0.8/docs/tasks/telemetry/fluentd/">Logging with Fluentd</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="card">
|
|
<div class="card-header" role="tab" id="header48">
|
|
<a data-toggle="collapse" href="#collapse48" title="Guides include a variety of fully working example uses for Istio that you can experiment with." role="button" aria-controls="collapse48">
|
|
<div>
|
|
Guides
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<div id="collapse48" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header48">
|
|
<div class="card-body">
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This guide deploys a sample application composed of four separate microservices which will be used to demonstrate various features of the Istio service mesh." href="/v0.8/docs/guides/bookinfo/">Bookinfo Sample Application</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This guide demonstrates how to use various traffic management capabilities of an Istio service mesh." href="/v0.8/docs/guides/intelligent-routing/">Intelligent Routing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This sample demonstrates how to obtain uniform metrics, logs, traces across different services using Istio Mixer and Istio sidecar." href="/v0.8/docs/guides/telemetry/">In-Depth Telemetry</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Explains how to manually integrate Google Cloud Endpoints services with Istio." href="/v0.8/docs/guides/endpoints/">Install Istio for Google Cloud Endpoints Services</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="This sample deploys the Bookinfo services across Kubernetes and a set of virtual machines, and illustrates how to use the Istio service mesh to control this infrastructure as a single mesh." href="/v0.8/docs/guides/integrating-vms/">Integrating Virtual Machines</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="card">
|
|
<div class="card-header" role="tab" id="header77">
|
|
<a data-toggle="collapse" href="#collapse77" title="Introduces Performance and Scalability methodology, results and best practices for Istio components." role="button" aria-controls="collapse77">
|
|
<div>
|
|
Performance and Scalability
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<div id="collapse77" class="collapse" data-parent="#sidebar" role="tabpanel" aria-labelledby="header77">
|
|
<div class="card-body">
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Provides a conceptual introduction to Istio's Performance and Scalability" href="/v0.8/docs/performance-and-scalability/overview/">Overview</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Performance measurement through code level micro-benchmarks." href="/v0.8/docs/performance-and-scalability/microbenchmarks/">Micro Benchmarks</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="The different scenarios we are tracking for performance and scalability." href="/v0.8/docs/performance-and-scalability/scenarios/">Testing scenarios</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Fortio is our simple synthetic http and grpc benchmarking tool." href="/v0.8/docs/performance-and-scalability/synthetic-benchmarks/">Synthetic End to End benchmarks</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Performance measurement through realistic micro service application tests." href="/v0.8/docs/performance-and-scalability/realistic-app-benchmark/">Realistic Application Benchmark</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="How we ensure performance is tracked and improves or does not regress across releases." href="/v0.8/docs/performance-and-scalability/performance-testing-automation/">Automation</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Setup of Istio components to scale horizontally. High availability. Sizing guide." href="/v0.8/docs/performance-and-scalability/scalability/">Scalability and Sizing Guide</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="card">
|
|
<div class="card-header" role="tab" id="header85">
|
|
<a data-toggle="collapse" href="#collapse85" title="The Reference section contains detailed authoritative reference material such as command-line options, configuration options, and API calling parameters." role="button" aria-controls="collapse85">
|
|
<div>
|
|
Reference
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<div id="collapse85" class="collapse show" data-parent="#sidebar" role="tabpanel" aria-labelledby="header85">
|
|
<div class="card-body">
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-down'></i>
|
|
|
|
<a title="Detailed information on configuration options." href="/v0.8/docs/reference/config/">Configuration </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Describes how to configure Istio's policy and telemetry features." href="/v0.8/docs/reference/config/policy-and-telemetry/">Policies and Telemetry </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes the base attribute vocabulary used for policy and control." href="/v0.8/docs/reference/config/policy-and-telemetry/attribute-vocabulary/">Attribute Vocabulary</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Mixer config expression language reference." href="/v0.8/docs/reference/config/policy-and-telemetry/expression-language/">Expression Language</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Mixer adapters allow Istio to interface to a variety of infrastructure backends for such things as metrics and logs." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/">Adapters </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter for circonus.com's monitoring solution." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/circonus/">Circonus</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter for cloudwatch metrics." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/">CloudWatch</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter to deliver metrics to a dogstatsd agent for delivery to DataDog" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/datadog/">Datadog</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that always returns a precondition denial." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/denier/">Denier</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that delivers logs to a fluentd daemon." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/fluentd/">Fluentd</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that extracts information from a Kubernetes environment." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/">Kubernetes Env</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that performs whitelist or blacklist checks" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/list/">List</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter for a simple in-memory quota management system." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/memquota/">Memory quota</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that implements an Open Policy Agent engine" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/opa/">OPA</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that exposes Istio metrics for ingestion by a Prometheus harvester." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/prometheus/">Prometheus</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that exposes Istio's Role-Based Access Control model." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/rbac/">RBAC</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter for a Redis-based quota management system." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/redisquota/">Redis Quota</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter that delivers logs and metrics to Google Service Control" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/servicecontrol/">Service Control</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter to deliver logs and metrics to Papertrail and AppOptics backends" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/solarwinds/">SolarWinds</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter to deliver logs and metrics to Stackdriver" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/stackdriver/">Stackdriver</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter to deliver metrics to a StatsD backend" href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/statsd/">StatsD</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Adapter for outputting logs and metrics locally." href="/v0.8/docs/reference/config/policy-and-telemetry/adapters/stdio/">Stdio</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Default Metrics exported from Istio through Mixer." href="/v0.8/docs/reference/config/policy-and-telemetry/metrics/">Default Metrics</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Mixer templates are used to send data to individual adapters." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/">Templates </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that represents a single API key." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/apikey/">API Key</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template used to represent an access control query." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/authorization/">Authorization</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that carries no data, useful for testing." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/checknothing/">Check Nothing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that is used to control the production of Kubernetes-specific attributes." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/kubernetes/">Kubernetes</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template designed to let you perform list checking operations." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/listentry/">List Entry</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that represents a single runtime log entry." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/logentry/">Log Entry</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that represents a single runtime metric." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/metric/">Metric</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that represents a quota allocation request" href="/v0.8/docs/reference/config/policy-and-telemetry/templates/quota/">Quota</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template that carries no data, useful for testing." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/reportnothing/">Report Nothing</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="A template used by the Google Service Control adapter." href="/v0.8/docs/reference/config/policy-and-telemetry/templates/servicecontrolreport/">Service Control Report</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Describes the rules used to configure Mixer's policy and telemetry features." href="/v0.8/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/">Rules</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Configuration for Role Based Access Control" href="/v0.8/docs/reference/config/istio.rbac.v1alpha1/">RBAC</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Configuration affecting traffic routing" href="/v0.8/docs/reference/config/istio.routing.v1alpha1/">Route Rules v1alpha1 (deprecated)</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<span class="current" title="Configuration affecting traffic routing">Route Rules v1alpha3</span>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="sublist">
|
|
|
|
|
|
<label class='tree-toggle'>
|
|
|
|
<i class='fa fa-lg fa-caret-right'></i>
|
|
|
|
<a title="Describes usage and options of the Istio commands and utilities." href="/v0.8/docs/reference/commands/">Commands </a>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<ul class="tree collapse">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Istio Certificate Authority (CA)" href="/v0.8/docs/reference/commands/istio_ca/">istio_ca</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Istio control interface" href="/v0.8/docs/reference/commands/istioctl/">istioctl</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Utility to trigger direct calls to Mixer&#39;s API." href="/v0.8/docs/reference/commands/mixc/">mixc</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Mixer is Istio&#39;s abstraction on top of infrastructure backends." href="/v0.8/docs/reference/commands/mixs/">mixs</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Istio security per-node agent" href="/v0.8/docs/reference/commands/node_agent/">node_agent</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Istio Pilot agent" href="/v0.8/docs/reference/commands/pilot-agent/">pilot-agent</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Istio Pilot" href="/v0.8/docs/reference/commands/pilot-discovery/">pilot-discovery</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li>
|
|
|
|
<a title="Kubernetes webhook for automatic Istio sidecar injection" href="/v0.8/docs/reference/commands/sidecar-injector/">sidecar-injector</a>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</div>
|
|
</nav>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="col-12 col-md-9 col-xl-8">
|
|
|
|
|
|
<p class="d-md-none">
|
|
<label class="sidebar-toggler" data-toggle="offcanvas">
|
|
<i class="fa fa-sign-out-alt"></i>
|
|
</label>
|
|
</p>
|
|
|
|
<main aria-labelledby="title">
|
|
<h1 id="title">Route Rules v1alpha3</h1>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<nav class="toc-inlined d-xl-none d-print-none" >
|
|
<div class="directory" role="directory">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<nav id="InlinedTableOfContents">
|
|
<ul>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ConnectionPoolSettings">ConnectionPoolSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ConnectionPoolSettings.HTTPSettings">ConnectionPoolSettings.HTTPSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ConnectionPoolSettings.TCPSettings">ConnectionPoolSettings.TCPSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#CorsPolicy">CorsPolicy</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Destination">Destination</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#DestinationRule">DestinationRule</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#DestinationWeight">DestinationWeight</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Gateway">Gateway</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPFaultInjection">HTTPFaultInjection</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPFaultInjection.Abort">HTTPFaultInjection.Abort</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPFaultInjection.Delay">HTTPFaultInjection.Delay</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPMatchRequest">HTTPMatchRequest</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRedirect">HTTPRedirect</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRetry">HTTPRetry</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRewrite">HTTPRewrite</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRoute">HTTPRoute</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#L4MatchAttributes">L4MatchAttributes</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#LoadBalancerSettings">LoadBalancerSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#LoadBalancerSettings.ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#LoadBalancerSettings.SimpleLB">LoadBalancerSettings.SimpleLB</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#OutlierDetection">OutlierDetection</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#OutlierDetection.HTTPSettings">OutlierDetection.HTTPSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Port">Port</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#PortSelector">PortSelector</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Server">Server</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Server.TLSOptions">Server.TLSOptions</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Server.TLSOptions.TLSmode">Server.TLSOptions.TLSmode</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry">ServiceEntry</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry.Endpoint">ServiceEntry.Endpoint</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry.Location">ServiceEntry.Location</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry.Resolution">ServiceEntry.Resolution</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#StringMatch">StringMatch</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Subset">Subset</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TCPRoute">TCPRoute</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TLSSettings">TLSSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TLSSettings.TLSmode">TLSSettings.TLSmode</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TrafficPolicy">TrafficPolicy</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TrafficPolicy.PortTrafficPolicy">TrafficPolicy.PortTrafficPolicy</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#VirtualService">VirtualService</a></li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
|
|
|
|
</div>
|
|
</nav>
|
|
|
|
|
|
<p>Configuration affecting traffic routing. Here are a few terms useful to define
|
|
in the context of traffic routing.</p>
|
|
|
|
<p><code>Service</code> a unit of application behavior bound to a unique name in a
|
|
service registry. Services consist of multiple network <em>endpoints</em>
|
|
implemented by workload instances running on pods, containers, VMs etc.</p>
|
|
|
|
<p><code>Service versions (a.k.a. subsets)</code> - In a continuous deployment
|
|
scenario, for a given service, there can be distinct subsets of
|
|
instances running different variants of the application binary. These
|
|
variants are not necessarily different API versions. They could be
|
|
iterative changes to the same service, deployed in different
|
|
environments (prod, staging, dev, etc.). Common scenarios where this
|
|
occurs include A/B testing, canary rollouts, etc. The choice of a
|
|
particular version can be decided based on various criterion (headers,
|
|
url, etc.) and/or by weights assigned to each version. Each service has
|
|
a default version consisting of all its instances.</p>
|
|
|
|
<p><code>Source</code> - A downstream client calling a service.</p>
|
|
|
|
<p><code>Host</code> - The address used by a client when attempting to connect to a
