istio.io/archive/v1.9/zh/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/index.html

<!doctype html><html lang=zh itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Rules"><meta name=description content="Describes the rules used to configure Mixer's policy and telemetry features."><meta name=keywords content="microservices,services,mesh"><meta property="og:title" content="Rules"><meta property="og:type" content="website"><meta property="og:description" content="Describes the rules used to configure Mixer's policy and telemetry features."><meta property="og:url" content="/v1.9/zh/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/"><meta property="og:image" content="/v1.9/img/istio-whitelogo-bluebackground-framed.svg"><meta property="og:image:alt" content="Istio Logo"><meta property="og:image:width" content="112"><meta property="og:image:height" content="150"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.9 / Rules</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.9/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.9/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.9/feed.xml><link rel="shortcut icon" href=/v1.9/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.9/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.9/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.9/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.9/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.9/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.9/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.9/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.9/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.9/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.9/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.9/css/all.css><script src=/v1.9/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.9";const docTitle="Rules";const iconFile="\/v1.9/img/icons.svg";const buttonCopy='复制到剪切板';const buttonPrint='打印';const buttonDownload='下载';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.9/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.9/zh/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2"/><polygon points="65 240 225 240 125 270"/><polygon points="65 230 125 220 125 110"/><polygon points="135 220 225 230 135 30"/></svg></span><span class=name>Istioldie 1.9</span></a><div id=hamburger><svg class="icon hamburger"><use xlink:href="/v1.9/img/icons.svg#hamburger"/></svg></div><div id=header-links><a class=current title="了解如何部署、使用和运维 Istio。" href=/v1.9/zh/docs/>文档</a>
<a title="关于使用 Istio 的博客文章。" href=/v1.9/zh/blog/2020/>博客<i class=dot data-prefix=/blog></i></a>
<a title="关于 Istio 项目的最新报道。" href=/v1.9/zh/news/>新闻<i class=dot data-prefix=/news></i></a>
<a title="关于 Istio 的常见问题。" href=/v1.9/zh/faq/>FAQ</a>
<a title="关于 Istio 项目的说明。" href=/v1.9/zh/about/>关于</a><div class=menu><button id=gearDropdownButton class=menu-trigger title=选项和设置 aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon gear"><use xlink:href="/v1.9/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem lang=en id=switch-lang-en>English</a>
<a tabindex=-1 role=menuitem lang=zh id=switch-lang-zh class=active>中文</a><div role=separator></div><a tabindex=-1 role=menuitem class=active id=light-theme-item>亮主题</a>
