mirror of https://github.com/istio/istio.io.git
665 lines
96 KiB
HTML
665 lines
96 KiB
HTML
<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Service Entry"><meta name=description content="Configuration affecting service registry."><meta name=keywords content="microservices,services,mesh"><meta property="og:title" content="Service Entry"><meta property="og:type" content="website"><meta property="og:description" content="Configuration affecting service registry."><meta property="og:url" content="/v1.8/docs/reference/config/networking/service-entry/"><meta property="og:image" content="/v1.8/img/istio-whitelogo-bluebackground-framed.svg"><meta property="og:image:alt" content="Istio Logo"><meta property="og:image:width" content="112"><meta property="og:image:height" content="150"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.8 / Service Entry</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
|
||
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.8/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.8/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.8/feed.xml><link rel="shortcut icon" href=/v1.8/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.8/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.8/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.8/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.8/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.8/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.8/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.8/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.8/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.8/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.8/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.8/css/all.css><script src=/v1.8/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.8";const docTitle="Service Entry";const iconFile="\/v1.8/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.8/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.8/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2"/><polygon points="65 240 225 240 125 270"/><polygon points="65 230 125 220 125 110"/><polygon points="135 220 225 230 135 30"/></svg></span><span class=name>Istioldie 1.8</span></a><div id=hamburger><svg class="icon hamburger"><use xlink:href="/v1.8/img/icons.svg#hamburger"/></svg></div><div id=header-links><a class=current title="Learn how to deploy, use, and operate Istio." href=/v1.8/docs/>Docs</a>
|
||
<a title="Posts about using Istio." href=/v1.8/blog/2020/>Blog<i class=dot data-prefix=/blog></i></a>
|
||
<a title="Timely news about the Istio project." href=/v1.8/news/>News<i class=dot data-prefix=/news></i></a>
|
||
<a title="Frequently Asked Questions about Istio." href=/v1.8/faq/>FAQ</a>
|
||
<a title="Get a bit more in-depth info about the Istio project." href=/v1.8/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon gear"><use xlink:href="/v1.8/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem lang=en id=switch-lang-en class=active>English</a>
|
||
<a tabindex=-1 role=menuitem lang=zh id=switch-lang-zh>中文</a><div role=separator></div><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
|
||
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/docs\/reference\/config\/networking\/service-entry\/');return false;">Current Release</a>
|
||
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/docs\/reference\/config\/networking\/service-entry\/');return false;">Next Release</a>
|
||
<a tabindex=-1 role=menuitem href=https://istio.io/archive>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon magnifier"><use xlink:href="/v1.8/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
|
||
<input type=hidden name=ie value=utf-8>
|
||
<input type=hidden name=hl value=en>
|
||
<input type=hidden id=search-page-url value=/v1.8/search>
|
||
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
|
||
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon cancel-x"><use xlink:href="/v1.8/img/icons.svg#cancel-x"/></svg></button></form></nav></header><div class=banner-container></div><main class=primary><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><button class="header dynamic" id=card17 title="Learn about the different parts of the Istio system and the abstractions it uses." aria-controls=card17-body><svg class="icon concepts"><use xlink:href="/v1.8/img/icons.svg#concepts"/></svg>Concepts</button><div class=body aria-labelledby=card17 role=region id=card17-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card17><li role=none><a role=treeitem title="Introduces Istio, the problems it solves, its high-level architecture, and its design goals." href=/v1.8/docs/concepts/what-is-istio/>What is Istio?</a></li><li role=none><a role=treeitem title="Describes the various Istio features focused on traffic routing and control." href=/v1.8/docs/concepts/traffic-management/>Traffic Management</a></li><li role=none><a role=treeitem title="Describes Istio's authorization and authentication functionality." href=/v1.8/docs/concepts/security/>Security</a></li><li role=none><a role=treeitem title="Describes the telemetry and monitoring features provided by Istio." href=/v1.8/docs/concepts/observability/>Observability</a></li><li role=none><a role=treeitem title="Describes Istio's WebAssembly Plugin system." href=/v1.8/docs/concepts/wasm/>Extensibility</a></li></ul></div></div><div class=card><button class="header dynamic" id=card40 title="Instructions for installing the Istio control plane on Kubernetes." aria-controls=card40-body><svg class="icon setup"><use xlink:href="/v1.8/img/icons.svg#setup"/></svg>Setup</button><div class=body aria-labelledby=card40 role=region id=card40-body><ul role=tree aria-expanded=true aria-labelledby=card40><li role=none><a role=treeitem title="Try Istio’s features quickly and easily." href=/v1.8/docs/setup/getting-started/>Getting Started</a></li><li role=treeitem aria-label="Platform Setup"><button aria-hidden=true></button><a title="How to prepare various Kubernetes platforms before installing Istio." href=/v1.8/docs/setup/platform-setup/>Platform Setup</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Instructions to setup an Alibaba Cloud Kubernetes cluster for Istio." href=/v1.8/docs/setup/platform-setup/alicloud/>Alibaba Cloud</a></li><li role=none><a role=treeitem title="Instructions to setup an Azure cluster for Istio." href=/v1.8/docs/setup/platform-setup/azure/>Azure</a></li><li role=none><a role=treeitem title="Instructions to setup Docker Desktop for Istio." href=/v1.8/docs/setup/platform-setup/docker/>Docker Desktop</a></li><li role=none><a role=treeitem title="Instructions to setup a Google Kubernetes Engine cluster for Istio." href=/v1.8/docs/setup/platform-setup/gke/>Google Kubernetes Engine</a></li><li role=none><a role=treeitem title="Instructions to setup an IBM Cloud cluster for Istio." href=/v1.8/docs/setup/platform-setup/ibm/>IBM Cloud</a></li><li role=none><a role=treeitem title="Instructions to setup kind for Istio." href=/v1.8/docs/setup/platform-setup/kind/>kind</a></li><li role=none><a role=treeitem title="Instructions to setup Kops for use with Istio." href=/v1.8/docs/setup/platform-setup/kops/>Kops</a></li><li role=none><a role=treeitem title="Instructions to setup a Gardener cluster for Istio." href=/v1.8/docs/setup/platform-setup/gardener/>Kubernetes Gardener</a></li><li role=none><a role=treeitem title="Instructions to setup a KubeSphere Container Platform for Istio." href=/v1.8/docs/setup/platform-setup/kubesphere/>KubeSphere Container Platform</a></li><li role=none><a role=treeitem title="Instructions to setup MicroK8s for use with Istio." href=/v1.8/docs/setup/platform-setup/microk8s/>MicroK8s</a></li><li role=none><a role=treeitem title="Instructions to setup minikube for Istio." href=/v1.8/docs/setup/platform-setup/minikube/>Minikube</a></li><li role=none><a role=treeitem title="Instructions to setup an OpenShift cluster for Istio." href=/v1.8/docs/setup/platform-setup/openshift/>OpenShift</a></li><li role=none><a role=treeitem title="Instructions to setup an OKE cluster for Istio." href=/v1.8/docs/setup/platform-setup/oci/>Oracle Cloud Infrastructure</a></li></ul></li><li role=treeitem aria-label=Install><button aria-hidden=true></button><a title="Choose the guide that best suits your needs and platform." href=/v1.8/docs/setup/install/>Install</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="Install and customize any Istio configuration profile for in-depth evaluation or production use." href=/v1.8/docs/setup/install/istioctl/>Install with Istioctl</a></li><li role=none><a role=treeitem title="Instructions to install Istio in a Kubernetes cluster using the Istio operator." href=/v1.8/docs/setup/install/operator/>Istio Operator Install</a></li><li role=none><a role=treeitem title="Install and configure Istio for in-depth evaluation." href=/v1.8/docs/setup/install/helm/>Install with Helm</a></li><li role=treeitem aria-label="Install Multicluster"><button aria-hidden=true></button><a title="Install an Istio mesh across multiple Kubernetes clusters." href=/v1.8/docs/setup/install/multicluster/>Install Multicluster</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Initial steps before installing Istio on multiple clusters." href=/v1.8/docs/setup/install/multicluster/before-you-begin/>Before you begin</a></li><li role=none><a role=treeitem title="Install an Istio mesh across multiple primary clusters." href=/v1.8/docs/setup/install/multicluster/multi-primary/>Install Multi-Primary</a></li><li role=none><a role=treeitem title="Install an Istio mesh across primary and remote clusters." href=/v1.8/docs/setup/install/multicluster/primary-remote/>Install Primary-Remote</a></li><li role=none><a role=treeitem title="Install an Istio mesh across multiple primary clusters on different networks." href=/v1.8/docs/setup/install/multicluster/multi-primary_multi-network/>Install Multi-Primary on different networks</a></li><li role=none><a role=treeitem title="Install an Istio mesh across primary and remote clusters on different networks." href=/v1.8/docs/setup/install/multicluster/primary-remote_multi-network/>Install Primary-Remote on different networks</a></li><li role=none><a role=treeitem title="Verify that Istio has been installed properly on multiple clusters." href=/v1.8/docs/setup/install/multicluster/verify/>Verify the installation</a></li></ul></li><li role=none><a role=treeitem title="Deploy Istio and connect a workload running within a virtual machine to it." href=/v1.8/docs/setup/install/virtual-machine/>Virtual