|
|
service.</p>
|
|
|
|
<p><code>Access model</code> - Applications address only the destination service
|
|
(Host) without knowledge of individual service versions (subsets). The
|
|
actual choice of the version is determined by the proxy/sidecar, enabling the
|
|
application code to decouple itself from the evolution of dependent
|
|
services.</p>
|
|
|
|
<h2 id="ConnectionPoolSettings">ConnectionPoolSettings</h2>
|
|
<section>
|
|
<p>Connection pool settings for an upstream host. The settings apply to
|
|
each individual host in the upstream service. See Envoy’s <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/circuit_breaking">circuit
|
|
breaker</a>
|
|
for more details. Connection pool settings can be applied at the TCP
|
|
level as well as at HTTP level.</p>
|
|
|
|
<p>For example, the following rule sets a limit of 100 connections to redis
|
|
service called myredissrv with a connect timeout of 30ms</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-redis
|
|
spec:
|
|
host: myredissrv.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
connectionPool:
|
|
tcp:
|
|
maxConnections: 100
|
|
connectTimeout: 30ms
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ConnectionPoolSettings.tcp">
|
|
<td><code>tcp</code></td>
|
|
<td><code><a href="#ConnectionPoolSettings.TCPSettings">ConnectionPoolSettings.TCPSettings</a></code></td>
|
|
<td>
|
|
<p>Settings common to both HTTP and TCP upstream connections.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ConnectionPoolSettings.http">
|
|
<td><code>http</code></td>
|
|
<td><code><a href="#ConnectionPoolSettings.HTTPSettings">ConnectionPoolSettings.HTTPSettings</a></code></td>
|
|
<td>
|
|
<p>HTTP connection pool settings.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="ConnectionPoolSettings.HTTPSettings">ConnectionPoolSettings.HTTPSettings</h2>
|
|
<section>
|
|
<p>Settings applicable to HTTP1.1/HTTP2/GRPC connections.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ConnectionPoolSettings.HTTPSettings.http1_max_pending_requests">
|
|
<td><code>http1MaxPendingRequests</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Maximum number of pending HTTP requests to a destination. Default 1024.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ConnectionPoolSettings.HTTPSettings.http2_max_requests">
|
|
<td><code>http2MaxRequests</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Maximum number of requests to a backend. Default 1024.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ConnectionPoolSettings.HTTPSettings.max_requests_per_connection">
|
|
<td><code>maxRequestsPerConnection</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Maximum number of requests per connection to a backend. Setting this
|
|
parameter to 1 disables keep alive.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ConnectionPoolSettings.HTTPSettings.max_retries">
|
|
<td><code>maxRetries</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Maximum number of retries that can be outstanding to all hosts in a
|
|
cluster at a given time. Defaults to 3.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="ConnectionPoolSettings.TCPSettings">ConnectionPoolSettings.TCPSettings</h2>
|
|
<section>
|
|
<p>Settings common to both HTTP and TCP upstream connections.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ConnectionPoolSettings.TCPSettings.max_connections">
|
|
<td><code>maxConnections</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Maximum number of HTTP1 /TCP connections to a destination host.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ConnectionPoolSettings.TCPSettings.connect_timeout">
|
|
<td><code>connectTimeout</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
|
<td>
|
|
<p>TCP connection timeout.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="CorsPolicy">CorsPolicy</h2>
|
|
<section>
|
|
<p>Describes the Cross-Origin Resource Sharing (CORS) policy, for a given
|
|
service. Refer to
|
|
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access<em>control</em>CORS
|
|
for further details about cross origin resource sharing. For example,
|
|
the following rule restricts cross origin requests to those originating
|
|
from example.com domain using HTTP POST/GET, and sets the
|
|
Access-Control-Allow-Credentials header to false. In addition, it only
|
|
exposes X-Foo-bar header and sets an expiry period of 1 day.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: ratings-route
|
|
spec:
|
|
hosts:
|
|
- ratings.prod.svc.cluster.local
|
|
http:
|
|
- route:
|
|
- destination:
|
|
host: ratings.prod.svc.cluster.local
|
|
subset: v1
|
|
corsPolicy:
|
|
allowOrigin:
|
|
- example.com
|
|
allowMethods:
|
|
- POST
|
|
- GET
|
|
allowCredentials: false
|
|
allowHeaders:
|
|
- X-Foo-Bar
|
|
maxAge: "1d"
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="CorsPolicy.allow_origin">
|
|
<td><code>allowOrigin</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>The list of origins that are allowed to perform CORS requests. The
|
|
content will be serialized into the Access-Control-Allow-Origin
|
|
header. Wildcard * will allow all origins.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="CorsPolicy.allow_methods">
|
|
<td><code>allowMethods</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>List of HTTP methods allowed to access the resource. The content will
|
|
be serialized into the Access-Control-Allow-Methods header.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="CorsPolicy.allow_headers">
|
|
<td><code>allowHeaders</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>List of HTTP headers that can be used when requesting the
|
|
resource. Serialized to Access-Control-Allow-Methods header.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="CorsPolicy.expose_headers">
|
|
<td><code>exposeHeaders</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>A white list of HTTP headers that the browsers are allowed to
|
|
access. Serialized into Access-Control-Expose-Headers header.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="CorsPolicy.max_age">
|
|
<td><code>maxAge</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
|
<td>
|
|
<p>Specifies how long the the results of a preflight request can be
|
|
cached. Translates to the Access-Control-Max-Age header.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="CorsPolicy.allow_credentials">
|
|
<td><code>allowCredentials</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">google.protobuf.BoolValue</a></code></td>
|
|
<td>
|
|
<p>Indicates whether the caller is allowed to send the actual request
|
|
(not the preflight) using credentials. Translates to
|
|
Access-Control-Allow-Credentials header.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Destination">Destination</h2>
|
|
<section>
|
|
<p>Destination indicates the network addressable service to which the
|
|
request/connection will be sent after processing a routing rule. The
|
|
destination.host should unambiguously refer to a service in the service
|
|
registry. Istio’s service registry is composed of all the services found
|
|
in the platform’s service registry (e.g., Kubernetes services, Consul
|
|
services), as well as services declared through the
|
|
<a href="#ServiceEntry">ServiceEntry</a> resource.</p>
|
|
|
|
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
|
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
|
the short name based on the namespace of the rule, not the service. A
|
|
rule in the “default” namespace containing a host “reviews will be
|
|
interpreted as “reviews.default.svc.cluster.local”, irrespective of the
|
|
actual namespace associated with the reviews service. <em>To avoid potential
|
|
misconfigurations, it is recommended to always use fully qualified
|
|
domain names over short names.</em></p>
|
|
|
|
<p>The following Kubernetes example routes all traffic by default to pods
|
|
of the reviews service with label “version: v1” (i.e., subset v1), and
|
|
some to subset v2, in a kubernetes environment.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: reviews-route
|
|
namespace: foo
|
|
spec:
|
|
hosts:
|
|
- reviews # interpreted as reviews.foo.svc.cluster.local
|
|
http:
|
|
- match:
|
|
- uri:
|
|
prefix: "/wpcatalog"
|
|
- uri:
|
|
prefix: "/consumercatalog"
|
|
rewrite:
|
|
uri: "/newcatalog"
|
|
route:
|
|
- destination:
|
|
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
|
subset: v2
|
|
- route:
|
|
- destination:
|
|
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
|
subset: v1
|
|
</code></pre>
|
|
|
|
<p>And the associated DestinationRule</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: reviews-destination
|
|
namespace: foo
|
|
spec:
|
|
host: reviews # interpreted as reviews.foo.svc.cluster.local
|
|
subsets:
|
|
- name: v1
|
|
labels:
|
|
version: v1
|
|
- name: v2
|
|
labels:
|
|
version: v2
|
|
</code></pre>
|
|
|
|
<p>The following VirtualService sets a timeout of 5s for all calls to
|
|
productpage.prod.svc.cluster.local service in Kubernetes. Notice that
|
|
there are no subsets defined in this rule. Istio will fetch all
|
|
instances of productpage.prod.svc.cluster.local service from the service
|
|
registry and populate the sidecar’s load balancing pool. Also, notice
|
|
that this rule is set in the istio-system namespace but uses the fully
|
|
qualified domain name of the productpage service,
|
|
productpage.prod.svc.cluster.local. Therefore the rule’s namespace does
|
|
not have an impact in resolving the name of the productpage service.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: my-productpage-rule
|
|
namespace: istio-system
|
|
spec:
|
|
hosts:
|
|
- productpage.prod.svc.cluster.local # ignores rule namespace
|
|
http:
|
|
- timeout: 5s
|
|
route:
|
|
- destination:
|
|
host: productpage.prod.svc.cluster.local
|
|
</code></pre>
|
|
|
|
<p>To control routing for traffic bound to services outside the mesh, external
|
|
services must first be added to Istio’s internal service registry using the
|
|
ServiceEntry resource. VirtualServices can then be defined to control traffic
|
|
bound to these external services. For example, the following rules define a
|
|
Service for wikipedia.org and set a timeout of 5s for http requests.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: ServiceEntry
|
|
metadata:
|
|
name: external-svc-wikipedia
|
|
spec:
|
|
hosts:
|
|
- wikipedia.org
|
|
location: MESH_EXTERNAL
|
|
ports:
|
|
- number: 80
|
|
name: example-http
|
|
protocol: HTTP
|
|
resolution: DNS
|
|
|
|
apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: my-wiki-rule
|
|
spec:
|
|
hosts:
|
|
- wikipedia.org
|
|
http:
|
|
- timeout: 5s
|
|
route:
|
|
- destination:
|
|
host: wikipedia.org
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Destination.host">
|
|
<td><code>host</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED. The name of a service from the service registry. Service
|
|
names are looked up from the platform’s service registry (e.g.,
|
|
Kubernetes services, Consul services, etc.) and from the hosts
|
|
declared by <a href="#ServiceEntry">ServiceEntry</a>. Traffic forwarded to
|
|
destinations that are not found in either of the two, will be dropped.</p>
|
|
|
|
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
|
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
|
the short name based on the namespace of the rule, not the service. A
|
|
rule in the “default” namespace containing a host “reviews will be
|
|
interpreted as “reviews.default.svc.cluster.local”, irrespective of
|
|
the actual namespace associated with the reviews service. <em>To avoid
|
|
potential misconfigurations, it is recommended to always use fully
|
|
qualified domain names over short names.</em></p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Destination.subset">
|
|
<td><code>subset</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>The name of a subset within the service. Applicable only to services
|
|
within the mesh. The subset must be defined in a corresponding
|
|
DestinationRule.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Destination.port">
|
|
<td><code>port</code></td>
|
|
<td><code><a href="#PortSelector">PortSelector</a></code></td>
|
|
<td>
|
|
<p>Specifies the port on the host that is being addressed. If a service
|
|
exposes only a single port it is not required to explicitly select the
|
|
port.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="DestinationRule">DestinationRule</h2>
|
|
<section>
|
|
<p><code>DestinationRule</code> defines policies that apply to traffic intended for a
|
|
service after routing has occurred. These rules specify configuration
|
|
for load balancing, connection pool size from the sidecar, and outlier
|
|
detection settings to detect and evict unhealthy hosts from the load
|
|
balancing pool. For example, a simple load balancing policy for the
|
|
ratings service would look as follows:</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-ratings
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
simple: LEAST_CONN
|
|
</code></pre>
|
|
|
|
<p>Version specific policies can be specified by defining a named
|
|
<code>subset</code> and overriding the settings specified at the service level. The
|
|
following rule uses a round robin load balancing policy for all traffic
|
|
going to a subset named testversion that is composed of endpoints (e.g.,
|
|
pods) with labels (version:v3).</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-ratings
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
simple: LEAST_CONN
|
|
subsets:
|
|
- name: testversion
|
|
labels:
|
|
version: v3
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
simple: ROUND_ROBIN
|
|
</code></pre>
|
|
|
|
<p><strong>Note:</strong> Policies specified for subsets will not take effect until
|
|
a route rule explicitly sends traffic to this subset.</p>
|
|
|
|
<p>Traffic policies can be customized to specific ports as well. The
|
|
following rule uses the least connection load balancing policy for all
|
|
traffic to port 80, while uses a round robin load balancing setting for
|
|
traffic to the port 9080.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-ratings-port
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy: # Apply to all ports
|
|
portLevelSettings:
|
|
- port:
|
|
number: 80
|
|
loadBalancer:
|
|
simple: LEAST_CONN
|
|
- port:
|
|
number: 9080
|
|
loadBalancer:
|
|
simple: ROUND_ROBIN
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="DestinationRule.host">
|
|
<td><code>host</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED. The name of a service from the service registry. Service
|
|
names are looked up from the platform’s service registry (e.g.,
|
|
Kubernetes services, Consul services, etc.) and from the hosts
|
|
declared by <a href="#ServiceEntry">ServiceEntries</a>. Rules defined for
|
|
services that do not exist in the service registry will be ignored.</p>
|
|
|
|
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
|
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
|
the short name based on the namespace of the rule, not the service. A
|
|
rule in the “default” namespace containing a host “reviews will be
|
|
interpreted as “reviews.default.svc.cluster.local”, irrespective of
|
|
the actual namespace associated with the reviews service. <em>To avoid
|
|
potential misconfigurations, it is recommended to always use fully
|
|
qualified domain names over short names.</em></p>
|
|
|
|
<p>Note that the host field applies to both HTTP and TCP services.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="DestinationRule.traffic_policy">
|
|
<td><code>trafficPolicy</code></td>
|
|
<td><code><a href="#TrafficPolicy">TrafficPolicy</a></code></td>
|
|
<td>
|
|
<p>Traffic policies to apply (load balancing policy, connection pool
|
|
sizes, outlier detection).</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="DestinationRule.subsets">
|
|
<td><code>subsets</code></td>
|
|
<td><code><a href="#Subset">Subset[]</a></code></td>
|
|
<td>
|
|
<p>One or more named sets that represent individual versions of a
|
|
service. Traffic policies can be overridden at subset level.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="DestinationWeight">DestinationWeight</h2>
|
|
<section>
|
|
<p>Each routing rule is associated with one or more service versions (see
|
|
glossary in beginning of document). Weights associated with the version
|
|
determine the proportion of traffic it receives. For example, the
|
|
following rule will route 25% of traffic for the “reviews” service to
|
|
instances with the “v2” tag and the remaining traffic (i.e., 75%) to
|
|
“v1”.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: reviews-route
|
|
spec:
|
|
hosts:
|
|
- reviews.prod.svc.cluster.local
|
|
http:
|
|
- route:
|
|
- destination:
|
|
host: reviews.prod.svc.cluster.local
|
|
subset: v2
|
|
weight: 25
|
|
- destination:
|
|
host: reviews.prod.svc.cluster.local
|
|
subset: v1
|
|
weight: 75
|
|
</code></pre>
|
|
|
|
<p>And the associated DestinationRule</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: reviews-destination
|
|
spec:
|
|
host: reviews.prod.svc.cluster.local
|
|
subsets:
|
|
- name: v1
|
|
labels:
|
|
version: v1
|
|
- name: v2
|
|
labels:
|
|
version: v2
|
|
</code></pre>
|
|
|
|
<p>Traffic can also be split across two entirely different services without
|
|
having to define new subsets. For example, the following rule forwards 25% of
|
|
traffic to reviews.com to dev.reviews.com</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: reviews-route-two-domains
|
|
spec:
|
|
hosts:
|
|
- reviews.com
|
|
http:
|
|
- route:
|
|
- destination:
|
|
host: dev.reviews.com
|
|
weight: 25
|
|
- destination:
|
|
host: reviews.com
|
|
weight: 75
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="DestinationWeight.destination">
|
|
<td><code>destination</code></td>
|
|
<td><code><a href="#Destination">Destination</a></code></td>
|
|
<td>
|
|
<p>REQUIRED. Destination uniquely identifies the instances of a service
|
|
to which the request/connection should be forwarded to.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="DestinationWeight.weight">
|
|
<td><code>weight</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>REQUIRED. The proportion of traffic to be forwarded to the service
|
|
version. (0-100). Sum of weights across destinations SHOULD BE == 100.