<a tabindex=-1 role=menuitem id=dark-theme-item>暗主题</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>代码高亮</a><div role=separator></div><h6>本站的其它版本</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/docs\/reference\/config\/policy-and-telemetry\/istio.policy.v1beta1\/');return false;">当前版本</a>
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/docs\/reference\/config\/policy-and-telemetry\/istio.policy.v1beta1\/');return false;">下个版本</a>
<a tabindex=-1 role=menuitem href=https://istio.io/archive>旧版本</a></div></div><button id=search-show title="搜索 istio.io" aria-label=搜索><svg class="icon magnifier"><use xlink:href="/v1.9/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search-page-url value=/v1.9/search>
<input id=search-textbox class=form-control name=q type=search aria-label="搜索 istio.io">
<button id=search-close title=取消搜索 type=reset aria-label=取消搜索><svg class="icon cancel-x"><use xlink:href="/v1.9/img/icons.svg#cancel-x"/></svg></button></form></nav></header><div class=banner-container></div><main class=primary><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><button class="header dynamic" id=card31 title="一些概念，理解它们有助于您更好地了解 Istio 系统的不同部分及其使用的抽象。" aria-controls=card31-body><svg class="icon concepts"><use xlink:href="/v1.9/img/icons.svg#concepts"/></svg>概念</button><div class=body aria-labelledby=card31 role=region id=card31-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card31><li role=none><a role=treeitem title="介绍 Istio，它要解决的问题，高层面的架构和设计目标。" href=/v1.9/zh/docs/concepts/what-is-istio/>Istio 是什么？</a></li><li role=none><a role=treeitem title="描述 Istio 多样的流量路由和控制特性。" href=/v1.9/zh/docs/concepts/traffic-management/>流量管理</a></li><li role=none><a role=treeitem title="讲述 Istio 的 WebAssembly 插件系统。" href=/v1.9/zh/docs/concepts/wasm/>扩展性</a></li><li role=none><a role=treeitem title="描述 Istio 的授权与认证功能。" href=/v1.9/zh/docs/concepts/security/>安全</a></li><li role=none><a role=treeitem title="描述 Istio 提供的遥测和监控特性。" href=/v1.9/zh/docs/concepts/observability/>可观察性</a></li></ul></div></div><div class=card><button class="header dynamic" id=card47 title="关于如何在 Kubernetes 集群中安装 Istio 控制平面和添加虚拟机到 mesh 中的说明。" aria-controls=card47-body><svg class="icon setup"><use xlink:href="/v1.9/img/icons.svg#setup"/></svg>安装</button><div class=body aria-labelledby=card47 role=region id=card47-body><ul role=tree aria-expanded=true aria-labelledby=card47><li role=none><a role=treeitem title="快速、轻松地尝试 Istio 特性。" href=/v1.9/zh/docs/setup/getting-started/>入门</a></li><li role=treeitem aria-label=平台安装><button aria-hidden=true></button><a title="在安装 Istio 之前如何准备各种 Kubernetes 平台。" href=/v1.9/zh/docs/setup/platform-setup/>平台安装</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="对阿里云 Kubernetes 集群进行配置以便安装运行 Istio。" href=/v1.9/zh/docs/setup/platform-setup/alicloud/>阿里云</a></li><li role=none><a role=treeitem title="为 Istio 设置一个 Azure 集群的指令。" href=/v1.9/zh/docs/setup/platform-setup/azure/>Azure</a></li><li role=none><a role=treeitem title="在 Docker Desktop 中运行 Istio 的设置说明。" href=/v1.9/zh/docs/setup/platform-setup/docker/>Docker Desktop</a></li><li role=none><a role=treeitem title="在 Google Kubernetes Engine (GKE) 上快速搭建 Istio 服务。" href=/v1.9/zh/docs/setup/platform-setup/gke/>使用 Google Kubernetes Engine 快速开始</a></li><li role=none><a role=treeitem title="在 IBM 公有云或私有云上快速搭建 Istio 服务。" href=/v1.9/zh/docs/setup/platform-setup/ibm/>IBM Cloud 快速开始</a></li><li role=none><a role=treeitem title="为 Istio 设置 kind 的说明。" href=/v1.9/zh/docs/setup/platform-setup/kind/>kind</a></li><li role=none><a