Machine Installation</a></li></ul></li><li role=treeitem aria-label=Upgrade><button aria-hidden=true></button><a title="Upgrade, downgrade, and manage Istio accross multiple control plane revisions." href=/v1.8/docs/setup/upgrade/>Upgrade</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Upgrade Istio by first running a canary deployment of a new control plane." href=/v1.8/docs/setup/upgrade/canary/>Canary Upgrades</a></li><li role=none><a role=treeitem title="Upgrade or downgrade Istio in place." href=/v1.8/docs/setup/upgrade/in-place/>In-place Upgrades</a></li><li role=none><a role=treeitem title="Configuring and upgrading Istio with gateways." href=/v1.8/docs/setup/upgrade/gateways/>Managing Gateways with Multiple Revisions [experimental]</a></li></ul></li><li role=treeitem aria-label="More Guides"><button aria-hidden=true></button><a title="More information on additional setup tasks." href=/v1.8/docs/setup/additional-setup/>More Guides</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes the built-in Istio installation configuration profiles." href=/v1.8/docs/setup/additional-setup/config-profiles/>Installation Configuration Profiles</a></li><li role=none><a role=treeitem title="Install the Istio sidecar in application pods automatically using the sidecar injector webhook or manually using istioctl CLI." href=/v1.8/docs/setup/additional-setup/sidecar-injection/>Installing the Sidecar</a></li><li role=none><a role=treeitem title="Install and use Istio with the Istio CNI plugin, allowing operators to deploy services with lower privilege." href=/v1.8/docs/setup/additional-setup/cni/>Install Istio with the Istio CNI plugin</a></li><li role=none><a role=treeitem title="Install an external control plane and remote cluster." href=/v1.8/docs/setup/additional-setup/external-controlplane/>Install Istio with an External Control Plane</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card73 title="How to do single specific targeted activities with the Istio system." aria-controls=card73-body><svg class="icon tasks"><use xlink:href="/v1.8/img/icons.svg#tasks"/></svg>Tasks</button><div class=body aria-labelledby=card73 role=region id=card73-body><ul role=tree aria-expanded=true aria-labelledby=card73><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Tasks that demonstrate Istio's traffic routing features." href=/v1.8/docs/tasks/traffic-management/>Traffic Management</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="This task shows you how to configure dynamic request routing to multiple versions of a microservice." href=/v1.8/docs/tasks/traffic-management/request-routing/>Request Routing</a></li><li role=none><a role=treeitem title="This task shows you how to inject faults to test the resiliency of your application." href=/v1.8/docs/tasks/traffic-management/fault-injection/>Fault Injection</a></li><li role=none><a role=treeitem title="Shows you how to migrate traffic from an old to new version of a service." href=/v1.8/docs/tasks/traffic-management/traffic-shifting/>Traffic Shifting</a></li><li role=none><a role=treeitem title="Shows you how to migrate TCP traffic from an old to new version of a TCP service." href=/v1.8/docs/tasks/traffic-management/tcp-traffic-shifting/>TCP Traffic Shifting</a></li><li role=none><a role=treeitem title="This task shows you how to setup request timeouts in Envoy using Istio." href=/v1.8/docs/tasks/traffic-management/request-timeouts/>Request Timeouts</a></li><li role=none><a role=treeitem title="This task shows you how to configure circuit breaking for connections, requests, and outlier detection." href=/v1.8/docs/tasks/traffic-management/circuit-breaking/>Circuit Breaking</a></li><li role=none><a role=treeitem title="This task demonstrates the traffic mirroring/shadowing capabilities of Istio." href=/v1.8/docs/tasks/traffic-management/mirroring/>Mirroring</a></li><li role=treeitem aria-label=Ingress><button aria-hidden=true></button><a title="Controlling ingress traffic for an Istio service mesh." href=/v1.8/docs/tasks/traffic-management/ingress/>Ingress</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes how to configure an Istio gateway to expose a service outside of the service mesh." href=/v1.8/docs/tasks/traffic-management/ingress/ingress-control/>Ingress Gateways</a></li><li role=none><a role=treeitem title="Expose a service outside of the service mesh over TLS or mTLS." href=/v1.8/docs/tasks/traffic-management/ingress/secure-ingress/>Secure Gateways</a></li><li role=none><a role=treeitem title="Describes how to configure SNI passthrough for an ingress gateway." href=/v1.8/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/>Ingress Gateway without TLS Termination</a></li><li role=none><a role=treeitem title="Describes how to configure a Kubernetes Ingress object to expose a service outside of the service mesh." href=/v1.8/docs/tasks/traffic-management/ingress/kubernetes-ingress/>Kubernetes Ingress</a></li><li role=none><a role=treeitem title="Describes how to configure the Kubernetes Service APIs with Istio." href=/v1.8/docs/tasks/traffic-management/ingress/service-apis/>Kubernetes Service APIs [Experimental]</a></li></ul></li><li role=treeitem aria-label=Egress><button aria-hidden=true></button><a title="Controlling egress traffic for an Istio service mesh." href=/v1.8/docs/tasks/traffic-management/egress/>Egress</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes how to configure Istio to route traffic from services in the mesh to external services." href=/v1.8/docs/tasks/traffic-management/egress/egress-control/>Accessing External Services</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to perform TLS origination for traffic to external services." href=/v1.8/docs/tasks/traffic-management/egress/egress-tls-origination/>Egress TLS Origination</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to direct traffic to external services through a dedicated gateway." href=/v1.8/docs/tasks/traffic-management/egress/egress-gateway/>Egress Gateways</a></li><li role=none><a role=treeitem title="Describes how to configure an Egress Gateway to perform TLS origination to external services using Secret Discovery Service." href=/v1.8/docs/tasks/traffic-management/egress/egress-gateway-tls-origination-sds/>Egress Gateways with TLS Origination (SDS)</a></li><li role=none><a role=treeitem title="Describes how to configure an Egress Gateway to perform TLS origination to external services using file mount certificates." href=/v1.8/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/>Egress Gateways with TLS Origination (File Mount)</a></li><li role=none><a role=treeitem title="Describes how to enable egress traffic for a set of hosts in a common domain, instead of configuring each and every host separately." href=/v1.8/docs/tasks/traffic-management/egress/wildcard-egress-hosts/>Egress using Wildcard Hosts</a></li><li role=none><a role=treeitem title="Shows how to configure Istio for Kubernetes External Services." href=/v1.8/docs/tasks/traffic-management/egress/egress-kubernetes-services/>Kubernetes Services for Egress Traffic</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to let applications use an external HTTPS proxy." href=/v1.8/docs/tasks/traffic-management/egress/http-proxy/>Using an External HTTPS Proxy</a></li></ul></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Demonstrates how to secure the mesh." href=/v1.8/docs/tasks/security/>Security</a><ul role=group aria-expanded=false><li role=treeitem aria-label="Certificate Management"><button aria-hidden=true></button><a title="Management of the certificates in Istio." href=/v1.8/docs/tasks/security/cert-management/>Certificate Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows how system administrators can configure Istio's CA with a root certificate, signing certificate and key." href=/v1.8/docs/tasks/security/cert-management/plugin-ca-cert/>Plug in CA Certificates</a></li><li role=none><a role=treeitem title="Shows how to provision and manage DNS certificates in Istio." href=/v1.8/docs/tasks/security/cert-management/dns-cert/>Istio DNS Certificate Management</a></li><li role=none><a role=treeitem title="Shows how to use a Custom Certificate Authority (that integrates with the Kubernetes CSR API) to provision Istio workload certificates." href=/v1.8/docs/tasks/security/cert-management/custom-ca-k8s/>Custom CA Integration using Kubernetes CSR [experimental]</a></li></ul></li><li role=treeitem aria-label=Authentication><button aria-hidden=true></button><a title="Controlling mutual TLS and end-user authentication for mesh services." href=/v1.8/docs/tasks/security/authentication/>Authentication</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows you how to use Istio authentication policy to setup mutual TLS and basic end-user authentication." href=/v1.8/docs/tasks/security/authentication/authn-policy/>Authentication Policy</a></li><li role=none><a role=treeitem title="Shows you how to incrementally migrate your Istio services to mutual TLS." href=/v1.8/docs/tasks/security/authentication/mtls-migration/>Mutual TLS Migration</a></li></ul></li><li role=treeitem aria-label=Authorization><button aria-hidden=true></button><a title="Shows how to control access to Istio services." href=/v1.8/docs/tasks/security/authorization/>Authorization</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows how to set up access control for HTTP traffic." href=/v1.8/docs/tasks/security/authorization/authz-http/>Authorization for HTTP traffic</a></li><li role=none><a role=treeitem title="How to set up access control for TCP traffic." href=/v1.8/docs/tasks/security/authorization/authz-tcp/>Authorization for TCP traffic</a></li><li role=none><a role=treeitem title="How to set up access control with JWT in Istio." href=/v1.8/docs/tasks/security/authorization/authz-jwt/>Authorization with JWT</a></li><li role=none><a role=treeitem title="Shows how to set up access control to deny traffic explicitly." href=/v1.8/docs/tasks/security/authorization/authz-deny/>Authorization policies with a deny action</a></li><li role=none><a role=treeitem title="How to set up access control on an ingress gateway." href=/v1.8/docs/tasks/security/authorization/authz-ingress/>Authorization on Ingress Gateway</a></li><li role=none><a role=treeitem title="Shows how to migrate from one trust domain to another without changing authorization policy." href=/v1.8/docs/tasks/security/authorization/authz-td-migration/>Authorization Policy Trust Domain Migration</a></li></ul></li></ul></li><li