|
|
If there is only destination in a rule, the weight value is assumed to
|
|
be 100.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Gateway">Gateway</h2>
|
|
<section>
|
|
<p><code>Gateway</code> describes a load balancer operating at the edge of the mesh
|
|
receiving incoming or outgoing HTTP/TCP connections. The specification
|
|
describes a set of ports that should be exposed, the type of protocol to
|
|
use, SNI configuration for the load balancer, etc.</p>
|
|
|
|
<p>For example, the following Gateway configuration sets up a proxy to act
|
|
as a load balancer exposing port 80 and 9080 (http), 443 (https), and
|
|
port 2379 (TCP) for ingress. The gateway will be applied to the proxy
|
|
running on a pod with labels <code>app: my-gateway-controller</code>. While Istio
|
|
will configure the proxy to listen on these ports, it is the
|
|
responsibility of the user to ensure that external traffic to these
|
|
ports are allowed into the mesh.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: Gateway
|
|
metadata:
|
|
name: my-gateway
|
|
spec:
|
|
selector:
|
|
app: my-gatweway-controller
|
|
servers:
|
|
- port:
|
|
number: 80
|
|
name: http
|
|
protocol: HTTP
|
|
hosts:
|
|
- uk.bookinfo.com
|
|
- eu.bookinfo.com
|
|
tls:
|
|
httpsRedirect: true # sends 302 redirect for http requests
|
|
- port:
|
|
number: 443
|
|
name: https
|
|
protocol: HTTPS
|
|
hosts:
|
|
- uk.bookinfo.com
|
|
- eu.bookinfo.com
|
|
tls:
|
|
mode: SIMPLE #enables HTTPS on this port
|
|
serverCertificate: /etc/certs/servercert.pem
|
|
privateKey: /etc/certs/privatekey.pem
|
|
- port:
|
|
number: 9080
|
|
name: http-wildcard
|
|
protocol: HTTP
|
|
hosts:
|
|
- "*"
|
|
- port:
|
|
number: 2379 # to expose internal service via external port 2379
|
|
name: mongo
|
|
protocol: MONGO
|
|
hosts:
|
|
- "*"
|
|
</code></pre>
|
|
|
|
<p>The Gateway specification above describes the L4-L6 properties of a load
|
|
balancer. A <code>VirtualService</code> can then be bound to a gateway to control
|
|
the forwarding of traffic arriving at a particular host or gateway port.</p>
|
|
|
|
<p>For example, the following VirtualService splits traffic for
|
|
“https://uk.bookinfo.com/reviews”, “https://eu.bookinfo.com/reviews”,
|
|
“http://uk.bookinfo.com:9080/reviews”,
|
|
“http://eu.bookinfo.com:9080/reviews” into two versions (prod and qa) of
|
|
an internal reviews service on port 9080. In addition, requests
|
|
containing the cookie “user: dev-123” will be sent to special port 7777
|
|
in the qa version. The same rule is also applicable inside the mesh for
|
|
requests to the “reviews.prod.svc.cluster.local” service. This rule is
|
|
applicable across ports 443, 9080. Note that “http://uk.bookinfo.com”
|
|
gets redirected to “https://uk.bookinfo.com” (i.e. 80 redirects to 443).</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: bookinfo-rule
|
|
spec:
|
|
hosts:
|
|
- reviews.prod.svc.cluster.local
|
|
- uk.bookinfo.com
|
|
- eu.bookinfo.com
|
|
gateways:
|
|
- my-gateway
|
|
- mesh # applies to all the sidecars in the mesh
|
|
http:
|
|
- match:
|
|
- headers:
|
|
cookie:
|
|
user: dev-123
|
|
route:
|
|
- destination:
|
|
port:
|
|
number: 7777
|
|
name: reviews.qa.svc.cluster.local
|
|
- match:
|
|
uri:
|
|
prefix: /reviews/
|
|
route:
|
|
- destination:
|
|
port:
|
|
number: 9080 # can be omitted if its the only port for reviews
|
|
name: reviews.prod.svc.cluster.local
|
|
weight: 80
|
|
- destination:
|
|
name: reviews.qa.svc.cluster.local
|
|
weight: 20
|
|
</code></pre>
|
|
|
|
<p>The following VirtualService forwards traffic arriving at (external)
|
|
port 27017 from “172.17.16.0/24” subnet to internal Mongo server on port
|
|
5555. This rule is not applicable internally in the mesh as the gateway
|
|
list omits the reserved name <code>mesh</code>.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: bookinfo-Mongo
|
|
spec:
|
|
hosts:
|
|
- mongosvr.prod.svc.cluster.local #name of internal Mongo service
|
|
gateways:
|
|
- my-gateway
|
|
tcp:
|
|
- match:
|
|
- port:
|
|
number: 27017
|
|
sourceSubnet: "172.17.16.0/24"
|
|
route:
|
|
- destination:
|
|
name: mongo.prod.svc.cluster.local
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Gateway.servers">
|
|
<td><code>servers</code></td>
|
|
<td><code><a href="#Server">Server[]</a></code></td>
|
|
<td>
|
|
<p>REQUIRED: A list of server specifications.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Gateway.selector">
|
|
<td><code>selector</code></td>
|
|
<td><code>map<string, string></code></td>
|
|
<td>
|
|
<p>One or more labels that indicate a specific set of pods/VMs
|
|
on which this gateway configuration should be applied.
|
|
The scope of label search is platform dependent.
|
|
On Kubernetes, for example, the scope includes pods running in
|
|
all reachable namespaces.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPFaultInjection">HTTPFaultInjection</h2>
|
|
<section>
|
|
<p>HTTPFaultInjection can be used to specify one or more faults to inject
|
|
while forwarding http requests to the destination specified in a route.
|
|
Fault specification is part of a VirtualService rule. Faults include
|
|
aborting the Http request from downstream service, and/or delaying
|
|
proxying of requests. A fault rule MUST HAVE delay or abort or both.</p>
|
|
|
|
<p><em>Note:</em> Delay and abort faults are independent of one another, even if
|
|
both are specified simultaneously.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPFaultInjection.delay">
|
|
<td><code>delay</code></td>
|
|
<td><code><a href="#HTTPFaultInjection.Delay">HTTPFaultInjection.Delay</a></code></td>
|
|
<td>
|
|
<p>Delay requests before forwarding, emulating various failures such as
|
|
network issues, overloaded upstream service, etc.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPFaultInjection.abort">
|
|
<td><code>abort</code></td>
|
|
<td><code><a href="#HTTPFaultInjection.Abort">HTTPFaultInjection.Abort</a></code></td>
|
|
<td>
|
|
<p>Abort Http request attempts and return error codes back to downstream
|
|
service, giving the impression that the upstream service is faulty.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPFaultInjection.Abort">HTTPFaultInjection.Abort</h2>
|
|
<section>
|
|
<p>Abort specification is used to prematurely abort a request with a
|
|
pre-specified error code. The following example will return an HTTP
|
|
400 error code for 10% of the requests to the “ratings” service “v1”.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: ratings-route
|
|
spec:
|
|
hosts:
|
|
- ratings.prod.svc.cluster.local
|
|
http:
|
|
- route:
|
|
- destination:
|
|
host: ratings.prod.svc.cluster.local
|
|
subset: v1
|
|
fault:
|
|
abort:
|
|
percent: 10
|
|
httpStatus: 400
|
|
</code></pre>
|
|
|
|
<p>The <em>httpStatus</em> field is used to indicate the HTTP status code to
|
|
return to the caller. The optional <em>percent</em> field, a value between 0
|
|
and 100, is used to only abort a certain percentage of requests. If
|
|
not specified, all requests are aborted.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPFaultInjection.Abort.percent">
|
|
<td><code>percent</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Percentage of requests to be aborted with the error code provided (0-100).</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPFaultInjection.Abort.http_status" class="oneof oneof-start">
|
|
<td><code>httpStatus</code></td>
|
|
<td><code>int32 (oneof)</code></td>
|
|
<td>
|
|
<p>REQUIRED. HTTP status code to use to abort the Http request.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPFaultInjection.Delay">HTTPFaultInjection.Delay</h2>
|
|
<section>
|
|
<p>Delay specification is used to inject latency into the request
|
|
forwarding path. The following example will introduce a 5 second delay
|
|
in 10% of the requests to the “v1” version of the “reviews”
|
|
service from all pods with label env: prod</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: reviews-route
|
|
spec:
|
|
hosts:
|
|
- reviews.prod.svc.cluster.local
|
|
http:
|
|
- match:
|
|
- sourceLabels:
|
|
env: prod
|
|
route:
|
|
- destination:
|
|
host: reviews.prod.svc.cluster.local
|
|
subset: v1
|
|
fault:
|
|
delay:
|
|
percent: 10
|
|
fixedDelay: 5s
|
|
</code></pre>
|
|
|
|
<p>The <em>fixedDelay</em> field is used to indicate the amount of delay in
|
|
seconds. An optional <em>percent</em> field, a value between 0 and 100, can
|
|
be used to only delay a certain percentage of requests. If left
|
|
unspecified, all request will be delayed.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPFaultInjection.Delay.percent">
|
|
<td><code>percent</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Percentage of requests on which the delay will be injected (0-100).</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPFaultInjection.Delay.fixed_delay" class="oneof oneof-start">
|
|
<td><code>fixedDelay</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration (oneof)</a></code></td>
|
|
<td>
|
|
<p>REQUIRED. Add a fixed delay before forwarding the request. Format:
|
|
1h/1m/1s/1ms. MUST be >=1ms.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPMatchRequest">HTTPMatchRequest</h2>
|
|
<section>
|
|
<p>HttpMatchRequest specifies a set of criterion to be met in order for the
|
|
rule to be applied to the HTTP request. For example, the following
|
|
restricts the rule to match only requests where the URL path
|
|
starts with /ratings/v2/ and the request contains a <code>cookie</code> with value
|
|
<code>user=jason</code>.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: ratings-route
|
|
spec:
|
|
hosts:
|
|
- ratings.prod.svc.cluster.local
|
|
http:
|
|
- match:
|
|
- headers:
|
|
cookie:
|
|
regex: "^(.*?;)?(user=jason)(;.*)?"
|
|
uri:
|
|
prefix: "/ratings/v2/"
|
|
route:
|
|
- destination:
|
|
host: ratings.prod.svc.cluster.local
|
|
</code></pre>
|
|
|
|
<p>HTTPMatchRequest CANNOT be empty.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPMatchRequest.uri">
|
|
<td><code>uri</code></td>
|
|
<td><code><a href="#StringMatch">StringMatch</a></code></td>
|
|
<td>
|
|
<p>URI to match
|
|
values are case-sensitive and formatted as follows:</p>
|
|
|
|
<ul>
|
|
<li><p><code>exact: "value"</code> for exact string match</p></li>
|
|
|
|
<li><p><code>prefix: "value"</code> for prefix-based match</p></li>
|
|
|
|
<li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li>
|
|
</ul>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.scheme">
|
|
<td><code>scheme</code></td>
|
|
<td><code><a href="#StringMatch">StringMatch</a></code></td>
|
|
<td>
|
|
<p>URI Scheme
|
|
values are case-sensitive and formatted as follows:</p>
|
|
|
|
<ul>
|
|
<li><p><code>exact: "value"</code> for exact string match</p></li>
|
|
|
|
<li><p><code>prefix: "value"</code> for prefix-based match</p></li>
|
|
|
|
<li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li>
|
|
</ul>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.method">
|
|
<td><code>method</code></td>
|
|
<td><code><a href="#StringMatch">StringMatch</a></code></td>
|
|
<td>
|
|
<p>HTTP Method
|
|
values are case-sensitive and formatted as follows:</p>
|
|
|
|
<ul>
|
|
<li><p><code>exact: "value"</code> for exact string match</p></li>
|
|
|
|
<li><p><code>prefix: "value"</code> for prefix-based match</p></li>
|
|
|
|
<li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li>
|
|
</ul>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.authority">
|
|
<td><code>authority</code></td>
|
|
<td><code><a href="#StringMatch">StringMatch</a></code></td>
|
|
<td>
|
|
<p>HTTP Authority
|
|
values are case-sensitive and formatted as follows:</p>
|
|
|
|
<ul>
|
|
<li><p><code>exact: "value"</code> for exact string match</p></li>
|
|
|
|
<li><p><code>prefix: "value"</code> for prefix-based match</p></li>
|
|
|
|
<li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li>
|
|
</ul>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.headers">
|
|
<td><code>headers</code></td>
|
|
<td><code>map<string, <a href="#StringMatch">StringMatch</a>></code></td>
|
|
<td>
|
|
<p>The header keys must be lowercase and use hyphen as the separator,
|
|
e.g. <em>x-request-id</em>.</p>
|
|
|
|
<p>Header values are case-sensitive and formatted as follows:</p>
|
|
|
|
<ul>
|
|
<li><p><code>exact: "value"</code> for exact string match</p></li>
|
|
|
|
<li><p><code>prefix: "value"</code> for prefix-based match</p></li>
|
|
|
|
<li><p><code>regex: "value"</code> for ECMAscript style regex-based match</p></li>
|
|
</ul>
|
|
|
|
<p><strong>Note:</strong> The keys <code>uri</code>, <code>scheme</code>, <code>method</code>, and <code>authority</code> will be ignored.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.port">
|
|
<td><code>port</code></td>
|
|
<td><code>uint32</code></td>
|
|
<td>
|
|
<p>Specifies the ports on the host that is being addressed. Many services
|
|
only expose a single port or label ports with the protocols they support,
|
|
in these cases it is not required to explicitly select the port.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.source_labels">
|
|
<td><code>sourceLabels</code></td>
|
|
<td><code>map<string, string></code></td>
|
|
<td>
|
|
<p>One or more labels that constrain the applicability of a rule to
|
|
workloads with the given labels. If the VirtualService has a list of
|
|
gateways specified at the top, it should include the reserved gateway
|
|
<code>mesh</code> in order for this field to be applicable.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPMatchRequest.gateways">
|
|
<td><code>gateways</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>Names of gateways where the rule should be applied to. Gateway names
|
|
at the top of the VirtualService (if any) are overridden. The gateway match is
|
|
independent of sourceLabels.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPRedirect">HTTPRedirect</h2>
|
|
<section>
|
|
<p>HTTPRedirect can be used to send a 302 redirect response to the caller,
|
|
where the Authority/Host and the URI in the response can be swapped with
|
|
the specified values. For example, the following rule redirects
|
|
requests for /v1/getProductRatings API on the ratings service to
|
|
/v1/bookRatings provided by the bookratings service.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: ratings-route
|
|
spec:
|
|
hosts:
|
|
- ratings.prod.svc.cluster.local
|
|
http:
|
|
- match:
|
|
- uri:
|
|
exact: /v1/getProductRatings
|
|
redirect:
|
|
uri: /v1/bookRatings
|
|
authority: newratings.default.svc.cluster.local
|
|
...