role=treeitem title="使用 Gardener 快速搭建 Istio 服务。" href=/v1.9/zh/docs/setup/platform-setup/gardener/>Kubernetes Gardener 快速开始</a></li><li role=none><a role=treeitem title="配置 MicroK8s 以便使用 Istio。" href=/v1.9/zh/docs/setup/platform-setup/microk8s/>MicroK8s</a></li><li role=none><a role=treeitem title="在 Minikube 上配置 Istio。" href=/v1.9/zh/docs/setup/platform-setup/minikube/>Minikube</a></li><li role=none><a role=treeitem title="对 OpenShift 集群进行配置以便安装运行 Istio。" href=/v1.9/zh/docs/setup/platform-setup/openshift/>OpenShift</a></li><li role=none><a role=treeitem title="为 Istio 配置 OKE 集群环境的说明。" href=/v1.9/zh/docs/setup/platform-setup/oci/>Oracle Cloud Infrastructure</a></li></ul></li><li role=treeitem aria-label=安装><button aria-hidden=true></button><a title=选择最适合你需求和平台的安装指南。 href=/v1.9/zh/docs/setup/install/>安装</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="安装、定制 Istio 配置文件，用于深入评估、及生产发布。" href=/v1.9/zh/docs/setup/install/istioctl/>使用 Istioctl 安装</a></li><li role=none><a role=treeitem title="使用 Istio operator 在 Kubernetes 集群中安装 Istio 的说明。" href=/v1.9/zh/docs/setup/install/operator/>使用 Istio Operator 安装</a></li><li role=none><a role=treeitem title="安装、配置、并深入评估 Istio。" href=/v1.9/zh/docs/setup/install/helm/>使用 Helm 安装</a></li><li role=treeitem aria-label=多集群安装><button aria-hidden=true></button><a title="跨多 Kubernetes 集群，安装 Istio 服务网格。" href=/v1.9/zh/docs/setup/install/multicluster/>多集群安装</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="在多个集群上安装 Istio 之前的初始步骤。" href=/v1.9/zh/docs/setup/install/multicluster/before-you-begin/>准备工作</a></li><li role=none><a role=treeitem title="跨多个主集群，安装 Istio 网格。" href=/v1.9/zh/docs/setup/install/multicluster/multi-primary/>多主架构的安装</a></li><li role=none><a role=treeitem title="跨主-从集群，安装 Istio 网格。" href=/v1.9/zh/docs/setup/install/multicluster/primary-remote/>主-从架构的安装</a></li><li role=none><a role=treeitem title="跨网络、多主架构的 Istio 网格安装。" href=/v1.9/zh/docs/setup/install/multicluster/multi-primary_multi-network/>跨网络多主架构的安装</a></li><li role=none><a role=treeitem title="跨网络、主-从架构的 Istio 网格安装。" href=/v1.9/zh/docs/setup/install/multicluster/primary-remote_multi-network/>跨网络主-从架构的安装</a></li><li role=none><a role=treeitem title="验证 Istio 已成功安装到多集群环境中。" href=/v1.9/zh/docs/setup/install/multicluster/verify/>验证安装结果</a></li></ul></li><li role=none><a role=treeitem title="部署 Istio，接入虚拟机中运行的工作负载。" href=/v1.9/zh/docs/setup/install/virtual-machine/>虚拟机安装</a></li></ul></li><li role=treeitem aria-label=升级><button aria-hidden=true></button><a title="选择与您先前用于安装 Istio 的方法相对应的升级指南。" href=/v1.9/zh/docs/setup/upgrade/>升级</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="使用 istioctl 命令来升级或降级 Istio。" href=/v1.9/zh/docs/setup/upgrade/istioctl-upgrade/>使用 istioctl 命令升级 Istio [实验中]</a></li><li role=none><a role=treeitem title="升级 Istio 控制平面，可以选择使用 Helm 升级 CNI 插件。" href=/v1.9/zh/docs/setup/upgrade/cni-helm-upgrade/>使用 Helm 升级</a></li></ul></li><li role=treeitem aria-label=更多指南><button aria-hidden=true></button><a title=有关其他设置任务的更多信息。 