role=treeitem aria-label=Observability><button aria-hidden=true></button><a title="Demonstrates how to collect telemetry information from the mesh." href=/v1.8/docs/tasks/observability/>Observability</a><ul role=group aria-expanded=false><li role=treeitem aria-label=Metrics><button aria-hidden=true></button><a title="Demonstrates the collection and querying of metrics within Istio." href=/v1.8/docs/tasks/observability/metrics/>Metrics</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to configure Istio to collect metrics for TCP services." href=/v1.8/docs/tasks/observability/metrics/tcp-metrics/>Collecting Metrics for TCP Services</a></li><li role=none><a role=treeitem title="This task shows you how to customize the Istio metrics." href=/v1.8/docs/tasks/observability/metrics/customize-metrics/>Customizing Istio Metrics</a></li><li role=none><a role=treeitem title="This task shows you how to improve telemetry by grouping requests and responses by their type." href=/v1.8/docs/tasks/observability/metrics/classify-metrics/>Classifying Metrics Based on Request or Response (Experimental)</a></li><li role=none><a role=treeitem title="This task shows you how to query for Istio Metrics using Prometheus." href=/v1.8/docs/tasks/observability/metrics/querying-metrics/>Querying Metrics from Prometheus</a></li><li role=none><a role=treeitem title="This task shows you how to setup and use the Istio Dashboard to monitor mesh traffic." href=/v1.8/docs/tasks/observability/metrics/using-istio-dashboard/>Visualizing Metrics with Grafana</a></li></ul></li><li role=treeitem aria-label=Logs><button aria-hidden=true></button><a title="Demonstrates the collection of logs within Istio." href=/v1.8/docs/tasks/observability/logs/>Logs</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to configure Envoy proxies to print access logs to their standard output." href=/v1.8/docs/tasks/observability/logs/access-log/>Getting Envoy's Access Logs</a></li></ul></li><li role=treeitem aria-label="Distributed Tracing"><button aria-hidden=true></button><a title="This task shows you how to configure Istio-enabled applications to collect trace spans." href=/v1.8/docs/tasks/observability/distributed-tracing/>Distributed Tracing</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Overview of distributed tracing in Istio." href=/v1.8/docs/tasks/observability/distributed-tracing/overview/>Overview</a></li><li role=none><a role=treeitem title="Learn how to configure the proxies to send tracing requests to Zipkin." href=/v1.8/docs/tasks/observability/distributed-tracing/zipkin/>Zipkin</a></li><li role=none><a role=treeitem title="Learn how to configure the proxies to send tracing requests to Jaeger." href=/v1.8/docs/tasks/observability/distributed-tracing/jaeger/>Jaeger</a></li><li role=none><a role=treeitem title="How to configure the proxies to send tracing requests to Lightstep." href=/v1.8/docs/tasks/observability/distributed-tracing/lightstep/>Lightstep</a></li><li role=none><a role=treeitem title="How to configure tracing options (beta/development)." href=/v1.8/docs/tasks/observability/distributed-tracing/configurability/>Configurability (Beta/Development)</a></li></ul></li><li role=none><a role=treeitem title="This task shows you how to visualize your services within an Istio mesh." href=/v1.8/docs/tasks/observability/kiali/>Visualizing Your Mesh</a></li><li role=none><a role=treeitem title="This task shows you how to configure external access to the set of Istio telemetry addons." href=/v1.8/docs/tasks/observability/gateways/>Remotely Accessing Telemetry Addons</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card94 title="A variety of fully working example uses for Istio that you can experiment with." aria-controls=card94-body><svg class="icon examples"><use xlink:href="/v1.8/img/icons.svg#examples"/></svg>Examples</button><div class=body aria-labelledby=card94 role=region id=card94-body><ul role=tree aria-expanded=true aria-labelledby=card94><li role=none><a role=treeitem title="Deploys a sample application composed of four separate microservices used to demonstrate various Istio features." href=/v1.8/docs/examples/bookinfo/>Bookinfo Application</a></li><li role=treeitem aria-label="Virtual Machines"><button aria-hidden=true></button><a title="Examples that add workloads running on virtual machines to an Istio mesh." href=/v1.8/docs/examples/virtual-machines/>Virtual Machines</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Learn how to add a service running on a virtual machine to your single-network Istio mesh." href=/v1.8/docs/examples/virtual-machines/single-network/>Example Application using Virtual Machines in a Single Network Mesh</a></li><li role=none><a role=treeitem title="Learn how to add a service running on a virtual machine to your multi-network Istio mesh." href=/v1.8/docs/examples/virtual-machines/multi-network/>Virtual Machines in Multi-Network Meshes</a></li><li role=none><a role=treeitem title="Run the Bookinfo application with a MySQL service running on a virtual machine within your mesh." href=/v1.8/docs/examples/virtual-machines/bookinfo/>Bookinfo with a Virtual Machine</a></li></ul></li><li role=treeitem aria-label="Learn Microservices using Kubernetes and Istio"><button aria-hidden=true></button><a title="This modular tutorial provides new users with hands-on experience using Istio for common microservices scenarios, one step at a time." href=/v1.8/docs/examples/microservices-istio/>Learn Microservices using Kubernetes and Istio</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/prereq/>Prerequisites</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/setup-kubernetes-cluster/>Setup a Kubernetes Cluster</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/setup-local-computer/>Setup a Local Computer</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/single/>Run a Microservice Locally</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/package-service/>Run ratings in Docker</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/bookinfo-kubernetes/>Run Bookinfo with Kubernetes</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/production-testing/>Test in production</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/add-new-microservice-version/>Add a new version of reviews</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/add-istio/>Enable Istio on productpage</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/enable-istio-all-microservices/>Enable Istio on all the microservices</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/istio-ingress-gateway/>Configure Istio Ingress Gateway</a></li><li role=none><a role=treeitem href=/v1.8/docs/examples/microservices-istio/logs-istio/>Monitoring with Istio</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card118 title="Concepts, tools, and techniques to deploy and manage an Istio mesh." aria-controls=card118-body><svg class="icon guide"><use xlink:href="/v1.8/img/icons.svg#guide"/></svg>Operations</button><div class=body aria-labelledby=card118 role=region id=card118-body><ul role=tree aria-expanded=true aria-labelledby=card118><li role=treeitem aria-label=Deployment><button aria-hidden=true></button><a title="Requirements, concepts, and considerations for setting up an Istio deployment." href=/v1.8/docs/ops/deployment/>Deployment</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes Istio's high-level architecture and design goals." href=/v1.8/docs/ops/deployment/architecture/>Architecture</a></li><li role=none><a role=treeitem title="Describes the options and considerations when configuring your Istio deployment." href=/v1.8/docs/ops/deployment/deployment-models/>Deployment Models</a></li><li role=none><a role=treeitem title="Istio performance and scalability summary." href=/v1.8/docs/ops/deployment/performance-and-scalability/>Performance and Scalability</a></li><li role=none><a role=treeitem title="Requirements of applications deployed in an Istio-enabled cluster." href=/v1.8/docs/ops/deployment/requirements/>Application Requirements</a></li></ul></li><li role=treeitem aria-label=Configuration><button aria-hidden=true></button><a title="Advanced concepts and features for configuring a running Istio mesh." href=/v1.8/docs/ops/configuration/>Configuration</a><ul role=group aria-expanded=false><li role=treeitem aria-label="Mesh Configuration"><button aria-hidden=true></button><a title="Helps you manage the global mesh configuration." href=/v1.8/docs/ops/configuration/mesh/>Mesh Configuration</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Provides a general overview of Istio's use of Kubernetes webhooks and the related issues that can arise." href=/v1.8/docs/ops/configuration/mesh/webhook/>Dynamic Admission Webhooks Overview</a></li><li role=none><a role=treeitem title="Describes how to wait to apply mesh configuration until a resource reaches a given status or readiness." href=/v1.8/docs/ops/configuration/mesh/config-resource-ready/>Wait for Resource Status to Apply Configuration</a></li><li role=none><a role=treeitem title="Describes Istio's use of Kubernetes webhooks for automatic sidecar injection." href=/v1.8/docs/ops/configuration/mesh/injection-concepts/>Automatic Sidecar Injection</a></li><li role=none><a role=treeitem title="Shows how to do health checking for Istio services." href=/v1.8/docs/ops/configuration/mesh/app-health-check/>Health Checking of Istio Services</a></li></ul></li><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Helps you manage the networking aspects of a running mesh." href=/v1.8/docs/ops/configuration/traffic-management/>Traffic Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Information on how to specify protocols." href=/v1.8/docs/ops/configuration/traffic-management/protocol-selection/>Protocol Selection</a></li><li role=none><a role=treeitem title="Information on how to enable and understand Locality Load Balancing." href=/v1.8/docs/ops/configuration/traffic-management/locality-load-balancing/>Locality Load Balancing</a></li><li role=none><a role=treeitem title="How to configure TLS settings to secure network traffic." href=/v1.8/docs/ops/configuration/traffic-management/tls-configuration/>TLS Configuration</a></li><li role=none><a role=treeitem title="How to configure gateway network topology." href=/v1.8/docs/ops/configuration/traffic-management/network-topologies/>Configuring Gateway Network Topology [experimental]</a></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Helps you manage the security aspects of a running