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPRedirect.uri">
|
|
<td><code>uri</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>On a redirect, overwrite the Path portion of the URL with this
|
|
value. Note that the entire path will be replaced, irrespective of the
|
|
request URI being matched as an exact path or prefix.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRedirect.authority">
|
|
<td><code>authority</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>On a redirect, overwrite the Authority/Host portion of the URL with
|
|
this value.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPRetry">HTTPRetry</h2>
|
|
<section>
|
|
<p>Describes the retry policy to use when a HTTP request fails. For
|
|
example, the following rule sets the maximum number of retries to 3 when
|
|
calling ratings:v1 service, with a 2s timeout per retry attempt.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: ratings-route
|
|
spec:
|
|
hosts:
|
|
- ratings.prod.svc.cluster.local
|
|
http:
|
|
- route:
|
|
- destination:
|
|
host: ratings.prod.svc.cluster.local
|
|
subset: v1
|
|
retries:
|
|
attempts: 3
|
|
perTryTimeout: 2s
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPRetry.attempts">
|
|
<td><code>attempts</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>REQUIRED. Number of retries for a given request. The interval
|
|
between retries will be determined automatically (25ms+). Actual
|
|
number of retries attempted depends on the httpReqTimeout.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRetry.per_try_timeout">
|
|
<td><code>perTryTimeout</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
|
<td>
|
|
<p>Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPRewrite">HTTPRewrite</h2>
|
|
<section>
|
|
<p>HTTPRewrite can be used to rewrite specific parts of a HTTP request
|
|
before forwarding the request to the destination. Rewrite primitive can
|
|
be used only with the DestinationWeights. The following example
|
|
demonstrates how to rewrite the URL prefix for api call (/ratings) to
|
|
ratings service before making the actual API call.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: ratings-route
|
|
spec:
|
|
hosts:
|
|
- ratings.prod.svc.cluster.local
|
|
http:
|
|
- match:
|
|
- uri:
|
|
prefix: /ratings
|
|
rewrite:
|
|
uri: /v1/bookRatings
|
|
route:
|
|
- destination:
|
|
host: ratings.prod.svc.cluster.local
|
|
subset: v1
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPRewrite.uri">
|
|
<td><code>uri</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>rewrite the path (or the prefix) portion of the URI with this
|
|
value. If the original URI was matched based on prefix, the value
|
|
provided in this field will replace the corresponding matched prefix.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRewrite.authority">
|
|
<td><code>authority</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>rewrite the Authority/Host header with this value.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="HTTPRoute">HTTPRoute</h2>
|
|
<section>
|
|
<p>Describes match conditions and actions for routing HTTP/1.1, HTTP2, and
|
|
gRPC traffic. See VirtualService for usage examples.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="HTTPRoute.match">
|
|
<td><code>match</code></td>
|
|
<td><code><a href="#HTTPMatchRequest">HTTPMatchRequest[]</a></code></td>
|
|
<td>
|
|
<p>Match conditions to be satisfied for the rule to be
|
|
activated. All conditions inside a single match block have AND
|
|
semantics, while the list of match blocks have OR semantics. The rule
|
|
is matched if any one of the match blocks succeed.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.route">
|
|
<td><code>route</code></td>
|
|
<td><code><a href="#DestinationWeight">DestinationWeight[]</a></code></td>
|
|
<td>
|
|
<p>A http rule can either redirect or forward (default) traffic. The
|
|
forwarding target can be one of several versions of a service (see
|
|
glossary in beginning of document). Weights associated with the
|
|
service version determine the proportion of traffic it receives.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.redirect">
|
|
<td><code>redirect</code></td>
|
|
<td><code><a href="#HTTPRedirect">HTTPRedirect</a></code></td>
|
|
<td>
|
|
<p>A http rule can either redirect or forward (default) traffic. If
|
|
traffic passthrough option is specified in the rule,
|
|
route/redirect will be ignored. The redirect primitive can be used to
|
|
send a HTTP 302 redirect to a different URI or Authority.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.rewrite">
|
|
<td><code>rewrite</code></td>
|
|
<td><code><a href="#HTTPRewrite">HTTPRewrite</a></code></td>
|
|
<td>
|
|
<p>Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with
|
|
Redirect primitive. Rewrite will be performed before forwarding.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.websocket_upgrade">
|
|
<td><code>websocketUpgrade</code></td>
|
|
<td><code>bool</code></td>
|
|
<td>
|
|
<p>Indicates that a HTTP/1.1 client connection to this particular route
|
|
should be allowed (and expected) to upgrade to a WebSocket connection.
|
|
The default is false. Istio’s reference sidecar implementation (Envoy)
|
|
expects the first request to this route to contain the WebSocket
|
|
upgrade headers. Otherwise, the request will be rejected. Note that
|
|
Websocket allows secondary protocol negotiation which may then be
|
|
subject to further routing rules based on the protocol selected.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.timeout">
|
|
<td><code>timeout</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
|
<td>
|
|
<p>Timeout for HTTP requests.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.retries">
|
|
<td><code>retries</code></td>
|
|
<td><code><a href="#HTTPRetry">HTTPRetry</a></code></td>
|
|
<td>
|
|
<p>Retry policy for HTTP requests.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.fault">
|
|
<td><code>fault</code></td>
|
|
<td><code><a href="#HTTPFaultInjection">HTTPFaultInjection</a></code></td>
|
|
<td>
|
|
<p>Fault injection policy to apply on HTTP traffic.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.mirror">
|
|
<td><code>mirror</code></td>
|
|
<td><code><a href="#Destination">Destination</a></code></td>
|
|
<td>
|
|
<p>Mirror HTTP traffic to a another destination in addition to forwarding
|
|
the requests to the intended destination. Mirrored traffic is on a
|
|
best effort basis where the sidecar/gateway will not wait for the
|
|
mirrored cluster to respond before returning the response from the
|
|
original destination. Statistics will be generated for the mirrored
|
|
destination.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.cors_policy">
|
|
<td><code>corsPolicy</code></td>
|
|
<td><code><a href="#CorsPolicy">CorsPolicy</a></code></td>
|
|
<td>
|
|
<p>Cross-Origin Resource Sharing policy (CORS). Refer to
|
|
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access<em>control</em>CORS
|
|
for further details about cross origin resource sharing.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="HTTPRoute.append_headers">
|
|
<td><code>appendHeaders</code></td>
|
|
<td><code>map<string, string></code></td>
|
|
<td>
|
|
<p>Additional HTTP headers to add before forwarding a request to the
|
|
destination service.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="L4MatchAttributes">L4MatchAttributes</h2>
|
|
<section>
|
|
<p>L4 connection match attributes. Note that L4 connection matching support
|
|
is incomplete.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="L4MatchAttributes.destination_subnet">
|
|
<td><code>destinationSubnet</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>IPv4 or IPv6 ip address of destination with optional subnet. E.g.,
|
|
a.b.c.d/xx form or just a.b.c.d. This is only valid when the
|
|
destination service has several IPs and the application explicitly
|
|
specifies a particular IP.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="L4MatchAttributes.port">
|
|
<td><code>port</code></td>
|
|
<td><code>uint32</code></td>
|
|
<td>
|
|
<p>Specifies the port on the host that is being addressed. Many services
|
|
only expose a single port or label ports with the protocols they support,
|
|
in these cases it is not required to explicitly select the port.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="L4MatchAttributes.source_subnet">
|
|
<td><code>sourceSubnet</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx
|
|
form or just a.b.c.d</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="L4MatchAttributes.source_labels">
|
|
<td><code>sourceLabels</code></td>
|
|
<td><code>map<string, string></code></td>
|
|
<td>
|
|
<p>One or more labels that constrain the applicability of a rule to
|
|
workloads with the given labels. If the VirtualService has a list of
|
|
gateways specified at the top, it should include the reserved gateway
|
|
<code>mesh</code> in order for this field to be applicable.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="L4MatchAttributes.gateways">
|
|
<td><code>gateways</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>Names of gateways where the rule should be applied to. Gateway names
|
|
at the top of the VirtualService (if any) are overridden. The gateway match is
|
|
independent of sourceLabels.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="LoadBalancerSettings">LoadBalancerSettings</h2>
|
|
<section>
|
|
<p>Load balancing policies to apply for a specific destination. See Envoy’s
|
|
load balancing
|
|
<a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html">documentation</a>
|
|
for more details.</p>
|
|
|
|
<p>For example, the following rule uses a round robin load balancing policy
|
|
for all traffic going to the ratings service.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-ratings
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
simple: ROUND_ROBIN
|
|
</code></pre>
|
|
|
|
<p>The following example uses the consistent hashing based load balancer
|
|
for the same ratings service using the Cookie header as the hash key.</p>
|
|
|
|
<pre><code class="language-yaml"> apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-ratings
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
consistentHash:
|
|
http_header: Cookie
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="LoadBalancerSettings.simple" class="oneof oneof-start">
|
|
<td><code>simple</code></td>
|
|
<td><code><a href="#LoadBalancerSettings.SimpleLB">LoadBalancerSettings.SimpleLB (oneof)</a></code></td>
|
|
<td>
|
|
</td>
|
|
</tr>
|
|
<tr id="LoadBalancerSettings.consistent_hash" class="oneof">
|
|
<td><code>consistentHash</code></td>
|
|
<td><code><a href="#LoadBalancerSettings.ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB (oneof)</a></code></td>
|
|
<td>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="LoadBalancerSettings.ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB</h2>
|
|
<section>
|
|
<p>Consistent hashing (ketama hash) based load balancer for even load
|
|
distribution/redistribution when the connection pool changes. This
|
|
load balancing policy is applicable only for HTTP-based
|
|
connections. A user specified HTTP header is used as the key with
|
|
<a href="http://cyan4973.github.io/xxHash">xxHash</a> hashing.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="LoadBalancerSettings.ConsistentHashLB.http_header">
|
|
<td><code>httpHeader</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED. The name of the HTTP request header that will be used to
|
|
obtain the hash key. If the request header is not present, the load
|
|
balancer will use a random number as the hash, effectively making
|
|
the load balancing policy random.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="LoadBalancerSettings.ConsistentHashLB.minimum_ring_size">
|
|
<td><code>minimumRingSize</code></td>
|
|
<td><code>uint32</code></td>
|
|
<td>
|
|
<p>The minimum number of virtual nodes to use for the hash
|
|
ring. Defaults to 1024. Larger ring sizes result in more granular
|
|
load distributions. If the number of hosts in the load balancing
|
|
pool is larger than the ring size, each host will be assigned a
|
|
single virtual node.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="LoadBalancerSettings.SimpleLB">LoadBalancerSettings.SimpleLB</h2>
|
|
<section>
|
|
<p>Standard load balancing algorithms that require no tuning.</p>
|
|
|
|
<table class="enum-values">
|
|
<thead>
|
|
<tr>
|
|
<th>Name</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="LoadBalancerSettings.SimpleLB.ROUND_ROBIN">
|
|
<td><code>ROUND_ROBIN</code></td>
|
|
<td>
|
|
<p>Round Robin policy. Default</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="LoadBalancerSettings.SimpleLB.LEAST_CONN">
|
|
<td><code>LEAST_CONN</code></td>
|
|
<td>
|
|
<p>The least request load balancer uses an O(1) algorithm which selects
|
|
two random healthy hosts and picks the host which has fewer active
|
|
requests.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="LoadBalancerSettings.SimpleLB.RANDOM">
|
|
<td><code>RANDOM</code></td>
|
|
<td>
|
|
<p>The random load balancer selects a random healthy host. The random
|
|
load balancer generally performs better than round robin if no health
|
|
checking policy is configured.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="LoadBalancerSettings.SimpleLB.PASSTHROUGH">
|
|
<td><code>PASSTHROUGH</code></td>
|
|
<td>
|
|
<p>This option will forward the connection to the original IP address
|
|
requested by the caller without doing any form of load
|
|
balancing. This option must be used with care. It is meant for
|
|
advanced use cases. Refer to Original Destination load balancer in
|
|
Envoy for further details.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="OutlierDetection">OutlierDetection</h2>
|
|
<section>
|
|
<p>A Circuit breaker implementation that tracks the status of each
|
|
individual host in the upstream service. While currently applicable to
|
|
only HTTP services, future versions will support opaque TCP services as
|
|
well. For HTTP services, hosts that continually return errors for API
|
|
calls are ejected from the pool for a pre-defined period of time. See
|
|
Envoy’s <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/outlier">outlier
|
|
detection</a>
|
|
for more details.</p>
|
|
|
|
<p>The following rule sets a connection pool size of 100 connections and
|
|
1000 concurrent HTTP2 requests, with no more than 10 req/connection to
|
|
“reviews” service. In addition, it configures upstream hosts to be
|
|
scanned every 5 mins, such that any host that fails 7 consecutive times
|
|
with 5XX error code will be ejected for 15 minutes.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: reviews-cb-policy
|
|
spec:
|
|
host: reviews.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
connectionPool:
|
|
tcp:
|
|
maxConnections: 100
|
|
http:
|
|
http2MaxRequests: 1000
|
|
maxRequestsPerConnection: 10
|
|
outlierDetection:
|
|
http:
|
|
consecutiveErrors: 7
|
|
interval: 5m
|
|
baseEjectionTime: 15m
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="OutlierDetection.http">
|
|
<td><code>http</code></td>
|
|
<td><code><a href="#OutlierDetection.HTTPSettings">OutlierDetection.HTTPSettings</a></code></td>
|
|
<td>
|
|
<p>Settings for HTTP1.1/HTTP2/GRPC connections.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="OutlierDetection.HTTPSettings">OutlierDetection.HTTPSettings</h2>
|
|
<section>
|
|
<p>Outlier detection settings for HTTP1.1/HTTP2/GRPC connections.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="OutlierDetection.HTTPSettings.consecutive_errors">
|
|
<td><code>consecutiveErrors</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Number of 5XX errors before a host is ejected from the connection
|
|
pool. Defaults to 5.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="OutlierDetection.HTTPSettings.interval">
|
|
<td><code>interval</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
|
<td>
|
|
<p>Time interval between ejection sweep analysis. format:
|
|
1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="OutlierDetection.HTTPSettings.base_ejection_time">
|
|
<td><code>baseEjectionTime</code></td>
|
|
<td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">google.protobuf.Duration</a></code></td>
|
|
<td>
|
|
<p>Minimum ejection duration. A host will remain ejected for a period
|
|
equal to the product of minimum ejection duration and the number of
|
|
times the host has been ejected. This technique allows the system to
|
|
automatically increase the ejection period for unhealthy upstream
|
|
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="OutlierDetection.HTTPSettings.max_ejection_percent">
|
|
<td><code>maxEjectionPercent</code></td>
|
|
<td><code>int32</code></td>
|
|
<td>
|
|
<p>Maximum % of hosts in the load balancing pool for the upstream
|
|
service that can be ejected. Defaults to 10%.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Port">Port</h2>
|
|
<section>
|
|
<p>Port describes the properties of a specific port of a service.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Port.number">
|
|
<td><code>number</code></td>
|
|
<td><code>uint32</code></td>
|
|
<td>
|
|
<p>REQUIRED: A valid non-negative integer port number.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Port.protocol">
|
|
<td><code>protocol</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED: The protocol exposed on the port.