href=/v1.9/zh/docs/setup/additional-setup/>更多指南</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="描述 Istio 内置的安装配置文件。" href=/v1.9/zh/docs/setup/additional-setup/config-profiles/>安装配置</a></li><li role=none><a role=treeitem title="在应用程序 Pod 中使用 sidecar injector webhook 自动安装或使用 istioctl CLI 手动安装 Istio sidecar。" href=/v1.9/zh/docs/setup/additional-setup/sidecar-injection/>设置 Sidecar</a></li><li role=none><a role=treeitem title="安装并使用 Istio CNI 插件，可以让运维人员用更低的权限来部署服务。" href=/v1.9/zh/docs/setup/additional-setup/cni/>安装 Istio CNI 插件</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card64 title="如何用 Istio 系统实现特定目标的行为。" aria-controls=card64-body><svg class="icon tasks"><use xlink:href="/v1.9/img/icons.svg#tasks"/></svg>任务</button><div class=body aria-labelledby=card64 role=region id=card64-body><ul role=tree aria-expanded=true aria-labelledby=card64><li role=treeitem aria-label=流量管理><button aria-hidden=true></button><a title="演示 Istio 的流量路由功能的任务。" href=/v1.9/zh/docs/tasks/traffic-management/>流量管理</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title=此任务将展示如何将请求动态路由到微服务的多个版本。 href=/v1.9/zh/docs/tasks/traffic-management/request-routing/>配置请求路由</a></li><li role=none><a role=treeitem title=此任务说明如何注入故障并测试应用程序的弹性。 href=/v1.9/zh/docs/tasks/traffic-management/fault-injection/>故障注入</a></li><li role=none><a role=treeitem title=展示如何将流量从旧版本迁移到新版本的服务。 href=/v1.9/zh/docs/tasks/traffic-management/traffic-shifting/>流量转移</a></li><li role=none><a role=treeitem title="展示如何将一个服务的 TCP 流量从旧版本迁移到新版本。" href=/v1.9/zh/docs/tasks/traffic-management/tcp-traffic-shifting/>TCP 流量转移</a></li><li role=none><a role=treeitem title="本任务用于示范如何使用 Istio 在 Envoy 中设置请求超时。" href=/v1.9/zh/docs/tasks/traffic-management/request-timeouts/>设置请求超时</a></li><li role=none><a role=treeitem title=本任务展示如何为连接、请求以及异常检测配置熔断。 href=/v1.9/zh/docs/tasks/traffic-management/circuit-breaking/>熔断</a></li><li role=none><a role=treeitem title="此任务演示了 Istio 的流量镜像/影子功能。" href=/v1.9/zh/docs/tasks/traffic-management/mirroring/>镜像</a></li><li role=treeitem aria-label=Ingress><button aria-hidden=true></button><a title="控制 Istio 服务网格的入口流量。" href=/v1.9/zh/docs/tasks/traffic-management/ingress/>Ingress</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="描述如何配置 Istio gateway，以将服务暴露至服务网格之外。" href=/v1.9/zh/docs/tasks/traffic-management/ingress/ingress-control/>Ingress Gateway</a></li><li role=none><a role=treeitem title="使用文件挂载的证书并通过 TLS 或 mTLS 将服务暴露至服务网格之外。" href=/v1.9/zh/docs/tasks/traffic-management/ingress/secure-ingress-mount/>安全网关（文件挂载）</a></li><li role=none><a role=treeitem title="使用 Secret 发现服务（SDS) 通过 TLS 或者 mTLS 把服务暴露给服务网格外部。" href=/v1.9/zh/docs/tasks/traffic-management/ingress/secure-ingress-sds/>使用 SDS 为 Gateway 提供 HTTPS 加密支持</a></li><li role=none><a role=treeitem title="说明了如何为一个 ingress gateway 配置 SNI 透传。" href=/v1.9/zh/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/>无 TLS 终止的 Ingress Gateway</a></li></ul></li><li role=treeitem aria-label=Egress><button aria-hidden=true></button><a title="控制 Istio 服务网格的出口流量。" href=/v1.9/zh/docs/tasks/traffic-management/egress/>Egress</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="描述如何配置 Istio 以将流量从网格中的服务路由到外部服务。" href=/v1.9/zh/docs/tasks/traffic-management/egress/egress-control/>访问外部服务</a></li><li role=none><a role=treeitem title="描述如何配置 Istio 对来自外部服务的流量执行 TLS 发起。" href=/v1.9/zh/docs/tasks/traffic-management/egress/egress-tls-origination/>Egress TLS Origination</a></li><li role=none><a role=treeitem title="描述如何配置 Istio 通过专用网关服务将流量定向到外部服务。" href=/v1.9/zh/docs/tasks/traffic-management/egress/egress-gateway/>Egress Gateway</a></li><li role=none><a role=treeitem title="描述如何配置一个 Egress 网关，来向外部服务发起 TLS 连接。" href=/v1.9/zh/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/>Egress 网关的 TLS 发起过程</a></li><li role=none><a role=treeitem