mesh." href=/v1.8/docs/ops/configuration/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Use hardened container images to reduce Istio's attack surface." href=/v1.8/docs/ops/configuration/security/harden-docker-images/>Harden Docker Container Images</a></li><li role=none><a role=treeitem title="Learn how to extend the lifetime of the Istio self-signed root certificate." href=/v1.8/docs/ops/configuration/security/root-transition/>Extending Self-Signed Certificate Lifetime</a></li></ul></li><li role=treeitem aria-label=Observability><button aria-hidden=true></button><a title="Helps you manage telemetry collection and visualization in a running mesh." href=/v1.8/docs/ops/configuration/telemetry/>Observability</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Fine-grained control of Envoy statistics." href=/v1.8/docs/ops/configuration/telemetry/envoy-stats/>Envoy Statistics</a></li><li role=none><a role=treeitem title="Configure Prometheus to monitor multicluster Istio." href=/v1.8/docs/ops/configuration/telemetry/monitoring-multicluster-prometheus/>Monitoring Multicluster Istio with Prometheus</a></li></ul></li></ul></li><li role=treeitem aria-label="Best Practices"><button aria-hidden=true></button><a title="Best practices for setting up and managing an Istio service mesh." href=/v1.8/docs/ops/best-practices/>Best Practices</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="General best practices when setting up an Istio service mesh." href=/v1.8/docs/ops/best-practices/deployment/>Deployment Best Practices</a></li><li role=none><a role=treeitem title="Configuration best practices to avoid networking or traffic management issues." href=/v1.8/docs/ops/best-practices/traffic-management/>Traffic Management Best Practices</a></li><li role=none><a role=treeitem title="Best practices for securing applications using Istio." href=/v1.8/docs/ops/best-practices/security/>Security Best Practices</a></li><li role=none><a role=treeitem title="Best practices for observing applications using Istio." href=/v1.8/docs/ops/best-practices/observability/>Observability Best Practices</a></li></ul></li><li role=treeitem aria-label="Common Problems"><button aria-hidden=true></button><a title="Describes how to identify and resolve common problems in Istio." href=/v1.8/docs/ops/common-problems/>Common Problems</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Techniques to address common Istio traffic management and network problems." href=/v1.8/docs/ops/common-problems/network-issues/>Traffic Management Problems</a></li><li role=none><a role=treeitem title="Techniques to address common Istio authentication, authorization, and general security-related problems." href=/v1.8/docs/ops/common-problems/security-issues/>Security Problems</a></li><li role=none><a role=treeitem title="Dealing with telemetry collection issues." href=/v1.8/docs/ops/common-problems/observability-issues/>Observability Problems</a></li><li role=none><a role=treeitem title="Resolve common problems with Istio's use of Kubernetes webhooks for automatic sidecar injection." href=/v1.8/docs/ops/common-problems/injection/>Sidecar Injection Problems</a></li><li role=none><a role=treeitem title="Describes how to resolve configuration validation problems." href=/v1.8/docs/ops/common-problems/validation/>Configuration Validation Problems</a></li></ul></li><li role=treeitem aria-label="Diagnostic Tools"><button aria-hidden=true></button><a title="Tools and techniques to help troubleshoot an Istio mesh." href=/v1.8/docs/ops/diagnostic-tools/>Diagnostic Tools</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Istio includes a supplemental tool that provides debugging and diagnosis for Istio service mesh deployments." href=/v1.8/docs/ops/diagnostic-tools/istioctl/>Using the Istioctl Command-line Tool</a></li><li role=none><a role=treeitem title="Describes tools and techniques to diagnose Envoy configuration issues related to traffic management." href=/v1.8/docs/ops/diagnostic-tools/proxy-cmd/>Debugging Envoy and Istiod</a></li><li role=none><a role=treeitem title="Shows you how to use istioctl describe to verify the configurations of a pod in your mesh." href=/v1.8/docs/ops/diagnostic-tools/istioctl-describe/>Understand your Mesh with Istioctl Describe</a></li><li role=none><a role=treeitem title="Shows you how to use istioctl analyze to identify potential issues with your configuration." href=/v1.8/docs/ops/diagnostic-tools/istioctl-analyze/>Diagnose your Configuration with Istioctl Analyze</a></li><li role=none><a role=treeitem title="Describes how to use ControlZ to get insight into a running istiod component." href=/v1.8/docs/ops/diagnostic-tools/controlz/>Istiod Introspection</a></li><li role=none><a role=treeitem title="Describes how to use component-level logging to get insights into a running component's behavior." href=/v1.8/docs/ops/diagnostic-tools/component-logging/>Component Logging</a></li></ul></li><li role=treeitem aria-label=Integrations><button aria-hidden=true></button><a title="Other softwares that Istio can integrate with to provide additional functionality." href=/v1.8/docs/ops/integrations/>Integrations</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Information on how to integrate with cert-manager." href=/v1.8/docs/ops/integrations/certmanager/>cert-manager</a></li><li role=none><a role=treeitem title="Information on how to integrate with Grafana to set up Istio dashboards." href=/v1.8/docs/ops/integrations/grafana/>Grafana</a></li><li role=none><a role=treeitem title="How to integrate with Jaeger." href=/v1.8/docs/ops/integrations/jaeger/>Jaeger</a></li><li role=none><a role=treeitem title="Information on how to integrate with Kiali." href=/v1.8/docs/ops/integrations/kiali/>Kiali</a></li><li role=none><a role=treeitem title="How to integrate with Prometheus." href=/v1.8/docs/ops/integrations/prometheus/>Prometheus</a></li><li role=none><a role=treeitem title="How to integrate with Zipkin." href=/v1.8/docs/ops/integrations/zipkin/>Zipkin</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card169 title="Detailed authoritative reference material such as command-line options, configuration options, and API calling parameters." aria-controls=card169-body><svg class="icon reference"><use xlink:href="/v1.8/img/icons.svg#reference"/></svg>Reference</button><div class="body default" aria-labelledby=card169 role=region id=card169-body><ul role=tree aria-expanded=true aria-labelledby=card169><li role=treeitem aria-label=Configuration><button class=show aria-hidden=true></button><a title="Detailed information on configuration options." href=/v1.8/docs/reference/config/>Configuration</a><ul role=group aria-expanded=true><li role=none><a role=treeitem title="Configuration affecting Istio control plane installation version and shape." href=/v1.8/docs/reference/config/istio.operator.v1alpha1/>IstioOperator Options</a></li><li role=none><a role=treeitem title="Configuration affecting the service mesh as a whole." href=/v1.8/docs/reference/config/istio.mesh.v1alpha1/>Global Mesh Options</a></li><li role=none><a role=treeitem title="Describes the structure of messages generated by Istio analyzers." href=/v1.8/docs/reference/config/istio.analysis.v1alpha1/>Analysis Messages</a></li><li role=none><a role=treeitem title="Describes the role of the `status` field in configuration workflow." href=/v1.8/docs/reference/config/config-status/>Configuration Status Field</a></li><li role=treeitem aria-label="Proxy Extensions"><button aria-hidden=true></button><a title="Describes how to configure Istio proxy extensions." href=/v1.8/docs/reference/config/proxy_extensions/>Proxy Extensions</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration for Metadata Exchange Filter." href=/v1.8/docs/reference/config/proxy_extensions/metadata_exchange/>Metadata Exchange Config</a></li><li role=none><a role=treeitem title="Configuration for Stackdriver filter." href=/v1.8/docs/reference/config/proxy_extensions/stackdriver/>Stackdriver Config</a></li><li role=none><a role=treeitem title="Configuration for Attribute Generation plugin." href=/v1.8/docs/reference/config/proxy_extensions/attributegen/>AttributeGen Config</a></li><li role=none><a role=treeitem title="Configuration for AccessLogPolicy Filter." href=/v1.8/docs/reference/config/proxy_extensions/accesslogpolicy/>AccessLogPolicy Config</a></li><li role=none><a role=treeitem title="Configuration for Stats Filter." href=/v1.8/docs/reference/config/proxy_extensions/stats/>Stats Config</a></li><li role=none><a role=treeitem title="How to enable telemetry generation with the Wasm runtime (experimental)." href=/v1.8/docs/reference/config/proxy_extensions/wasm_telemetry/>Wasm-based Telemetry (Experimental)</a></li></ul></li><li role=treeitem aria-label="Traffic Management"><button class=show aria-hidden=true></button><a title="Describes how to configure HTTP/TCP routing features." href=/v1.8/docs/reference/config/networking/>Traffic Management</a><ul role=group aria-expanded=true class=leaf-section><li role=none><a role=treeitem title="Configuration affecting load balancing, outlier detection, etc." href=/v1.8/docs/reference/config/networking/destination-rule/>Destination Rule</a></li><li role=none><a role=treeitem title="Customizing Envoy configuration generated by Istio." href=/v1.8/docs/reference/config/networking/envoy-filter/>Envoy Filter</a></li><li role=none><a role=treeitem title="Configuration affecting edge load balancer." href=/v1.8/docs/reference/config/networking/gateway/>Gateway</a></li><li role=none><span role=treeitem class=current title="Configuration affecting service registry.">Service Entry</span></li><li role=none><a role=treeitem title="Configuration affecting network reachability of a sidecar." href=/v1.8/docs/reference/config/networking/sidecar/>Sidecar</a></li><li role=none><a role=treeitem title="Describes a collection of workload instances." href=/v1.8/docs/reference/config/networking/workload-group/>Workload Group</a></li><li role=none><a role=treeitem title="Configuration affecting VMs onboarded into the mesh." href=/v1.8/docs/reference/config/networking/workload-entry/>Workload Entry</a></li><li role=none><a role=treeitem title="Configuration affecting label/content routing, sni routing, etc." href=/v1.8/docs/reference/config/networking/virtual-service/>Virtual Service</a></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Describes how to configure Istio's security features." href=/v1.8/docs/reference/config/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration to validate