|
|
MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TCP-TLS.
|
|
TCP-TLS is used to indicate secure connections to non HTTP services.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Port.name">
|
|
<td><code>name</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>Label assigned to the port.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="PortSelector">PortSelector</h2>
|
|
<section>
|
|
<p>PortSelector specifies the number of a port to be used for
|
|
matching or selection for final routing.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="PortSelector.number" class="oneof oneof-start">
|
|
<td><code>number</code></td>
|
|
<td><code>uint32 (oneof)</code></td>
|
|
<td>
|
|
<p>Valid port number</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Server">Server</h2>
|
|
<section>
|
|
<p><code>Server</code> describes the properties of the proxy on a given load balancer
|
|
port. For example,</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: Gateway
|
|
metadata:
|
|
name: my-ingress
|
|
spec:
|
|
selector:
|
|
app: my-ingress-gateway
|
|
servers:
|
|
- port:
|
|
number: 80
|
|
name: http2
|
|
protocol: HTTP2
|
|
hosts:
|
|
- "*"
|
|
</code></pre>
|
|
|
|
<p>Another example</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: Gateway
|
|
metadata:
|
|
name: my-tcp-ingress
|
|
spec:
|
|
selector:
|
|
app: my-tcp-ingress-gateway
|
|
servers:
|
|
- port:
|
|
number: 27018
|
|
name: mongo
|
|
protocol: MONGO
|
|
hosts:
|
|
- "*"
|
|
</code></pre>
|
|
|
|
<p>The following is an example of TLS configuration for port 443</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: Gateway
|
|
metadata:
|
|
name: my-tls-ingress
|
|
spec:
|
|
selector:
|
|
app: my-tls-ingress-gateway
|
|
servers:
|
|
- port:
|
|
number: 443
|
|
name: https
|
|
protocol: HTTPS
|
|
hosts:
|
|
- "*"
|
|
tls:
|
|
mode: SIMPLE
|
|
serverCertificate: /etc/certs/server.pem
|
|
privateKey: /etc/certs/privatekey.pem
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Server.port">
|
|
<td><code>port</code></td>
|
|
<td><code><a href="#Port">Port</a></code></td>
|
|
<td>
|
|
<p>REQUIRED: The Port on which the proxy should listen for incoming
|
|
connections</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.hosts">
|
|
<td><code>hosts</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>REQUIRED. A list of hosts exposed by this gateway. At least one
|
|
host is required. While typically applicable to
|
|
HTTP services, it can also be used for TCP services using TLS with
|
|
SNI. May contain a wildcard prefix for the bottom-level component of
|
|
a domain name. For example <code>*.foo.com</code> matches <code>bar.foo.com</code>
|
|
and <code>*.com</code> matches <code>bar.foo.com</code>, <code>example.com</code>, and so on.</p>
|
|
|
|
<p><strong>Note</strong>: A <code>VirtualService</code> that is bound to a gateway must have one
|
|
or more hosts that match the hosts specified in a server. The match
|
|
could be an exact match or a suffix match with the server’s hosts. For
|
|
example, if the server’s hosts specifies “*.example.com”,
|
|
VirtualServices with hosts dev.example.com, prod.example.com will
|
|
match. However, VirtualServices with hosts example.com or
|
|
newexample.com will not match.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.tls">
|
|
<td><code>tls</code></td>
|
|
<td><code><a href="#Server.TLSOptions">Server.TLSOptions</a></code></td>
|
|
<td>
|
|
<p>Set of TLS related options that govern the server’s behavior. Use
|
|
these options to control if all http requests should be redirected to
|
|
https, and the TLS modes to use.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Server.TLSOptions">Server.TLSOptions</h2>
|
|
<section>
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Server.TLSOptions.https_redirect">
|
|
<td><code>httpsRedirect</code></td>
|
|
<td><code>bool</code></td>
|
|
<td>
|
|
<p>If set to true, the load balancer will send a 302 redirect for all
|
|
http connections, asking the clients to use HTTPS.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.mode">
|
|
<td><code>mode</code></td>
|
|
<td><code><a href="#Server.TLSOptions.TLSmode">Server.TLSOptions.TLSmode</a></code></td>
|
|
<td>
|
|
<p>Optional: Indicates whether connections to this port should be
|
|
secured using TLS. The value of this field determines how TLS is
|
|
enforced.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.server_certificate">
|
|
<td><code>serverCertificate</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED if mode is <code>SIMPLE</code> or <code>MUTUAL</code>. The path to the file
|
|
holding the server-side TLS certificate to use.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.private_key">
|
|
<td><code>privateKey</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED if mode is <code>SIMPLE</code> or <code>MUTUAL</code>. The path to the file
|
|
holding the server’s private key.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.ca_certificates">
|
|
<td><code>caCertificates</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED if mode is <code>MUTUAL</code>. The path to a file containing
|
|
certificate authority certificates to use in verifying a presented
|
|
client side certificate.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.subject_alt_names">
|
|
<td><code>subjectAltNames</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>A list of alternate names to verify the subject identity in the
|
|
certificate presented by the client.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Server.TLSOptions.TLSmode">Server.TLSOptions.TLSmode</h2>
|
|
<section>
|
|
<p>TLS modes enforced by the proxy</p>
|
|
|
|
<table class="enum-values">
|
|
<thead>
|
|
<tr>
|
|
<th>Name</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Server.TLSOptions.TLSmode.PASSTHROUGH">
|
|
<td><code>PASSTHROUGH</code></td>
|
|
<td>
|
|
<p>Forward the connection to the upstream server selected based on
|
|
the SNI string presented by the client.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.TLSmode.SIMPLE">
|
|
<td><code>SIMPLE</code></td>
|
|
<td>
|
|
<p>Secure connections with standard TLS semantics.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Server.TLSOptions.TLSmode.MUTUAL">
|
|
<td><code>MUTUAL</code></td>
|
|
<td>
|
|
<p>Secure connections to the upstream using mutual TLS by presenting
|
|
client certificates for authentication.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="ServiceEntry">ServiceEntry</h2>
|
|
<section>
|
|
<p><code>ServiceEntry</code> enables adding additional entries into Istio’s internal
|
|
service registry, so that auto-discovered services in the mesh can
|
|
access/route to these manually specified services. A service entry
|
|
describes the properties of a service (DNS name, VIPs ,ports, protocols,
|
|
endpoints). These services could be external to the mesh (e.g., web
|
|
APIs) or mesh-internal services that are not part of the platform’s
|
|
service registry (e.g., a set of VMs talking to services in Kubernetes).</p>
|
|
|
|
<p>The following configuration adds a set of MongoDB instances running on
|
|
unmanaged VMs to Istio’s registry, so that these services can be treated
|
|
as any other service in the mesh. The associated DestinationRule is used
|
|
to initiate mTLS connections to the database instances.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: ServiceEntry
|
|
metadata:
|
|
name: external-svc-mongocluster
|
|
spec:
|
|
hosts:
|
|
- mymongodb.somedomain # not used
|
|
addresses:
|
|
- 192.192.192.192/24 # VIPs
|
|
ports:
|
|
- number: 27018
|
|
name: mongodb
|
|
protocol: MONGO
|
|
location: MESH_INTERNAL
|
|
resolution: STATIC
|
|
endpoints:
|
|
- address: 2.2.2.2
|
|
- address: 3.3.3.3
|
|
</code></pre>
|
|
|
|
<p>and the associated DestinationRule</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: mtls-mongocluster
|
|
spec:
|
|
host: mymongodb.somedomain
|
|
trafficPolicy:
|
|
tls:
|
|
mode: MUTUAL
|
|
clientCertificate: /etc/certs/myclientcert.pem
|
|
privateKey: /etc/certs/client_private_key.pem
|
|
caCertificates: /etc/certs/rootcacerts.pem
|
|
</code></pre>
|
|
|
|
<p>The following example demonstrates the use of wildcards in the hosts for
|
|
external services. If the connection has to be routed to the IP address
|
|
requested by the application (i.e. application resolves DNS and attempts
|
|
to connect to a specific IP), the discovery mode must be set to <code>NONE</code>.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: ServiceEntry
|
|
metadata:
|
|
name: external-svc-wildcard-example
|
|
spec:
|
|
hosts:
|
|
- "*.bar.com"
|
|
location: MESH_EXTERNAL
|
|
ports:
|
|
- number: 80
|
|
name: http
|
|
protocol: HTTP
|
|
resolution: NONE
|
|
</code></pre>
|
|
|
|
<p>The following example demonstrates a service that is available via a
|
|
Unix Domain Socket on the host of the client. The resolution must be
|
|
set to STATIC to use unix address endpoints.</p>
|
|
|
|
<pre><code>apiVersion: networking.istio.io/v1alpha3
|
|
kind: ServiceEntry
|
|
metadata:
|
|
name: unix-domain-socket-example
|
|
spec:
|
|
hosts:
|
|
- "example.unix.local"
|
|
location: MESH_EXTERNAL
|
|
ports:
|
|
- number: 80
|
|
name: http
|
|
protocol: HTTP
|
|
resolution: STATIC
|
|
endpoints:
|
|
- address: unix:///var/run/example/socket
|
|
</code></pre>
|
|
|
|
<p>For HTTP based services, it is possible to create a VirtualService
|
|
backed by multiple DNS addressable endpoints. In such a scenario, the
|
|
application can use the HTTP_PROXY environment variable to transparently
|
|
reroute API calls for the VirtualService to a chosen backend. For
|
|
example, the following configuration creates a non-existent external
|
|
service called foo.bar.com backed by three domains: us.foo.bar.com:8443,
|
|
uk.foo.bar.com:9443, and in.foo.bar.com:7443</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: ServiceEntry
|
|
metadata:
|
|
name: external-svc-dns
|
|
spec:
|
|
hosts:
|
|
- foo.bar.com
|
|
location: MESH_EXTERNAL
|
|
ports:
|
|
- number: 443
|
|
name: https
|
|
protocol: HTTP
|
|
resolution: DNS
|
|
endpoints:
|
|
- address: us.foo.bar.com
|
|
ports:
|
|
https: 8443
|
|
- address: uk.foo.bar.com
|
|
ports:
|
|
https: 9443
|
|
- address: in.foo.bar.com
|
|
ports:
|
|
https: 7443
|
|
</code></pre>
|
|
|
|
<p>and a DestinationRule to initiate TLS connections to the ServiceEntry.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: tls-foobar
|
|
spec:
|
|
host: foo.bar.com
|
|
trafficPolicy:
|
|
tls:
|
|
mode: SIMPLE # initiates HTTPS
|
|
</code></pre>
|
|
|
|
<p>With HTTP_PROXY=http://localhost:443, calls from the application to
|
|
http://foo.bar.com will be upgraded to HTTPS and load balanced across
|
|
the three domains specified above. In other words, a call to
|
|
http://foo.bar.com/baz would be translated to
|
|
https://uk.foo.bar.com/baz.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ServiceEntry.hosts">
|
|
<td><code>hosts</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>REQUIRED. The hosts associated with the ServiceEntry. Could be a DNS
|
|
name with wildcard prefix (external services only). DNS names in hosts
|
|
will be ignored if the application accesses the service over non-HTTP
|
|
protocols such as mongo/opaque TCP/even HTTPS. In such scenarios, the
|
|
IP addresses specified in the Addresses field or the port will be used
|
|
to uniquely identify the destination.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.addresses">
|
|
<td><code>addresses</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>The virtual IP addresses associated with the service. Could be CIDR
|
|
prefix. For HTTP services, the addresses field will be ignored and
|
|
the destination will be identified based on the HTTP Host/Authority
|
|
header. For non-HTTP protocols such as mongo/opaque TCP/even HTTPS,
|
|
the hosts will be ignored. If one or more IP addresses are specified,
|
|
the incoming traffic will be idenfified as belonging to this service
|
|
if the destination IP matches the IP/CIDRs specified in the addresses
|
|
field. If the Addresses field is empty, traffic will be identified
|
|
solely based on the destination port. In such scenarios, the port on
|
|
which the service is being accessed must not be shared by any other
|
|
service in the mesh. In other words, the sidecar will behave as a
|
|
simple TCP proxy, forwarding incoming traffic on a specified port to
|
|
the specified destination endpoint IP/host. Unix domain socket
|
|
addresses are not supported in this field.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.ports">
|
|
<td><code>ports</code></td>
|
|
<td><code><a href="#Port">Port[]</a></code></td>
|
|
<td>
|
|
<p>REQUIRED. The ports associated with the external service. If the
|
|
Endpoints are unix domain socket addresses, there must be exactly one
|
|
port.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.location">
|
|
<td><code>location</code></td>
|
|
<td><code><a href="#ServiceEntry.Location">ServiceEntry.Location</a></code></td>
|
|
<td>
|
|
<p>Specify whether the service should be considered external to the mesh
|
|
or part of the mesh.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.resolution">
|
|
<td><code>resolution</code></td>
|
|
<td><code><a href="#ServiceEntry.Resolution">ServiceEntry.Resolution</a></code></td>
|
|
<td>
|
|
<p>Service discovery mode for the hosts. If not set, Istio will attempt
|
|
to infer the discovery mode based on the value of hosts and endpoints.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.endpoints">