title="描述如何开启通用域中一组主机的 egress，无需单独配置每一台主机。" href=/v1.9/zh/docs/tasks/traffic-management/egress/wildcard-egress-hosts/>Wildcard 主机的 egress</a></li><li role=none><a role=treeitem title="描述如何在 TLS Egress 上配置 SNI 监控和策略。" href=/v1.9/zh/docs/tasks/traffic-management/egress/egress_sni_monitoring_and_policies/>TLS Egress 监控和策略配置</a></li><li role=none><a role=treeitem title="展示如何配置 Istio Kubernetes 外部服务。" href=/v1.9/zh/docs/tasks/traffic-management/egress/egress-kubernetes-services/>Kubernetes Egress 流量服务</a></li><li role=none><a role=treeitem title="描述如何配置 Istio 以允许应用程序使用外部 HTTPS 代理。" href=/v1.9/zh/docs/tasks/traffic-management/egress/http-proxy/>使用外部 HTTPS 代理</a></li></ul></li></ul></li><li role=treeitem aria-label=安全><button aria-hidden=true></button><a title=演示如何保护网格。 href=/v1.9/zh/docs/tasks/security/>安全</a><ul role=group aria-expanded=false><li role=treeitem aria-label=认证><button aria-hidden=true></button><a title="管控网格服务间的双向 TLS 和终端用户的身份认证。" href=/v1.9/zh/docs/tasks/security/authentication/>认证</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="通过一个简化的工作流和最小化配置实现双向 TLS。" href=/v1.9/zh/docs/tasks/security/authentication/auto-mtls/>自动双向 TLS</a></li><li role=none><a role=treeitem title="为您展示如何使用 Istio 认证策略设置双向 TLS 和基础终端用户认证。" href=/v1.9/zh/docs/tasks/security/authentication/authn-policy/>认证策略</a></li><li role=none><a role=treeitem title="展示如何在 HTTPS 服务上启用双向 TLS。" href=/v1.9/zh/docs/tasks/security/authentication/https-overlay/>通过 HTTPS 进行 TLS</a></li><li role=none><a role=treeitem title="阐述如何将 Istio 服务逐步迁移至双向 TLS 通信模式。" href=/v1.9/zh/docs/tasks/security/authentication/mtls-migration/>双向 TLS 迁移</a></li></ul></li><li role=treeitem aria-label="Citadel 配置"><button aria-hidden=true></button><a title="定制 Citadel 证书颁发机构。" href=/v1.9/zh/docs/tasks/security/citadel-config/>Citadel 配置</a><ul role=group aria-expanded=false class=leaf-section></ul></li><li role=treeitem aria-label=授权><button aria-hidden=true></button><a title="展示如何控制到 Istio 服务的访问。" href=/v1.9/zh/docs/tasks/security/authorization/>授权</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="展示如何设置基于角色的 HTTP 流量访问控制。" href=/v1.9/zh/docs/tasks/security/authorization/authz-http/>HTTP 流量授权</a></li><li role=none><a role=treeitem title="展示如何设置 TCP 流量的访问控制。" href=/v1.9/zh/docs/tasks/security/authorization/authz-tcp/>TCP 流量的授权</a></li><li role=none><a role=treeitem title="有关如何在 Istio 中通过 JWT 实现访问控制的教程。" href=/v1.9/zh/docs/tasks/security/authorization/authz-jwt/>基于 JWT 授权</a></li><li role=none><a role=treeitem title=阐述如何在不更改授权策略的前提下从一个信任域迁移到另一个。 href=/v1.9/zh/docs/tasks/security/authorization/authz-td-migration/>授权策略信任域迁移</a></li></ul></li><li role=none><a role=treeitem title="演示系统管理员如何使用现有的根证书、签名证书和密钥配置 Istio 的 CA。" href=/v1.9/zh/docs/tasks/security/plugin-ca-cert/>插入外部 CA 证书</a></li><li role=none><a role=treeitem title="展示如何准备和管理 Istio DNS 证书。" href=/v1.9/zh/docs/tasks/security/dns-cert/>Istio DNS 证书管理</a></li></ul></li><li role=treeitem aria-label=策略><button aria-hidden=true></button><a title=演示策略执行功能。 href=/v1.9/zh/docs/tasks/policy-enforcement/>策略</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="这个任务将告诉你如何开启 Istio 的策略检查功能。" href=/v1.9/zh/docs/tasks/policy-enforcement/enabling-policy/>启用策略检查功能</a></li><li role=none><a role=treeitem title="这部分内容将向您展示如何使用 Istio 去动态限制服务间的流量。" href=/v1.9/zh/docs/tasks/policy-enforcement/rate-limiting/>启用速率限制</a></li><li role=none><a role=treeitem title="描述如何使用简单的 denials 或黑白名单来控制对服务的访问。" href=/v1.9/zh/docs/tasks/policy-enforcement/denial-and-list/>Denials 和黑白名单</a></li><li role=none><a role=treeitem title=演示如何使用策略适配器修改请求头和路由。 