JWT." href=/v1.8/docs/reference/config/security/jwt/>JWTRule</a></li><li role=none><a role=treeitem title="Peer authentication configuration for workloads." href=/v1.8/docs/reference/config/security/peer_authentication/>PeerAuthentication</a></li><li role=none><a role=treeitem title="Request authentication configuration for workloads." href=/v1.8/docs/reference/config/security/request_authentication/>RequestAuthentication</a></li><li role=none><a role=treeitem title="Configuration for access control on workloads." href=/v1.8/docs/reference/config/security/authorization-policy/>Authorization Policy</a></li><li role=none><a role=treeitem title="Describes the supported conditions in authorization policies." href=/v1.8/docs/reference/config/security/conditions/>Authorization Policy Conditions</a></li></ul></li><li role=treeitem aria-label="Common Types"><button aria-hidden=true></button><a title="Describes common types in Istio API." href=/v1.8/docs/reference/config/type/>Common Types</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Definition of a workload selector." href=/v1.8/docs/reference/config/type/workload-selector/>Workload Selector</a></li></ul></li><li role=none><a role=treeitem title="Istio standard metrics exported by Istio telemetry." href=/v1.8/docs/reference/config/metrics/>Istio Standard Metrics</a></li><li role=none><a role=treeitem title="Resource annotations used by Istio." href=/v1.8/docs/reference/config/annotations/>Resource Annotations</a></li><li role=treeitem aria-label="Configuration Analysis Messages"><button aria-hidden=true></button><a title="Documents the individual error and warning messages produced during configuration analysis." href=/v1.8/docs/reference/config/analysis/>Configuration Analysis Messages</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0113/>MTLSPolicyConflict</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0109/>ConflictingMeshGatewayVirtualServiceHosts</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0110/>ConflictingSidecarWorkloadSelectors</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0116/>DeploymentAssociatedToMultipleServices</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0117/>DeploymentRequiresServiceAssociated</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0002/>Deprecated</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0104/>GatewayPortNotOnWorkload</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0001/>InternalError</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0125/>InvalidAnnotation</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0122/>InvalidRegexp</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0105/>IstioProxyImageMismatch</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0119/>JwtFailureDueToInvalidServicePortPrefix</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0107/>MisplacedAnnotation</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0108/>UnknownAnnotation</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0111/>MultipleSidecarsWithoutWorkloadSelectors</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0123/>NamespaceMultipleInjectionLabels</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0102/>NamespaceNotInjected</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0127/>NoMatchingWorkloadsFound</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0128/>NoServerCertificateVerificationDestinationLevel</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0129/>NoServerCertificateVerificationPortLevel</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/message-format/>Analyzer Message Format</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0131/>VirtualServiceIneffectiveMatch</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0118/>PortNameIsNotUnderNamingConvention</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0101/>ReferencedResourceNotFound</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0106/>SchemaValidationError</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0130/>VirtualServiceUnreachableRule</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0103/>PodMissingProxy</a></li><li role=none><a role=treeitem href=/v1.8/docs/reference/config/analysis/ist0112/>VirtualServiceDestinationPortSelectorRequired</a></li></ul></li></ul></li><li role=treeitem aria-label=Commands><button aria-hidden=true></button><a title="Describes usage and options of the Istio commands and utilities." href=/v1.8/docs/reference/commands/>Commands</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Istio control interface." href=/v1.8/docs/reference/commands/istioctl/>istioctl</a></li><li role=none><a role=treeitem title="Istio Pilot." href=/v1.8/docs/reference/commands/pilot-discovery/>pilot-discovery</a></li><li role=none><a role=treeitem title="The Istio operator." href=/v1.8/docs/reference/commands/operator/>operator</a></li><li role=none><a role=treeitem title="Istio Pilot agent." href=/v1.8/docs/reference/commands/pilot-agent/>pilot-agent</a></li></ul></li><li role=none><a role=treeitem title="A glossary of common Istio terms." href=/v1.8/docs/reference/glossary/>Glossary</a></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title="Toggle the navigation bar"><svg class="icon pull"><use xlink:href="/v1.8/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.8/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.8/docs/ title="Learn how to deploy, use, and operate Istio.">Docs</a></li><li><a href=/v1.8/docs/reference/ title="Detailed authoritative reference material such as command-line options, configuration options, and API calling parameters.">Reference</a></li><li><a href=/v1.8/docs/reference/config/ title="Detailed information on configuration options.">Configuration</a></li><li><a href=/v1.8/docs/reference/config/networking/ title="Describes how to configure HTTP/TCP routing features.">Traffic Management</a></li><li>Service Entry</li></ol></nav><article aria-labelledby=title><div class=title-area><div style=width:100%><h1 id=title>Service Entry</h1><p class=byline><span title="2683 words"><svg class="icon clock"><use xlink:href="/v1.8/img/icons.svg#clock"/></svg><span> </span>13 minute read</span>
|
||
<span> </span>
|
||
<span></span></p></div></div><nav class=toc-inlined aria-label="Table of Contents"><div><hr><ol><li role=none aria-label=ServiceEntry><a href=#ServiceEntry>ServiceEntry</a><li role=none aria-label=ServiceEntry.Location><a href=#ServiceEntry-Location>ServiceEntry.Location</a><li role=none aria-label=ServiceEntry.Resolution><a href=#ServiceEntry-Resolution>ServiceEntry.Resolution</a></ol><hr></div></nav><p><code>ServiceEntry</code> enables adding additional entries into Istio’s
|
||
internal service registry, so that auto-discovered services in the
|
||
mesh can access/route to these manually specified services. A
|
||
service entry describes the properties of a service (DNS name,
|
||
VIPs, ports, protocols, endpoints). These services could be
|
||
external to the mesh (e.g., web APIs) or mesh-internal services
|
||
that are not part of the platform’s service registry (e.g., a set
|
||
of VMs talking to services in Kubernetes). In addition, the
|
||
endpoints of a service entry can also be dynamically selected by
|
||
using the <code>workloadSelector</code> field. These endpoints can be VM
|
||
workloads declared using the <code>WorkloadEntry</code> object or Kubernetes
|
||
pods. The ability to select both pods and VMs under a single
|
||
service allows for migration of services from VMs to Kubernetes
|
||
without having to change the existing DNS names associated with the
|
||
services.</p><p>The following example declares a few external APIs accessed by internal
|
||
applications over HTTPS. The sidecar inspects the SNI value in the
|
||
ClientHello message to route to the appropriate external service.</p><div id=tabset-docs-reference-config-networking-service-entry-1 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-1-0-panel id=tabset-docs-reference-config-networking-service-entry-1-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-1-1-panel id=tabset-docs-reference-config-networking-service-entry-1-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-1-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-1-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-https
|
||
spec:
|
||
hosts:
|
||
- api.dropboxapi.com
|
||
- www.googleapis.com
|
||
- api.facebook.com
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 443
|
||
name: https
|
||
protocol: TLS
|
||
resolution: DNS
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-1-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-1-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-https
|
||
spec:
|
||
hosts:
|
||
- api.dropboxapi.com
|
||
- www.googleapis.com
|
||
- api.facebook.com
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 443
|
||
name: https
|
||
protocol: TLS
|
||
resolution: DNS
|
||
</code></pre></div></div></div><p>The following configuration adds a set of MongoDB instances running on
|
||
unmanaged VMs to Istio’s registry, so that these services can be treated
|
||
as any other service in the mesh. The associated DestinationRule is used
|
||
to initiate mTLS connections to the database instances.</p><div id=tabset-docs-reference-config-networking-service-entry-2 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-2-0-panel id=tabset-docs-reference-config-networking-service-entry-2-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-2-1-panel id=tabset-docs-reference-config-networking-service-entry-2-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-2-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-2-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-mongocluster
|
||
spec:
|
||
hosts:
|
||
- mymongodb.somedomain # not used
|
||
addresses:
|
||
- 192.192.192.192/24 # VIPs
|
||
ports:
|
||
- number: 27018
|
||
name: mongodb
|
||
protocol: MONGO
|
||
location: MESH_INTERNAL
|
||
resolution: STATIC
|
||
endpoints:
|
||
- address: 2.2.2.2
|
||
- address: 3.3.3.3
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-2-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-2-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-mongocluster
|
||
spec:
|
||
hosts:
|
||
- mymongodb.somedomain # not used
|
||
addresses:
|
||
- 192.192.192.192/24 # VIPs
|
||
ports:
|
||
- number: 27018
|
||
name: mongodb
|
||
protocol: MONGO
|
||
location: MESH_INTERNAL
|
||
resolution: STATIC
|
||
endpoints:
|
||
- address: 2.2.2.2
|
||
- address: 3.3.3.3
|
||