|
|
<td><code>endpoints</code></td>
|
|
<td><code><a href="#ServiceEntry.Endpoint">ServiceEntry.Endpoint[]</a></code></td>
|
|
<td>
|
|
<p>One or more endpoints associated with the service.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="ServiceEntry.Endpoint">ServiceEntry.Endpoint</h2>
|
|
<section>
|
|
<p>Endpoint defines a network address (IP or hostname) associated with
|
|
the mesh service.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ServiceEntry.Endpoint.address">
|
|
<td><code>address</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED: Address associated with the network endpoint without the
|
|
port. Domain names can be used if and only if the resolution is set
|
|
to DNS, and must be fully-qualified without wildcards. Use the form
|
|
unix:///absolute/path/to/socket for unix domain socket endpoints.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.Endpoint.ports">
|
|
<td><code>ports</code></td>
|
|
<td><code>map<string, uint32></code></td>
|
|
<td>
|
|
<p>Set of ports associated with the endpoint. The ports must be
|
|
associated with a port name that was declared as part of the
|
|
service. Do not use for unix:// addresses.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.Endpoint.labels">
|
|
<td><code>labels</code></td>
|
|
<td><code>map<string, string></code></td>
|
|
<td>
|
|
<p>One or more labels associated with the endpoint.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="ServiceEntry.Location">ServiceEntry.Location</h2>
|
|
<section>
|
|
<p>Location specifies whether the service is part of Istio mesh or
|
|
outside the mesh. Location determines the behavior of several
|
|
features, such as service-to-service mTLS authentication, policy
|
|
enforcement, etc. When communicating with services outside the mesh,
|
|
Istio’s mTLS authentication is disabled, and policy enforcement is
|
|
performed on the client-side as opposed to server-side.</p>
|
|
|
|
<table class="enum-values">
|
|
<thead>
|
|
<tr>
|
|
<th>Name</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ServiceEntry.Location.MESH_EXTERNAL">
|
|
<td><code>MESH_EXTERNAL</code></td>
|
|
<td>
|
|
<p>Signifies that the service is external to the mesh. Typically used
|
|
to indicate external services consumed through APIs.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.Location.MESH_INTERNAL">
|
|
<td><code>MESH_INTERNAL</code></td>
|
|
<td>
|
|
<p>Signifies that the service is part of the mesh. Typically used to
|
|
indicate services added explicitly as part of expanding the service
|
|
mesh to include unmanaged infrastructure (e.g., VMs added to a
|
|
Kubernetes based service mesh).</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="ServiceEntry.Resolution">ServiceEntry.Resolution</h2>
|
|
<section>
|
|
<p>Resolution determines how the proxy will resolve the IP addresses of
|
|
the network endpoints associated with the service, so that it can
|
|
route to one of them. The resolution mode specified here has no impact
|
|
on how the application resolves the IP address associated with the
|
|
service. The application may still have to use DNS to resolve the
|
|
service to an IP so that the outbound traffic can be captured by the
|
|
Proxy. Alternatively, for HTTP services, the application could
|
|
directly communicate with the proxy (e.g., by setting HTTP_PROXY) to
|
|
talk to these services.</p>
|
|
|
|
<table class="enum-values">
|
|
<thead>
|
|
<tr>
|
|
<th>Name</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="ServiceEntry.Resolution.NONE">
|
|
<td><code>NONE</code></td>
|
|
<td>
|
|
<p>Assume that incoming connections have already been resolved (to a
|
|
specific destination IP address). Such connections are typically
|
|
routed via the proxy using mechanisms such as IP table REDIRECT/
|
|
eBPF. After performing any routing related transformations, the
|
|
proxy will forward the connection to the IP address to which the
|
|
connection was bound.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.Resolution.STATIC">
|
|
<td><code>STATIC</code></td>
|
|
<td>
|
|
<p>Use the static IP addresses specified in endpoints (see below) as the
|
|
backing instances associated with the service.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="ServiceEntry.Resolution.DNS">
|
|
<td><code>DNS</code></td>
|
|
<td>
|
|
<p>Attempt to resolve the IP address by querying the ambient DNS,
|
|
during request processing. If no endpoints are specified, the proxy
|
|
will resolve the DNS address specified in the hosts field, if
|
|
wildcards are not used. If endpoints are specified, the DNS
|
|
addresses specified in the endpoints will be resolved to determine
|
|
the destination IP address. DNS resolution cannot be used with unix
|
|
domain socket endpoints.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="StringMatch">StringMatch</h2>
|
|
<section>
|
|
<p>Describes how to match a given string in HTTP headers. Match is
|
|
case-sensitive.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="StringMatch.exact" class="oneof oneof-start">
|
|
<td><code>exact</code></td>
|
|
<td><code>string (oneof)</code></td>
|
|
<td>
|
|
<p>exact string match</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="StringMatch.prefix" class="oneof">
|
|
<td><code>prefix</code></td>
|
|
<td><code>string (oneof)</code></td>
|
|
<td>
|
|
<p>prefix-based match</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="StringMatch.regex" class="oneof">
|
|
<td><code>regex</code></td>
|
|
<td><code>string (oneof)</code></td>
|
|
<td>
|
|
<p>ECMAscript style regex-based match</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="Subset">Subset</h2>
|
|
<section>
|
|
<p>A subset of endpoints of a service. Subsets can be used for scenarios
|
|
like A/B testing, or routing to a specific version of a service. Refer
|
|
to <a href="#VirtualService">VirtualService</a> documentation for examples of using
|
|
subsets in these scenarios. In addition, traffic policies defined at the
|
|
service-level can be overridden at a subset-level. The following rule
|
|
uses a round robin load balancing policy for all traffic going to a
|
|
subset named testversion that is composed of endpoints (e.g., pods) with
|
|
labels (version:v3).</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: bookinfo-ratings
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
simple: LEAST_CONN
|
|
subsets:
|
|
- name: testversion
|
|
labels:
|
|
version: v3
|
|
trafficPolicy:
|
|
loadBalancer:
|
|
simple: ROUND_ROBIN
|
|
</code></pre>
|
|
|
|
<p><strong>Note:</strong> Policies specified for subsets will not take effect until
|
|
a route rule explicitly sends traffic to this subset.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="Subset.name">
|
|
<td><code>name</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED. Name of the subset. The service name and the subset name can
|
|
be used for traffic splitting in a route rule.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Subset.labels">
|
|
<td><code>labels</code></td>
|
|
<td><code>map<string, string></code></td>
|
|
<td>
|
|
<p>REQUIRED. Labels apply a filter over the endpoints of a service in the
|
|
service registry. See route rules for examples of usage.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="Subset.traffic_policy">
|
|
<td><code>trafficPolicy</code></td>
|
|
<td><code><a href="#TrafficPolicy">TrafficPolicy</a></code></td>
|
|
<td>
|
|
<p>Traffic policies that apply to this subset. Subsets inherit the
|
|
traffic policies specified at the DestinationRule level. Settings
|
|
specified at the subset level will override the corresponding settings
|
|
specified at the DestinationRule level.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="TCPRoute">TCPRoute</h2>
|
|
<section>
|
|
<p>Describes match conditions and actions for routing TCP traffic. The
|
|
following routing rule forwards traffic arriving at port 27017 for
|
|
mongo.prod.svc.cluster.local from 172.17.16.* subnet to another Mongo
|
|
server on port 5555.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: bookinfo-Mongo
|
|
spec:
|
|
hosts:
|
|
- mongo.prod.svc.cluster.local
|
|
tcp:
|
|
- match:
|
|
- port: 27017
|
|
sourceSubnet: "172.17.16.0/24"
|
|
route:
|
|
- destination:
|
|
host: mongo.backup.svc.cluster.local
|
|
port:
|
|
number: 5555
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="TCPRoute.match">
|
|
<td><code>match</code></td>
|
|
<td><code><a href="#L4MatchAttributes">L4MatchAttributes[]</a></code></td>
|
|
<td>
|
|
<p>Match conditions to be satisfied for the rule to be
|
|
activated. All conditions inside a single match block have AND
|
|
semantics, while the list of match blocks have OR semantics. The rule
|
|
is matched if any one of the match blocks succeed.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TCPRoute.route">
|
|
<td><code>route</code></td>
|
|
<td><code><a href="#DestinationWeight">DestinationWeight[]</a></code></td>
|
|
<td>
|
|
<p>The destination to which the connection should be forwarded to.
|
|
Currently, only one destination is allowed for TCP services. When TCP
|
|
weighted routing support is introduced in Envoy, multiple destinations
|
|
with weights can be specified.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="TLSSettings">TLSSettings</h2>
|
|
<section>
|
|
<p>SSL/TLS related settings for upstream connections. See Envoy’s <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v1/cluster_manager/cluster_ssl.html#config-cluster-manager-cluster-ssl">TLS
|
|
context</a>
|
|
for more details. These settings are common to both HTTP and TCP upstreams.</p>
|
|
|
|
<p>For example, the following rule configures a client to use mutual TLS
|
|
for connections to upstream database cluster.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: db-mtls
|
|
spec:
|
|
host: mydbserver.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
tls:
|
|
mode: MUTUAL
|
|
clientCertificate: /etc/certs/myclientcert.pem
|
|
privateKey: /etc/certs/client_private_key.pem
|
|
caCertificates: /etc/certs/rootcacerts.pem
|
|
</code></pre>
|
|
|
|
<p>The following rule configures a client to use TLS when talking to a
|
|
foreign service whose domain matches *.foo.com.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: tls-foo
|
|
spec:
|
|
host: "*.foo.com"
|
|
trafficPolicy:
|
|
tls:
|
|
mode: SIMPLE
|
|
</code></pre>
|
|
|
|
<p>The following rule configures a client to use Istio mutual TLS when talking
|
|
to rating services.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: ratings-istio-mtls
|
|
spec:
|
|
host: ratings.prod.svc.cluster.local
|
|
trafficPolicy:
|
|
tls:
|
|
mode: ISTIO_MUTUAL
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="TLSSettings.mode">
|
|
<td><code>mode</code></td>
|
|
<td><code><a href="#TLSSettings.TLSmode">TLSSettings.TLSmode</a></code></td>
|
|
<td>
|
|
<p>REQUIRED: Indicates whether connections to this port should be secured
|
|
using TLS. The value of this field determines how TLS is enforced.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.client_certificate">
|
|
<td><code>clientCertificate</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED if mode is <code>MUTUAL</code>. The path to the file holding the
|
|
client-side TLS certificate to use.
|
|
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.private_key">
|
|
<td><code>privateKey</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>REQUIRED if mode is <code>MUTUAL</code>. The path to the file holding the
|
|
client’s private key.
|
|
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.ca_certificates">
|
|
<td><code>caCertificates</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>OPTIONAL: The path to the file containing certificate authority
|
|
certificates to use in verifying a presented server certificate. If
|
|
omitted, the proxy will not verify the server’s certificate.
|
|
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.subject_alt_names">
|
|
<td><code>subjectAltNames</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>A list of alternate names to verify the subject identity in the
|
|
certificate. If specified, the proxy will verify that the server
|
|
certificate’s subject alt name matches one of the specified values.
|
|
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.sni">
|
|
<td><code>sni</code></td>
|
|
<td><code>string</code></td>
|
|
<td>
|
|
<p>SNI string to present to the server during TLS handshake.
|
|
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="TLSSettings.TLSmode">TLSSettings.TLSmode</h2>
|
|
<section>
|
|
<p>TLS connection mode</p>
|
|
|
|
<table class="enum-values">
|
|
<thead>
|
|
<tr>
|
|
<th>Name</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="TLSSettings.TLSmode.DISABLE">
|
|
<td><code>DISABLE</code></td>
|
|
<td>
|
|
<p>Do not setup a TLS connection to the upstream endpoint.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.TLSmode.SIMPLE">
|
|
<td><code>SIMPLE</code></td>
|
|
<td>
|
|
<p>Originate a TLS connection to the upstream endpoint.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.TLSmode.MUTUAL">
|
|
<td><code>MUTUAL</code></td>
|
|
<td>
|
|
<p>Secure connections to the upstream using mutual TLS by presenting
|
|
client certificates for authentication.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TLSSettings.TLSmode.ISTIO_MUTUAL">
|
|
<td><code>ISTIO_MUTUAL</code></td>
|
|
<td>
|
|
<p>Secure connections to the upstream using mutual TLS by presenting
|
|
client certificates for authentication.