href=/v1.9/zh/docs/tasks/policy-enforcement/control-headers/>请求头和路由控制</a></li></ul></li><li role=treeitem aria-label=可观察性><button aria-hidden=true></button><a title=演示如何从网格收集遥测信息。 href=/v1.9/zh/docs/tasks/observability/>可观察性</a><ul role=group aria-expanded=false><li role=treeitem aria-label=指标度量><button aria-hidden=true></button><a title="演示 Istio 网格指标度量的配置、收集和处理。" href=/v1.9/zh/docs/tasks/observability/metrics/>指标度量</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="此任务向您展示如何配置 Istio 以采集和自定义指标。" href=/v1.9/zh/docs/tasks/observability/metrics/collecting-metrics/>采集指标</a></li><li role=none><a role=treeitem title="本任务展示了如何配置 Istio 进行 TCP 服务的指标收集。" href=/v1.9/zh/docs/tasks/observability/metrics/tcp-metrics/>收集 TCP 服务指标</a></li><li role=none><a role=treeitem title="本任务介绍如何通过 Prometheus 查询 Istio 度量指标。" href=/v1.9/zh/docs/tasks/observability/metrics/querying-metrics/>通过 Prometheus 查询度量指标</a></li><li role=none><a role=treeitem title="此任务展示了如何设置和使用 Istio Dashboard 监控网格流量。" href=/v1.9/zh/docs/tasks/observability/metrics/using-istio-dashboard/>使用 Grafana 可视化指标</a></li></ul></li><li role=treeitem aria-label=日志><button aria-hidden=true></button><a title="演示 Istio 网格日志的配置、收集和处理。" href=/v1.9/zh/docs/tasks/observability/logs/>日志</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="本任务向您展示如何配置 Istio 来收集和定制日志。" href=/v1.9/zh/docs/tasks/observability/logs/collecting-logs/>收集日志</a></li><li role=none><a role=treeitem title="此任务向您展示如何配置 Envoy 代理将访问日志打印到其标准输出。" href=/v1.9/zh/docs/tasks/observability/logs/access-log/>获取 Envoy 访问日志</a></li><li role=none><a role=treeitem title="此任务向您展示如何配置 Istio 以连接到 Fluentd 守护程序进行日志收集。" href=/v1.9/zh/docs/tasks/observability/logs/fluentd/>使用 Fluentd 进行日志收集</a></li></ul></li><li role=treeitem aria-label=分布式追踪><button aria-hidden=true></button><a title="该任务展示了如何为启用了 Istio 支持的应用进行追踪。" href=/v1.9/zh/docs/tasks/observability/distributed-tracing/>分布式追踪</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Istio 分布式追踪的概述。" href=/v1.9/zh/docs/tasks/observability/distributed-tracing/overview/>概述</a></li><li role=none><a role=treeitem title="了解如何通过配置代理以将追踪请求发送到 Zipkin。" href=/v1.9/zh/docs/tasks/observability/distributed-tracing/zipkin/>Zipkin</a></li><li role=none><a role=treeitem title="了解如何配置代理以向 Jaeger 发送追踪请求。" href=/v1.9/zh/docs/tasks/observability/distributed-tracing/jaeger/>Jaeger</a></li><li role=none><a role=treeitem title="怎样配置代理才能把追踪请求发送到 LightStep。" href=/v1.9/zh/docs/tasks/observability/distributed-tracing/lightstep/>LightStep</a></li></ul></li><li role=none><a role=treeitem title="此任务向您展示如何在 Istio 网格中可视化服务。" href=/v1.9/zh/docs/tasks/observability/kiali/>网络可视化</a></li><li role=none><a role=treeitem title="此任务向您展示如何配置从外部访问 Istio 遥测插件。" href=/v1.9/zh/docs/tasks/observability/gateways/>远程访问遥测插件</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card115 title="这里包括多个可供 Istio 使用的可完整工作的示例，你可以用来亲自部署和体验这些示例。" aria-controls=card115-body><svg class="icon examples"><use xlink:href="/v1.9/img/icons.svg#examples"/></svg>示例</button><div class=body aria-labelledby=card115 role=region id=card115-body><ul role=tree aria-expanded=true aria-labelledby=card115><li role=none><a role=treeitem title="部署一个用于演示多种 Istio 特性的应用，由四个单独的微服务构成。" href=/v1.9/zh/docs/examples/bookinfo/>Bookinfo 