</code></pre></div></div></div><p>and the associated DestinationRule</p><div id=tabset-docs-reference-config-networking-service-entry-3 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-3-0-panel id=tabset-docs-reference-config-networking-service-entry-3-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-3-1-panel id=tabset-docs-reference-config-networking-service-entry-3-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-3-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-3-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: mtls-mongocluster
|
||
spec:
|
||
host: mymongodb.somedomain
|
||
trafficPolicy:
|
||
tls:
|
||
mode: MUTUAL
|
||
clientCertificate: /etc/certs/myclientcert.pem
|
||
privateKey: /etc/certs/client_private_key.pem
|
||
caCertificates: /etc/certs/rootcacerts.pem
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-3-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-3-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: DestinationRule
|
||
metadata:
|
||
name: mtls-mongocluster
|
||
spec:
|
||
host: mymongodb.somedomain
|
||
trafficPolicy:
|
||
tls:
|
||
mode: MUTUAL
|
||
clientCertificate: /etc/certs/myclientcert.pem
|
||
privateKey: /etc/certs/client_private_key.pem
|
||
caCertificates: /etc/certs/rootcacerts.pem
|
||
</code></pre></div></div></div><p>The following example uses a combination of service entry and TLS
|
||
routing in a virtual service to steer traffic based on the SNI value to
|
||
an internal egress firewall.</p><div id=tabset-docs-reference-config-networking-service-entry-4 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-4-0-panel id=tabset-docs-reference-config-networking-service-entry-4-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-4-1-panel id=tabset-docs-reference-config-networking-service-entry-4-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-4-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-4-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-redirect
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
- "*.wikipedia.org"
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 443
|
||
name: https
|
||
protocol: TLS
|
||
resolution: NONE
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-4-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-4-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-redirect
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
- "*.wikipedia.org"
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 443
|
||
name: https
|
||
protocol: TLS
|
||
resolution: NONE
|
||
</code></pre></div></div></div><p>And the associated VirtualService to route based on the SNI value.</p><div id=tabset-docs-reference-config-networking-service-entry-5 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-5-0-panel id=tabset-docs-reference-config-networking-service-entry-5-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-5-1-panel id=tabset-docs-reference-config-networking-service-entry-5-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-5-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-5-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: tls-routing
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
- "*.wikipedia.org"
|
||
tls:
|
||
- match:
|
||
- sniHosts:
|
||
- wikipedia.org
|
||
- "*.wikipedia.org"
|
||
route:
|
||
- destination:
|
||
host: internal-egress-firewall.ns1.svc.cluster.local
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-5-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-5-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: tls-routing
|
||
spec:
|
||
hosts:
|
||
- wikipedia.org
|
||
- "*.wikipedia.org"
|
||
tls:
|
||
- match:
|
||
- sniHosts:
|
||
- wikipedia.org
|
||
- "*.wikipedia.org"
|
||
route:
|
||
- destination:
|
||
host: internal-egress-firewall.ns1.svc.cluster.local
|
||
</code></pre></div></div></div><p>The virtual service with TLS match serves to override the default SNI
|
||
match. In the absence of a virtual service, traffic will be forwarded to
|
||
the wikipedia domains.</p><p>The following example demonstrates the use of a dedicated egress gateway
|
||
through which all external service traffic is forwarded.
|
||
The ‘exportTo’ field allows for control over the visibility of a service
|
||
declaration to other namespaces in the mesh. By default, a service is exported
|
||
to all namespaces. The following example restricts the visibility to the
|
||
current namespace, represented by “.”, so that it cannot be used by other
|
||
namespaces.</p><div id=tabset-docs-reference-config-networking-service-entry-6 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-6-0-panel id=tabset-docs-reference-config-networking-service-entry-6-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-6-1-panel id=tabset-docs-reference-config-networking-service-entry-6-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-6-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-6-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-httpbin
|
||
namespace : egress
|
||
spec:
|
||
hosts:
|
||
- httpbin.com
|
||
exportTo:
|
||
- "."
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: DNS
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-6-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-6-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-httpbin
|
||
namespace : egress
|
||
spec:
|
||
hosts:
|
||
- httpbin.com
|
||
exportTo:
|
||
- "."
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: DNS
|
||
</code></pre></div></div></div><p>Define a gateway to handle all egress traffic.</p><div id=tabset-docs-reference-config-networking-service-entry-7 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-7-0-panel id=tabset-docs-reference-config-networking-service-entry-7-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-7-1-panel id=tabset-docs-reference-config-networking-service-entry-7-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-7-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-7-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: Gateway
|
||
metadata:
|
||
name: istio-egressgateway
|
||
namespace: istio-system
|
||
spec:
|
||
selector:
|
||
istio: egressgateway
|
||
servers:
|
||
- port:
|
||
number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
hosts:
|
||
- "*"
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-7-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-7-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: Gateway
|
||
metadata:
|
||
name: istio-egressgateway
|
||
namespace: istio-system
|
||
spec:
|
||
selector:
|
||
istio: egressgateway
|
||
servers:
|
||
- port:
|
||
number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
hosts:
|
||
- "*"
|
||
</code></pre></div></div></div><p>And the associated <code>VirtualService</code> to route from the sidecar to the
|
||
gateway service (<code>istio-egressgateway.istio-system.svc.cluster.local</code>), as
|
||
well as route from the gateway to the external service. Note that the
|
||
virtual service is exported to all namespaces enabling them to route traffic
|
||
through the gateway to the external service. Forcing traffic to go through
|
||
a managed middle proxy like this is a common practice.</p><div id=tabset-docs-reference-config-networking-service-entry-8 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-8-0-panel id=tabset-docs-reference-config-networking-service-entry-8-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-8-1-panel id=tabset-docs-reference-config-networking-service-entry-8-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-8-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-8-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService
|
||
metadata:
|
||
name: gateway-routing
|
||
namespace: egress
|
||
spec:
|
||
hosts:
|
||
- httpbin.com
|
||
exportTo:
|
||
- "*"
|
||
gateways:
|
||
- mesh
|
||
- istio-egressgateway
|
||
http:
|
||
- match:
|
||
- port: 80
|
||
gateways:
|
||
- mesh
|
||
route:
|
||
- destination:
|
||
host: istio-egressgateway.istio-system.svc.cluster.local
|
||
- match:
|
||
- port: 80
|
||
gateways:
|
||
- istio-egressgateway
|
||
route:
|
||
- destination:
|
||
host: httpbin.com
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-8-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-8-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: VirtualService
|
||
metadata:
|
||
name: gateway-routing
|
||
namespace: egress
|
||
spec:
|
||
hosts:
|
||
- httpbin.com
|
||
exportTo:
|
||
- "*"
|
||
gateways:
|
||
- mesh
|
||
- istio-egressgateway
|
||
http:
|
||
- match:
|
||
- port: 80
|
||
gateways:
|
||
- mesh
|
||
route:
|
||
- destination:
|
||
host: istio-egressgateway.istio-system.svc.cluster.local
|
||
- match:
|
||
- port: 80
|
||
gateways:
|
||
- istio-egressgateway
|
||
route:
|
||
- destination:
|
||
host: httpbin.com
|
||
</code></pre></div></div></div><p>The following example demonstrates the use of wildcards in the hosts for
|
||
external services. If the connection has to be routed to the IP address
|
||
requested by the application (i.e. application resolves DNS and attempts
|
||
to connect to a specific IP), the discovery mode must be set to <code>NONE</code>.</p><div id=tabset-docs-reference-config-networking-service-entry-9 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-9-0-panel id=tabset-docs-reference-config-networking-service-entry-9-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-9-1-panel id=tabset-docs-reference-config-networking-service-entry-9-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-9-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-9-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-wildcard-example
|
||
spec:
|
||
hosts:
|
||
- "*.bar.com"
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: NONE
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-9-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-9-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-wildcard-example
|
||
spec:
|
||
hosts:
|
||
- "*.bar.com"
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: NONE
|
||
</code></pre></div></div></div><p>The following example demonstrates a service that is available via a
|
||
Unix Domain Socket on the host of the client. The resolution must be
|
||
set to STATIC to use Unix address endpoints.</p><div id=tabset-docs-reference-config-networking-service-entry-10 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-10-0-panel id=tabset-docs-reference-config-networking-service-entry-10-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-10-1-panel id=tabset-docs-reference-config-networking-service-entry-10-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-10-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-10-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: unix-domain-socket-example