|
|
Compared to Mutual mode, this mode uses certificates generated
|
|
automatically by Istio for mTLS authentication. When this mode is
|
|
used, all other fields in <code>TLSSettings</code> should be empty.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="TrafficPolicy">TrafficPolicy</h2>
|
|
<section>
|
|
<p>Traffic policies to apply for a specific destination, across all
|
|
destination ports. See DestinationRule for examples.</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="TrafficPolicy.load_balancer">
|
|
<td><code>loadBalancer</code></td>
|
|
<td><code><a href="#LoadBalancerSettings">LoadBalancerSettings</a></code></td>
|
|
<td>
|
|
<p>Settings controlling the load balancer algorithms.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.connection_pool">
|
|
<td><code>connectionPool</code></td>
|
|
<td><code><a href="#ConnectionPoolSettings">ConnectionPoolSettings</a></code></td>
|
|
<td>
|
|
<p>Settings controlling the volume of connections to an upstream service</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.outlier_detection">
|
|
<td><code>outlierDetection</code></td>
|
|
<td><code><a href="#OutlierDetection">OutlierDetection</a></code></td>
|
|
<td>
|
|
<p>Settings controlling eviction of unhealthy hosts from the load balancing pool</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.tls">
|
|
<td><code>tls</code></td>
|
|
<td><code><a href="#TLSSettings">TLSSettings</a></code></td>
|
|
<td>
|
|
<p>TLS related settings for connections to the upstream service.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.port_level_settings">
|
|
<td><code>portLevelSettings</code></td>
|
|
<td><code><a href="#TrafficPolicy.PortTrafficPolicy">TrafficPolicy.PortTrafficPolicy[]</a></code></td>
|
|
<td>
|
|
<p>Traffic policies specific to individual ports. Note that port level
|
|
settings will override the destination-level settings. Traffic
|
|
settings specified at the destination-level will not be inherited when
|
|
overridden by port-level settings, i.e. default values will be applied
|
|
to fields omitted in port-level traffic policies.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="TrafficPolicy.PortTrafficPolicy">TrafficPolicy.PortTrafficPolicy</h2>
|
|
<section>
|
|
<p>Traffic policies that apply to specific ports of the service</p>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="TrafficPolicy.PortTrafficPolicy.port">
|
|
<td><code>port</code></td>
|
|
<td><code><a href="#PortSelector">PortSelector</a></code></td>
|
|
<td>
|
|
<p>Specifies the port name or number of a port on the destination service
|
|
on which this policy is being applied.</p>
|
|
|
|
<p>Names must comply with DNS label syntax (rfc1035) and therefore cannot
|
|
collide with numbers. If there are multiple ports on a service with
|
|
the same protocol the names should be of the form <protocol-name>-<DNS
|
|
label>.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.PortTrafficPolicy.load_balancer">
|
|
<td><code>loadBalancer</code></td>
|
|
<td><code><a href="#LoadBalancerSettings">LoadBalancerSettings</a></code></td>
|
|
<td>
|
|
<p>Settings controlling the load balancer algorithms.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.PortTrafficPolicy.connection_pool">
|
|
<td><code>connectionPool</code></td>
|
|
<td><code><a href="#ConnectionPoolSettings">ConnectionPoolSettings</a></code></td>
|
|
<td>
|
|
<p>Settings controlling the volume of connections to an upstream service</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.PortTrafficPolicy.outlier_detection">
|
|
<td><code>outlierDetection</code></td>
|
|
<td><code><a href="#OutlierDetection">OutlierDetection</a></code></td>
|
|
<td>
|
|
<p>Settings controlling eviction of unhealthy hosts from the load balancing pool</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="TrafficPolicy.PortTrafficPolicy.tls">
|
|
<td><code>tls</code></td>
|
|
<td><code><a href="#TLSSettings">TLSSettings</a></code></td>
|
|
<td>
|
|
<p>TLS related settings for connections to the upstream service.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
<h2 id="VirtualService">VirtualService</h2>
|
|
<section>
|
|
<p>A <code>VirtualService</code> defines a set of traffic routing rules to apply when a host is
|
|
addressed. Each routing rule defines matching criteria for traffic of a specific
|
|
protocol. If the traffic is matched, then it is sent to a named destination service
|
|
(or subset/version of it) defined in the registry.</p>
|
|
|
|
<p>The source of traffic can also be matched in a routing rule. This allows routing
|
|
to be customized for specific client contexts.</p>
|
|
|
|
<p>The following example on Kubernetes, routes all HTTP traffic by default to
|
|
pods of the reviews service with label “version: v1”. In addition,
|
|
HTTP requests containing /wpcatalog/, /consumercatalog/ url prefixes will
|
|
be rewritten to /newcatalog and sent to pods with label “version: v2”.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: reviews-route
|
|
spec:
|
|
hosts:
|
|
- reviews.prod.svc.cluster.local
|
|
http:
|
|
- match:
|
|
- uri:
|
|
prefix: "/wpcatalog"
|
|
- uri:
|
|
prefix: "/consumercatalog"
|
|
rewrite:
|
|
uri: "/newcatalog"
|
|
route:
|
|
- destination:
|
|
host: reviews.prod.svc.cluster.local
|
|
subset: v2
|
|
- route:
|
|
- destination:
|
|
host: reviews.prod.svc.cluster.local
|
|
subset: v1
|
|
</code></pre>
|
|
|
|
<p>A subset/version of a route destination is identified with a reference
|
|
to a named service subset which must be declared in a corresponding
|
|
<code>DestinationRule</code>.</p>
|
|
|
|
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: reviews-destination
|
|
spec:
|
|
host: reviews.prod.svc.cluster.local
|
|
subsets:
|
|
- name: v1
|
|
labels:
|
|
version: v1
|
|
- name: v2
|
|
labels:
|
|
version: v2
|
|
</code></pre>
|
|
|
|
<table class="message-fields">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Type</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr id="VirtualService.hosts">
|
|
<td><code>hosts</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>REQUIRED. The destination hosts to which traffic is being sent. Could
|
|
be a DNS name with wildcard prefix or an IP address. Depending on the
|
|
platform, short-names can also be used instead of a FQDN (i.e. has no
|
|
dots in the name). In such a scenario, the FQDN of the host would be
|
|
derived based on the underlying platform.</p>
|
|
|
|
<p><strong>A host name can be defined by only one VirtualService</strong>. A single
|
|
VirtualService can be used to describe traffic properties for multiple
|
|
HTTP and TCP ports.</p>
|
|
|
|
<p><em>Note for Kubernetes users</em>: When short names are used (e.g. “reviews”
|
|
instead of “reviews.default.svc.cluster.local”), Istio will interpret
|
|
the short name based on the namespace of the rule, not the service. A
|
|
rule in the “default” namespace containing a host “reviews will be
|
|
interpreted as “reviews.default.svc.cluster.local”, irrespective of
|
|
the actual namespace associated with the reviews service. <em>To avoid
|
|
potential misconfigurations, it is recommended to always use fully
|
|
qualified domain names over short names.</em></p>
|
|
|
|
<p>The hosts field applies to both HTTP and TCP services. Service inside
|
|
the mesh, i.e., those found in the service registry, must always be
|
|
referred to using their alphanumeric names. IP addresses are allowed
|
|
only for services defined via the Gateway.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="VirtualService.gateways">
|
|
<td><code>gateways</code></td>
|
|
<td><code>string[]</code></td>
|
|
<td>
|
|
<p>The names of gateways and sidecars that should apply these routes. A
|
|
single VirtualService is used for sidecars inside the mesh as well
|
|
as for one or more gateways. The selection condition imposed by this field
|
|
can be overridden using the source field in the match conditions of HTTP/TCP
|
|
routes. The reserved word <code>mesh</code> is used to imply all the sidecars in
|
|
the mesh. When this field is omitted, the default gateway (<code>mesh</code>)
|
|
will be used, which would apply the rule to all sidecars in the
|
|
mesh. If a list of gateway names is provided, the rules will apply
|
|
only to the gateways. To apply the rules to both gateways and sidecars,
|
|
specify <code>mesh</code> as one of the gateway names.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="VirtualService.http">
|
|
<td><code>http</code></td>
|
|
<td><code><a href="#HTTPRoute">HTTPRoute[]</a></code></td>
|
|
<td>
|
|
<p>An ordered list of route rules for HTTP traffic.
|
|
The first rule matching an incoming request is used.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
<tr id="VirtualService.tcp">
|
|
<td><code>tcp</code></td>
|
|
<td><code><a href="#TCPRoute">TCPRoute[]</a></code></td>
|
|
<td>
|
|
<p>An ordered list of route rules for TCP traffic.
|
|
The first rule matching an incoming request is used.</p>
|
|
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</section>
|
|
|
|
|
|
|
|
|
|
</main>
|
|
|
|
|
|
<div class="container-fluid d-print-none">
|
|
<br/><hr/><br/>
|
|
|
|
<div class="row">
|
|
<div class="col-6">
|
|
|
|
<a title="Configuration affecting traffic routing" href="/v0.8/docs/reference/config/istio.routing.v1alpha1/"><i class="fa fa-arrow-left"></i> Route Rules v1alpha1 (deprecated)</a>
|
|
|
|
</div>
|
|
<div class="col-6" style="text-align: right">
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="d-none d-print-block" aria-hidden="true">
|
|
<h2>Links</h2>
|
|
<ol id="endnotes"></ol>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="col-12 col-md-2 d-none d-xl-block d-print-none">
|
|
<nav class="toc">
|
|
<div class="spacer"></div>
|
|
<div id="toc" class="directory" role="directory">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<nav id="TableOfContents">
|
|
<ul>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ConnectionPoolSettings">ConnectionPoolSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ConnectionPoolSettings.HTTPSettings">ConnectionPoolSettings.HTTPSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ConnectionPoolSettings.TCPSettings">ConnectionPoolSettings.TCPSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#CorsPolicy">CorsPolicy</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Destination">Destination</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#DestinationRule">DestinationRule</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#DestinationWeight">DestinationWeight</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Gateway">Gateway</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPFaultInjection">HTTPFaultInjection</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPFaultInjection.Abort">HTTPFaultInjection.Abort</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPFaultInjection.Delay">HTTPFaultInjection.Delay</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPMatchRequest">HTTPMatchRequest</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRedirect">HTTPRedirect</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRetry">HTTPRetry</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRewrite">HTTPRewrite</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#HTTPRoute">HTTPRoute</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#L4MatchAttributes">L4MatchAttributes</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#LoadBalancerSettings">LoadBalancerSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#LoadBalancerSettings.ConsistentHashLB">LoadBalancerSettings.ConsistentHashLB</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#LoadBalancerSettings.SimpleLB">LoadBalancerSettings.SimpleLB</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#OutlierDetection">OutlierDetection</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#OutlierDetection.HTTPSettings">OutlierDetection.HTTPSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Port">Port</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#PortSelector">PortSelector</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Server">Server</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Server.TLSOptions">Server.TLSOptions</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Server.TLSOptions.TLSmode">Server.TLSOptions.TLSmode</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry">ServiceEntry</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry.Endpoint">ServiceEntry.Endpoint</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry.Location">ServiceEntry.Location</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#ServiceEntry.Resolution">ServiceEntry.Resolution</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#StringMatch">StringMatch</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#Subset">Subset</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TCPRoute">TCPRoute</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TLSSettings">TLSSettings</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TLSSettings.TLSmode">TLSSettings.TLSmode</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TrafficPolicy">TrafficPolicy</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#TrafficPolicy.PortTrafficPolicy">TrafficPolicy.PortTrafficPolicy</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li><a href="#VirtualService">VirtualService</a></li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
|
|
|
|
</div>
|
|
</nav>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<footer class="d-print-none container-fluid">
|
|
<div class="row">
|
|
<div class="col-6 col-lg-4" role="navigation">
|
|
<div class="container-fluid">
|
|
<div class="row">
|
|
<div class="icon">
|
|
<span>istio-users@</span>
|
|
<a title="Join the istio-users@ mailing list to participate in discussions and get help troubleshooting problems"
|
|
href="https://groups.google.com/forum/#!forum/istio-users" aria-label="istio-users mailing list">
|
|
<svg viewBox="0 0 490 490">
|
|
<path d="M480,410.248H10c-5.523,0-10-4.477-10-10V89.752c0-5.523,4.477-10,10-10h470c5.522,0,10,4.477,10,10v310.495
|
|
C490,405.771,485.522,410.248,480,410.248z M20,390.248h450V99.752H20V390.248z"/>
|
|
<path d="M245,286.131c-2.083,0-4.167-0.649-5.931-1.948L48.64,143.929c-4.446-3.275-5.396-9.535-2.121-13.982
|
|
c3.275-4.447,9.535-5.396,13.982-2.121L245,263.712l184.5-135.886c4.447-3.274,10.709-2.326,13.982,2.121
|
|
c3.275,4.447,2.325,10.707-2.121,13.982L250.931,284.183C249.167,285.482,247.083,286.131,245,286.131z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>twitter</span>
|
|
<a title="Follow us on Twitter to get the latest news"
|
|
href="https://twitter.com/IstioMesh" aria-label="Twitter">
|
|
<svg viewBox="0 0 310 310">
|
|
<path d="M302.973,57.388c-4.87,2.16-9.877,3.983-14.993,5.463c6.057-6.85,10.675-14.91,13.494-23.73
|
|
c0.632-1.977-0.023-4.141-1.648-5.434c-1.623-1.294-3.878-1.449-5.665-0.39c-10.865,6.444-22.587,11.075-34.878,13.783
|
|
c-12.381-12.098-29.197-18.983-46.581-18.983c-36.695,0-66.549,29.853-66.549,66.547c0,2.89,0.183,5.764,0.545,8.598
|
|
C101.163,99.244,58.83,76.863,29.76,41.204c-1.036-1.271-2.632-1.956-4.266-1.825c-1.635,0.128-3.104,1.05-3.93,2.467
|
|
c-5.896,10.117-9.013,21.688-9.013,33.461c0,16.035,5.725,31.249,15.838,43.137c-3.075-1.065-6.059-2.396-8.907-3.977
|
|
c-1.529-0.851-3.395-0.838-4.914,0.033c-1.52,0.871-2.473,2.473-2.513,4.224c-0.007,0.295-0.007,0.59-0.007,0.889
|
|
c0,23.935,12.882,45.484,32.577,57.229c-1.692-0.169-3.383-0.414-5.063-0.735c-1.732-0.331-3.513,0.276-4.681,1.597
|
|
c-1.17,1.32-1.557,3.16-1.018,4.84c7.29,22.76,26.059,39.501,48.749,44.605c-18.819,11.787-40.34,17.961-62.932,17.961
|
|
c-4.714,0-9.455-0.277-14.095-0.826c-2.305-0.274-4.509,1.087-5.294,3.279c-0.785,2.193,0.047,4.638,2.008,5.895
|
|
c29.023,18.609,62.582,28.445,97.047,28.445c67.754,0,110.139-31.95,133.764-58.753c29.46-33.421,46.356-77.658,46.356-121.367
|
|
c0-1.826-0.028-3.67-0.084-5.508c11.623-8.757,21.63-19.355,29.773-31.536c1.237-1.85,1.103-4.295-0.33-5.998
|
|
C307.394,57.037,305.009,56.486,302.973,57.388z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>stack overflow</span>
|
|
<a title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio"
|
|
href="https://stackoverflow.com/questions/tagged/istio" aria-label="Stack Overflow">
|
|
<svg viewBox="0 0 120 120">
|
|
<polygon points="84.4,93.8 84.4,70.6 92.1,70.6 92.1,101.5 22.6,101.5 22.6,70.6 30.3,70.6 30.3,93.8 "/>
|
|
<path d="M38.8,68.4l37.8,7.9l1.6-7.6l-37.8-7.9L38.8,68.4z M43.8,50.4l35,16.3l3.2-7l-35-16.4L43.8,50.4z M53.5,33.2
|
|
l29.7,24.7l4.9-5.9L58.4,27.3L53.5,33.2z M72.7,14.9l-6.2,4.6l23,31l6.2-4.6L72.7,14.9z M38,86h38.6v-7.7H38V86z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>rocket chat</span>
|
|
<a title="Interactively chat with members of the Istio community."
|
|
href="https://istio.rocket.chat" aria-label="Rocket Chat">
|
|
<svg viewBox="0 0 512 512">
|
|
<path d="M496.293,255.338c0-24.103-7.21-47.215-21.437-68.699c-12.771-19.288-30.666-36.362-53.184-50.745
|
|
c-43.474-27.771-100.612-43.065-160.885-43.065c-20.131,0-39.974,1.702-59.222,5.072c-11.942-11.176-25.919-21.233-40.712-29.187
|
|
c-79.026-38.298-144.561-0.9-144.561-0.9s60.931,50.053,51.023,93.93c-27.259,27.041-42.033,59.646-42.033,93.594
|
|
c0,0.108,0.005,0.216,0.006,0.324c-0.001,0.108-0.006,0.216-0.006,0.324c0,33.949,14.774,66.554,42.033,93.595
|
|
c9.907,43.874-51.023,93.93-51.023,93.93s65.535,37.397,144.561-0.901c14.792-7.953,28.77-18.01,40.712-29.188
|
|
c19.249,3.372,39.091,5.072,59.222,5.072c60.272,0,117.411-15.294,160.885-43.064c22.518-14.383,40.412-31.457,53.184-50.742
|
|
c14.227-21.487,21.437-44.599,21.437-68.702c0-0.107-0.006-0.216-0.006-0.324C496.287,255.554,496.293,255.446,496.293,255.338z
|
|
M260.882,387.763c-25.367,0-49.66-2.932-72.107-8.282c-22.81,27.443-72.993,65.596-121.742,53.26
|
|
c15.857-17.031,39.352-45.81,34.32-93.207c-29.218-22.738-46.759-51.832-46.759-83.541c0-72.776,92.36-131.769,206.288-131.769
|
|
c113.928,0,206.288,58.993,206.288,131.769C467.17,328.765,374.81,387.763,260.882,387.763z M288.283,255.991
|
|
c0,15.133-12.27,27.403-27.4,27.403c-15.134,0-27.402-12.271-27.402-27.403s12.268-27.401,27.402-27.401
|
|
C276.014,228.59,288.283,240.858,288.283,255.991z M356.163,228.59c-15.133,0-27.4,12.268-27.4,27.401s12.268,27.403,27.4,27.403
|
|
c15.134,0,27.399-12.271,27.399-27.403S371.297,228.59,356.163,228.59z M165.601,228.59c-15.133,0-27.4,12.268-27.4,27.401
|
|
s12.268,27.403,27.4,27.403c15.134,0,27.401-12.271,27.401-27.403S180.735,228.59,165.601,228.59z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="tag row d-none d-lg-flex">
|
|
for users
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="col-6 col-lg-4">
|
|
<p class="text-center copyright" role="contentinfo">
|
|
Istio
|
|
|
|
Archive
|
|
|
|
0.8<br>© 2018 Istio Authors, <a href="https://policies.google.com/privacy">Privacy Policy</a><br>
|
|
|
|
Archived on July 31, 2018
|
|
|
|
</p>
|
|
</div>
|
|
|
|
<div class="col-6 col-lg-4 d-none d-lg-flex" role="navigation">
|
|
<div class="container-fluid">
|
|
<div class="row justify-content-end">
|
|
<div class="icon">
|
|
<span>istio-dev@</span>
|
|
<a title="Join the istio-dev@ mailing list to discuss development issues around the Istio project"
|
|
href="https://groups.google.com/forum/#!forum/istio-dev" aria-label="istio-dev mailing list">
|
|
<svg viewBox="0 0 490 490">
|
|
<path d="M480,410.248H10c-5.523,0-10-4.477-10-10V89.752c0-5.523,4.477-10,10-10h470c5.522,0,10,4.477,10,10v310.495
|
|
C490,405.771,485.522,410.248,480,410.248z M20,390.248h450V99.752H20V390.248z"/>
|
|
<path d="M245,286.131c-2.083,0-4.167-0.649-5.931-1.948L48.64,143.929c-4.446-3.275-5.396-9.535-2.121-13.982
|
|
c3.275-4.447,9.535-5.396,13.982-2.121L245,263.712l184.5-135.886c4.447-3.274,10.709-2.326,13.982,2.121
|
|
c3.275,4.447,2.325,10.707-2.121,13.982L250.931,284.183C249.167,285.482,247.083,286.131,245,286.131z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>github</span>
|
|
<a title="GitHub is where development takes place on Istio code"
|
|
href="https://github.com/istio/community" aria-label="GitHub">
|
|
<svg viewBox="0 0 478.165 478.165">
|
|
<path d="M349.22,55.768c6.136,14.046,10.241,37.556,4.224,54.69
|
|
c24.426,20.999,33.073,71.904,21.079,113.704c35.006,2.73,76.666-1.235,103.642,9.484c-25.183-3.248-59.651-9.563-91.987-7.431
|
|
c-6.136,0.458-15.361-0.239-14.903,8.408c37.735,3.008,75.092,6.117,105.894,15.779c-30.702-4.981-67.74-12.552-105.894-13.668
|
|
c-15.54,30.921-47.239,46.262-90.991,49.49c4.682,10.261,13.847,14.066,15.879,30.702c3.267,24.406-4.881,60.328,3.208,76.686
|
|
c4.064,7.89,10.579,8.009,14.863,14.604c-10.699,12.871-37.257-1.395-40.186-14.604c-5.14-22.852,7.89-58.256-6.415-73.737
|
|
c0.996,24.865-5.718,59.85,0.996,82.145c2.789,8.806,10.659,12.113,8.647,20.063c-49.809,5.08-28.989-64.373-37.177-105.356
|
|
c-7.471,0.697-4.204,11.197-4.224,15.76c-0.199,40.106,8.189,94.836-34.846,89.556c-1.315-8.348,5.838-11.217,8.467-19.007
|
|
c7.91-22.434-1.454-56.045,2.112-83.161c-16.417,12.512,1.793,55.666-8.428,77.961c-5.838,12.671-24.785,18.27-39.19,12.651
|
|
c1.873-9.464,11.695-7.989,15.879-16.875c5.818-12.452,0.02-30.244,2.092-48.494c-30.423,6.097-53.993-0.877-65.608-20.023
|
|
c-5.12-8.507-6.356-18.708-12.632-26.219c-6.117-7.551-16.098-8.507-19.087-18.808c37.755-9.185,39.17,38.771,73.06,39.807
|
|
c10.44,0.418,15.799-2.909,25.402-5.16c2.749-12.113,8.428-21.039,16.875-27.494c-42.078-5.658-76.865-18.788-93.023-50.466
|
|
c-38.293,1.893-73.339,7.013-105.894,14.843c29.547-10.679,65.807-14.604,104.778-15.819c-2.351-13.807-22.434-10.022-34.866-9.543
|
|
C47.677,227.17,18.449,230.138,0,233.645c26.817-9.543,64.233-8.348,100.454-8.428c-11.038-34.767-7.232-90.014,17.015-110.615
|
|
c-6.854-17.254-4.722-45.346,4.184-58.834c27.036,1.175,43.374,12.891,60.388,24.247c21.019-6.017,43.035-9.045,71.904-7.451
|
|
c12.133,0.677,24.705,6.097,33.731,5.32c8.906-0.877,18.728-10.898,27.534-14.843C326.507,58.099,336.17,56.206,349.22,55.768z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>drive</span>
|
|
<a title="Access our team drive if you'd like to take a look at the Istio technical design documents"
|
|
href="https://groups.google.com/forum/#!forum/istio-team-drive-access" aria-label="team drive">
|
|
<svg viewBox="0 0 207.027 207.027">
|
|
<path d="M69.866,15.557L0,138.919l28.732,52.552l143.288-0.029l35.008-59.588L136.39,15.735L69.866,15.557z M17.166,139.046
|
|
L74.268,38.205L91.21,67.783L33.24,168.447L17.166,139.046z M99.841,82.851l23.805,41.558l-47.732-0.006L99.841,82.851z
|
|
M163.434,176.443l-117.332,0.024l21.53-37.065l64.606,0.008l0.067,0.119l52.865-0.085L163.434,176.443z M140.932,124.411
|
|
L90.157,35.767l-2.966-5.178l40.751,0.121l57.003,93.706L140.932,124.411z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>working groups</span>
|
|
<a title="If you'd like to contribute to the Istio project, consider participating in our working groups"
|
|
href="https://github.com/istio/community/blob/master/WORKING-GROUPS.md" aria-label="working groups">
|
|
<svg viewBox="0 -45 439.833 439.833">
|
|
|
|
<polygon points="246.048,195.833 299.966,235.085 319.497,227.296 276.278,195.833"/>
|
|
<polygon points="193.786,195.833 163.556,195.833 120.33,227.3 139.862,235.089"/>
|
|
|
|
<path d="M219.927,11.558c-23.854,0-37.057,12.362-36.814,36.182c0.348,32.623,14.211,52.414,36.814,52.068
|
|
c0,0,36.802,1.492,36.802-52.068C256.729,23.918,244.294,11.558,219.927,11.558z"/>
|
|
<path d="M285.017,124.567l-36.77-14.659l-8.608-7.256c-2.274-1.922-5.636-1.78-7.741,0.317l-11.973,11.904l-12.008-11.907
|
|
c-2.109-2.094-5.465-2.229-7.736-0.313l-8.611,7.256l-36.77,14.661c-11.842,4.715-11.83,46.647-12.848,50.497h155.93
|
|
C296.866,171.228,296.862,129.28,285.017,124.567z"/>
|
|
|
|
<path d="M77.976,228.568c0,0,36.801,1.492,36.801-52.068c0-23.82-12.434-36.182-36.801-36.182
|
|
c-23.854,0-37.057,12.362-36.814,36.182C41.509,209.124,55.372,228.915,77.976,228.568z"/>
|
|
<path d="M143.065,253.329l-36.77-14.658l-8.609-7.256c-2.275-1.923-5.635-1.781-7.742,0.315l-11.971,11.904l-12.008-11.908
|
|
c-2.109-2.094-5.465-2.229-7.736-0.312l-8.611,7.256l-36.77,14.66C1.006,258.045,1.018,299.977,0,303.827h155.93
|
|
C154.915,299.988,154.911,258.042,143.065,253.329z"/>
|
|
|
|
<path d="M361.878,228.568c0,0,36.801,1.492,36.801-52.068c0-23.82-12.434-36.182-36.801-36.182
|
|
c-23.854,0-37.057,12.362-36.812,36.182C325.411,209.124,339.274,228.915,361.878,228.568z"/>
|
|
<path d="M426.968,253.329l-36.77-14.658l-8.609-7.256c-2.273-1.923-5.635-1.781-7.742,0.315l-11.971,11.904l-12.008-11.908
|
|
c-2.109-2.094-5.465-2.229-7.736-0.312l-8.61,7.256l-36.771,14.66c-11.842,4.715-11.83,46.646-12.848,50.497h155.93
|
|
C438.817,299.988,438.812,258.042,426.968,253.329z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
|
|
<div class="icon">
|
|
<span>slack</span>
|
|
<a title="Interactively discuss development issues with the Istio community on Slack (invitation-only)"
|
|
href="https://istio.slack.com" aria-label="slack">
|
|
<svg viewBox="0 0 31.444 31.443">
|
|
<path d="M31.202,16.369c-0.62-1.388-2.249-2.011-3.637-1.391l-1.325,0.594l-3.396-7.591l1.325-0.592
|
|
c1.388-0.622,2.01-2.25,1.389-3.637c-0.62-1.389-2.248-2.012-3.637-1.39l-1.324,0.593l-0.593-1.326
|
|
c-0.621-1.388-2.249-2.009-3.637-1.388c-1.388,0.62-2.009,2.247-1.389,3.637l0.593,1.325L7.98,8.598L7.388,7.273
|
|
c-0.621-1.39-2.249-2.009-3.637-1.39C2.363,6.504,1.742,8.132,2.362,9.52l0.592,1.324L1.63,11.438
|
|
c-1.388,0.621-2.01,2.247-1.389,3.636c0.62,1.388,2.249,2.01,3.637,1.39l1.325-0.594l3.394,7.592l-1.325,0.592
|
|
c-1.388,0.621-2.009,2.25-1.389,3.637c0.621,1.389,2.249,2.011,3.637,1.391l1.324-0.593l0.593,1.325
|
|
c0.621,1.389,2.249,2.01,3.637,1.389c1.387-0.62,2.009-2.248,1.388-3.636l-0.591-1.326l7.591-3.394l0.592,1.321
|
|
c0.621,1.391,2.248,2.013,3.637,1.392c1.388-0.619,2.01-2.248,1.389-3.637l-0.592-1.324l1.323-0.594
|
|
C31.201,19.384,31.823,17.757,31.202,16.369z M13.623,21.215l-3.395-7.593l7.591-3.394l3.395,7.591L13.623,21.215z"/>
|
|
</svg>
|
|
|
|
</a>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="tag row justify-content-end text-right">
|
|
for developers
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
|
|
|
|
<div class="d-xl-none d-print-none">
|
|
<button id="scroll-to-top" aria-hidden="true" onclick="scrollToTop()" title="Back to top"><i class="fa fa-lg fa-arrow-up"></i></button>
|
|
</div>
|
|
|
|
|
|
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
|
|
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
|
|
<script src="https://www.google.com/cse/brand?form=search_form"></script>
|
|
|
|
|
|
<script src="/v0.8/js/all.min.js" data-manual></script>
|
|
</body>
|
|
</html>
|