|
||
spec:
|
||
hosts:
|
||
- "example.unix.local"
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: STATIC
|
||
endpoints:
|
||
- address: unix:///var/run/example/socket
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-10-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-10-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: unix-domain-socket-example
|
||
spec:
|
||
hosts:
|
||
- "example.unix.local"
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: STATIC
|
||
endpoints:
|
||
- address: unix:///var/run/example/socket
|
||
</code></pre></div></div></div><p>For HTTP-based services, it is possible to create a <code>VirtualService</code>
|
||
backed by multiple DNS addressable endpoints. In such a scenario, the
|
||
application can use the <code>HTTP_PROXY</code> environment variable to transparently
|
||
reroute API calls for the <code>VirtualService</code> to a chosen backend. For
|
||
example, the following configuration creates a non-existent external
|
||
service called foo.bar.com backed by three domains: us.foo.bar.com:8080,
|
||
uk.foo.bar.com:9080, and in.foo.bar.com:7080</p><div id=tabset-docs-reference-config-networking-service-entry-11 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-11-0-panel id=tabset-docs-reference-config-networking-service-entry-11-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-11-1-panel id=tabset-docs-reference-config-networking-service-entry-11-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-11-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-11-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-dns
|
||
spec:
|
||
hosts:
|
||
- foo.bar.com
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: DNS
|
||
endpoints:
|
||
- address: us.foo.bar.com
|
||
ports:
|
||
http: 8080
|
||
- address: uk.foo.bar.com
|
||
ports:
|
||
http: 9080
|
||
- address: in.foo.bar.com
|
||
ports:
|
||
http: 7080
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-11-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-11-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: external-svc-dns
|
||
spec:
|
||
hosts:
|
||
- foo.bar.com
|
||
location: MESH_EXTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: DNS
|
||
endpoints:
|
||
- address: us.foo.bar.com
|
||
ports:
|
||
https: 8080
|
||
- address: uk.foo.bar.com
|
||
ports:
|
||
https: 9080
|
||
- address: in.foo.bar.com
|
||
ports:
|
||
https: 7080
|
||
</code></pre></div></div></div><p>With <code>HTTP_PROXY=http://localhost/</code>, calls from the application to
|
||
<code>http://foo.bar.com</code> will be load balanced across the three domains
|
||
specified above. In other words, a call to <code>http://foo.bar.com/baz</code> would
|
||
be translated to <code>http://uk.foo.bar.com/baz</code>.</p><p>The following example illustrates the usage of a <code>ServiceEntry</code>
|
||
containing a subject alternate name
|
||
whose format conforms to the <a href=https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md>SPIFFE standard</a>:</p><div id=tabset-docs-reference-config-networking-service-entry-12 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-12-0-panel id=tabset-docs-reference-config-networking-service-entry-12-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-12-1-panel id=tabset-docs-reference-config-networking-service-entry-12-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-12-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-12-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: httpbin
|
||
namespace : httpbin-ns
|
||
spec:
|
||
hosts:
|
||
- httpbin.com
|
||
location: MESH_INTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: STATIC
|
||
endpoints:
|
||
- address: 2.2.2.2
|
||
- address: 3.3.3.3
|
||
subjectAltNames:
|
||
- "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-12-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-12-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: httpbin
|
||
namespace : httpbin-ns
|
||
spec:
|
||
hosts:
|
||
- httpbin.com
|
||
location: MESH_INTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: STATIC
|
||
endpoints:
|
||
- address: 2.2.2.2
|
||
- address: 3.3.3.3
|
||
subjectAltNames:
|
||
- "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
|
||
</code></pre></div></div></div><p>The following example demonstrates the use of <code>ServiceEntry</code> with a
|
||
<code>workloadSelector</code> to handle the migration of a service
|
||
<code>details.bookinfo.com</code> from VMs to Kubernetes. The service has two
|
||
VM-based instances with sidecars as well as a set of Kubernetes
|
||
pods managed by a standard deployment object. Consumers of this
|
||
service in the mesh will be automatically load balanced across the
|
||
VMs and Kubernetes. VM for the <code>details.bookinfo.com</code>
|
||
service. This VM has sidecar installed and bootstrapped using the
|
||
<code>details-legacy</code> service account. The sidecar receives HTTP traffic
|
||
on port 80 (wrapped in istio mutual TLS) and forwards it to the
|
||
application on the localhost on the same port.</p><div id=tabset-docs-reference-config-networking-service-entry-13 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-13-0-panel id=tabset-docs-reference-config-networking-service-entry-13-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-13-1-panel id=tabset-docs-reference-config-networking-service-entry-13-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-13-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-13-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: WorkloadEntry
|
||
metadata:
|
||
name: details-vm-1
|
||
spec:
|
||
serviceAccount: details
|
||
address: 2.2.2.2
|
||
labels:
|
||
app: details
|
||
instance-id: vm1
|
||
---
|
||
apiVersion: networking.istio.io/v1alpha3
|
||
kind: WorkloadEntry
|
||
metadata:
|
||
name: details-vm-2
|
||
spec:
|
||
serviceAccount: details
|
||
address: 3.3.3.3
|
||
labels:
|
||
app: details
|
||
instance-id: vm2
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-13-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-13-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: WorkloadEntry
|
||
metadata:
|
||
name: details-vm-1
|
||
spec:
|
||
serviceAccount: details
|
||
address: 2.2.2.2
|
||
labels:
|
||
app: details
|
||
instance-id: vm1
|
||
---
|
||
apiVersion: networking.istio.io/v1beta1
|
||
kind: WorkloadEntry
|
||
metadata:
|
||
name: details-vm-2
|
||
spec:
|
||
serviceAccount: details
|
||
address: 3.3.3.3
|
||
labels:
|
||
app: details
|
||
instance-id: vm2
|
||
</code></pre></div></div></div><p>Assuming there is also a Kubernetes deployment with pod labels
|
||
<code>app: details</code> using the same service account <code>details</code>, the
|
||
following service entry declares a service spanning both VMs and
|
||
Kubernetes:</p><div id=tabset-docs-reference-config-networking-service-entry-14 role=tablist class=tabset><div class=tab-strip data-category-name=example><button aria-selected=true data-category-value=v1alpha3 aria-controls=tabset-docs-reference-config-networking-service-entry-14-0-panel id=tabset-docs-reference-config-networking-service-entry-14-0-tab role=tab><span>v1alpha3</span>
|
||
</button><button tabindex=-1 data-category-value=v1beta1 aria-controls=tabset-docs-reference-config-networking-service-entry-14-1-panel id=tabset-docs-reference-config-networking-service-entry-14-1-tab role=tab><span>v1beta1</span></button></div><div class=tab-content><div id=tabset-docs-reference-config-networking-service-entry-14-0-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-14-0-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1alpha3
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: details-svc
|
||
spec:
|
||
hosts:
|
||
- details.bookinfo.com
|
||
location: MESH_INTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: STATIC
|
||
workloadSelector:
|
||
labels:
|
||
app: details
|
||
</code></pre></div><div hidden id=tabset-docs-reference-config-networking-service-entry-14-1-panel role=tabpanel tabindex=0 aria-labelledby=tabset-docs-reference-config-networking-service-entry-14-1-tab><pre><code class=language-yaml>apiVersion: networking.istio.io/v1beta1
|
||
kind: ServiceEntry
|
||
metadata:
|
||
name: details-svc
|
||
spec:
|
||
hosts:
|
||
- details.bookinfo.com
|
||
location: MESH_INTERNAL
|
||
ports:
|
||
- number: 80
|
||
name: http
|
||
protocol: HTTP
|
||
resolution: STATIC
|
||
workloadSelector:
|
||
labels:
|
||
app: details
|
||
</code></pre></div></div></div><h2 id=ServiceEntry>ServiceEntry</h2><section><p>ServiceEntry enables adding additional entries into Istio’s internal
|
||
service registry.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=ServiceEntry-hosts><td><code>hosts</code></td><td><code>string[]</code></td><td><p>The hosts associated with the ServiceEntry. Could be a DNS
|
||
name with wildcard prefix.</p><ol><li>The hosts field is used to select matching hosts in VirtualServices and DestinationRules.</li><li>For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field.</li><li>For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value
|
||
will be matched against the hosts field.</li></ol><p><strong>NOTE 1:</strong> When resolution is set to type DNS and no endpoints
|
||
are specified, the host field will be used as the DNS name of the
|
||
endpoint to route traffic to.</p><p><strong>NOTE 2:</strong> If the hostname matches with the name of a service
|
||
from another service registry such as Kubernetes that also
|
||
supplies its own set of endpoints, the ServiceEntry will be
|
||
treated as a decorator of the existing Kubernetes
|
||
service. Properties in the service entry will be added to the
|
||
Kubernetes service if applicable. Currently, the only the
|
||
following additional properties will be considered by <code>istiod</code>:</p><ol><li>subjectAltNames: In addition to verifying the SANs of the
|
||
service accounts associated with the pods of the service, the
|
||
SANs specified here will also be verified.</li></ol></td><td>Yes</td></tr><tr id=ServiceEntry-addresses><td><code>addresses</code></td><td><code>string[]</code></td><td><p>The virtual IP addresses associated with the service. Could be CIDR
|
||
prefix. For HTTP traffic, generated route configurations will include http route
|
||
domains for both the <code>addresses</code> and <code>hosts</code> field values and the destination will
|
||
be identified based on the HTTP Host/Authority header.
|
||
If one or more IP addresses are specified,
|
||
the incoming traffic will be identified as belonging to this service
|
||
if the destination IP matches the IP/CIDRs specified in the addresses
|
||
field. If the Addresses field is empty, traffic will be identified
|
||
solely based on the destination port. In such scenarios, the port on
|
||
which the service is being accessed must not be shared by any other
|
||
service in the mesh. In other words, the sidecar will behave as a
|
||
simple TCP proxy, forwarding incoming traffic on a specified port to
|
||
the specified destination endpoint IP/host. Unix domain socket
|
||
addresses are not supported in this field.</p></td><td>No</td></tr><tr id=ServiceEntry-ports><td><code>ports</code></td><td><code><a href=/v1.8/docs/reference/config/networking/gateway/#Port>Port[]</a></code></td><td><p>The ports associated with the external service. If the
|
||
Endpoints are Unix domain socket addresses, there must be exactly one
|
||
port.</p></td><td>Yes</td></tr><tr id=ServiceEntry-location><td><code>location</code></td><td><code><a href=#ServiceEntry-Location>Location</a></code></td><td><p>Specify whether the service should be considered external to the mesh
|
||
or part of the mesh.</p></td><td>No</td></tr><tr id=ServiceEntry-resolution><td><code>resolution</code></td><td><code><a href=#ServiceEntry-Resolution>Resolution</a></code></td><td><p>Service discovery mode for the hosts. Care must be taken
|
||
when setting the resolution mode to NONE for a TCP port without
|
||
accompanying IP addresses. In such cases, traffic to any IP on
|
||
said port will be allowed (i.e. <code>0.0.0.0:<port></code>).</p></td><td>Yes</td></tr><tr id=ServiceEntry-endpoints><td><code>endpoints</code></td><td><code><a href=/v1.8/docs/reference/config/networking/workload-entry/#WorkloadEntry>WorkloadEntry[]</a></code></td><td><p>One or more endpoints associated with the service. Only one of
|
||
<code>endpoints</code> or <code>workloadSelector</code> can be specified.</p></td><td>No</td></tr><tr id=ServiceEntry-workload_selector><td><code>workloadSelector</code></td><td><code><a href=/v1.8/docs/reference/config/networking/sidecar/#WorkloadSelector>WorkloadSelector</a></code></td><td><p>Applicable only for MESH_INTERNAL services. Only one of
|
||
<code>endpoints</code> or <code>workloadSelector</code> can be specified. Selects one
|
||
or more Kubernetes pods or VM workloads (specified using
|
||
<code>WorkloadEntry</code>) based on their labels. The <code>WorkloadEntry</code> object
|
||
representing the VMs should be defined in the same namespace as
|
||
the ServiceEntry.</p></td><td>No</td></tr><tr id=ServiceEntry-export_to><td><code>exportTo</code></td><td><code>string[]</code></td><td><p>A list of namespaces to which this service is exported. Exporting a service
|
||
allows it to be used by sidecars, gateways and virtual services defined in
|
||
other namespaces. This feature provides a mechanism for service owners
|
||
and mesh administrators to control the visibility of services across
|
||
namespace boundaries.</p><p>If no namespaces are specified then the service is exported to all
|
||
namespaces by default.</p><p>The value “.” is reserved and defines an export to the same namespace that
|
||
the service is declared in. Similarly the value “*” is reserved and
|
||
defines an export to all namespaces.</p><p>For a Kubernetes Service, the equivalent effect can be achieved by setting
|
||
the annotation “networking.istio.io/exportTo” to a comma-separated list
|
||
of namespace names.</p><p>NOTE: in the current release, the <code>exportTo</code> value is restricted to
|
||
“.” or “*” (i.e., the current namespace or all namespaces).</p></td><td>No</td></tr><tr id=ServiceEntry-subject_alt_names><td><code>subjectAltNames</code></td><td><code>string[]</code></td><td><p>If specified, the proxy will verify that the server certificate’s
|
||
subject alternate name matches one of the specified values.</p><p>NOTE: When using the workloadEntry with workloadSelectors, the
|
||
service account specified in the workloadEntry will also be used
|
||
to derive the additional subject alternate names that should be
|
||
verified.</p></td><td>No</td></tr></tbody></table></section><h2 id=ServiceEntry-Location>ServiceEntry.Location</h2><section><p>Location specifies whether the service is part of Istio mesh or
|
||
outside the mesh. Location determines the behavior of several
|
||
features, such as service-to-service mTLS authentication, policy
|
||
enforcement, etc. When communicating with services outside the mesh,
|
||
Istio’s mTLS authentication is disabled, and policy enforcement is
|
||
performed on the client-side as opposed to server-side.</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=ServiceEntry-Location-MESH_EXTERNAL><td><code>MESH_EXTERNAL</code></td><td><p>Signifies that the service is external to the mesh. Typically used
|
||
to indicate external services consumed through APIs.</p></td></tr><tr id=ServiceEntry-Location-MESH_INTERNAL><td><code>MESH_INTERNAL</code></td><td><p>Signifies that the service is part of the mesh. Typically used to
|
||
indicate services added explicitly as part of expanding the service
|
||
mesh to include unmanaged infrastructure (e.g., VMs added to a
|
||
Kubernetes based service mesh).</p></td></tr></tbody></table></section><h2 id=ServiceEntry-Resolution>ServiceEntry.Resolution</h2><section><p>Resolution determines how the proxy will resolve the IP addresses of
|
||
the network endpoints associated with the service, so that it can
|
||
route to one of them. The resolution mode specified here has no impact
|
||
on how the application resolves the IP address associated with the
|
||
service. The application may still have to use DNS to resolve the
|
||
service to an IP so that the outbound traffic can be captured by the
|
||
Proxy. Alternatively, for HTTP services, the application could
|
||
directly communicate with the proxy (e.g., by setting HTTP_PROXY) to
|
||
talk to these services.</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=ServiceEntry-Resolution-NONE><td><code>NONE</code></td><td><p>Assume that incoming connections have already been resolved (to a
|
||
specific destination IP address). Such connections are typically
|
||
routed via the proxy using mechanisms such as IP table REDIRECT/
|
||
eBPF. After performing any routing related transformations, the
|
||
proxy will forward the connection to the IP address to which the
|
||
connection was bound.</p></td></tr><tr id=ServiceEntry-Resolution-STATIC><td><code>STATIC</code></td><td><p>Use the static IP addresses specified in endpoints (see below) as the
|
||
backing instances associated with the service.</p></td></tr><tr id=ServiceEntry-Resolution-DNS><td><code>DNS</code></td><td><p>Attempt to resolve the IP address by querying the ambient DNS,
|
||
during request processing. If no endpoints are specified, the proxy
|
||
will resolve the DNS address specified in the hosts field, if
|
||
wildcards are not used. If endpoints are specified, the DNS
|
||
addresses specified in the endpoints will be resolved to determine
|
||
the destination IP address. DNS resolution cannot be used with Unix
|
||
domain socket endpoints.</p></td></tr></tbody></table></section></article><nav class=pagenav><div class=left><a title="Configuration affecting edge load balancer." href=/v1.8/docs/reference/config/networking/gateway/><svg class="icon left-arrow"><use xlink:href="/v1.8/img/icons.svg#left-arrow"/></svg>Gateway</a></div><div class=right><a title="Configuration affecting network reachability of a sidecar." href=/v1.8/docs/reference/config/networking/sidecar/>Sidecar<svg class="icon right-arrow"><use xlink:href="/v1.8/img/icons.svg#right-arrow"/></svg></a></div></nav><div id=feedback><div id=feedback-initial>Was this information useful?<br><button class="btn feedback" onclick="sendFeedback('en',1)">Yes</button>
|
||
<button class="btn feedback" onclick="sendFeedback('en',0)">No</button></div><div id=feedback-comment>Do you have any suggestions for improvement?<br><br><input id=feedback-textbox type=text placeholder="Help us improve..." data-lang=en></div><div id=feedback-thankyou>Thanks for your feedback!</div></div><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div><div class=toc-container><nav class=toc aria-label="Table of Contents"><div id=toc><ol><li role=none aria-label=ServiceEntry><a href=#ServiceEntry>ServiceEntry</a><li role=none aria-label=ServiceEntry.Location><a href=#ServiceEntry-Location>ServiceEntry.Location</a><li role=none aria-label=ServiceEntry.Resolution><a href=#ServiceEntry-Resolution>ServiceEntry.Resolution</a></ol></div></nav></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.8.3 now" href=/v1.8/docs/setup/getting-started/#download aria-label="Download Istio"><span>download</span><svg class="icon download"><use xlink:href="/v1.8/img/icons.svg#download"/></svg>
|
||
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon discourse"><use xlink:href="/v1.8/img/icons.svg#discourse"/></svg></a>
|
||
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon stackoverflow"><use xlink:href="/v1.8/img/icons.svg#stackoverflow"/></svg></a>
|
||
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://slack.istio.io aria-label=slack><span>slack</span><svg class="icon slack"><use xlink:href="/v1.8/img/icons.svg#slack"/></svg></a>
|
||
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon twitter"><use xlink:href="/v1.8/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
|
||
1.8.3<br>© 2020 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on February 9, 2021</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon github"><use xlink:href="/v1.8/img/icons.svg#github"/></svg></a>
|
||
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon drive"><use xlink:href="/v1.8/img/icons.svg#drive"/></svg></a>
|
||
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon working-groups"><use xlink:href="/v1.8/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon top"><use xlink:href="/v1.8/img/icons.svg#top"/></svg></button></div></body></html> |