应用</a></li><li role=treeitem aria-label=虚拟机><button aria-hidden=true></button><a title="将虚拟机中运行的工作负载添加到 Istio 网格的示例。" href=/v1.9/zh/docs/examples/virtual-machines/>虚拟机</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="学习如何新增一个服务，使其运行在单网络 Istio 网格的虚拟机上。" href=/v1.9/zh/docs/examples/virtual-machines/single-network/>单个网络网格中的虚拟机</a></li><li role=none><a role=treeitem title="学习怎样添加运行在虚拟机上的服务到您的多网络 Istio 网格中。" href=/v1.9/zh/docs/examples/virtual-machines/multi-network/>多网络网格中的虚拟机</a></li><li role=none><a role=treeitem title="使用在网格内的虚拟机上运行的 MySQL 服务运行 Bookinfo 应用程序。" href=/v1.9/zh/docs/examples/virtual-machines/bookinfo/>在虚拟机上部署 Bookinfo 应用程序</a></li></ul></li><li role=treeitem aria-label="使用 Kubernetes 和 Istio 学习微服务"><button aria-hidden=true></button><a title="该模块化教程为新用户提供了一步步将 Istio 应用于常见微服务场景的动手经验。" href=/v1.9/zh/docs/examples/microservices-istio/>使用 Kubernetes 和 Istio 学习微服务</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/prereq/>前提条件</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/setup-kubernetes-cluster/>设置 Kubernetes 集群</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/setup-local-computer/>设置本地计算机</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/single/>本地运行微服务</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/package-service/>在 Docker 中运行 ratings 服务</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/bookinfo-kubernetes/>使用 Kubernetes 运行 Bookinfo</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/examples/microservices-istio/production-testing/>生产测试</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card122 title="关于部署和管理 Istio 网格的概念、工具和技术。" aria-controls=card122-body><svg class="icon guide"><use xlink:href="/v1.9/img/icons.svg#guide"/></svg>运维</button><div class=body aria-labelledby=card122 role=region id=card122-body><ul role=tree aria-expanded=true aria-labelledby=card122><li role=treeitem aria-label=部署><button aria-hidden=true></button><a title="设置 Istio 部署的要求、概念和注意事项。" href=/v1.9/zh/docs/ops/deployment/>部署</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="描述 Istio 的整体架构与设计目标。" href=/v1.9/zh/docs/ops/deployment/architecture/>架构</a></li><li role=none><a role=treeitem title="描述 Istio 部署中的选择和建议。" href=/v1.9/zh/docs/ops/deployment/deployment-models/>部署模型</a></li><li role=none><a role=treeitem title="介绍 Istio 的性能和可扩展性。" href=/v1.9/zh/docs/ops/deployment/performance-and-scalability/>性能和可扩展性</a></li><li role=none><a role=treeitem title="在启用了 Istio 的集群中运行 Kubernetes 的 Pod 和 Service，您需要做些准备。" href=/v1.9/zh/docs/ops/deployment/requirements/>Pod 和 Service</a></li></ul></li><li role=treeitem aria-label=配置><button aria-hidden=true></button><a title="配置运行中的 Istio 网格的高级概念和功能。" href=/v1.9/zh/docs/ops/configuration/>配置</a><ul role=group aria-expanded=false><li role=treeitem aria-label=网格配置><button aria-hidden=true></button><a title=帮助您管理全局网格配置。 href=/v1.9/zh/docs/ops/configuration/mesh/>网格配置</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="简要描述 Istio 对 Kubernetes webhook 的使用以及可能出现的相关问题。" href=/v1.9/zh/docs/ops/configuration/mesh/webhook/>动态准入 Webhook 概述</a></li><li role=none><a role=treeitem title="介绍 Istio 是如何通过 Kubernetes 的 webhooks 机制来实现 Sidecar 自动注入。" href=/v1.9/zh/docs/ops/configuration/mesh/injection-concepts/>Sidecar 自动注入</a></li><li role=none><a role=treeitem title="描述 Citadel 如何确定是否创建服务账号 secret。" href=/v1.9/zh/docs/ops/configuration/mesh/secret-creation/>创建服务账号 Secret</a></li><li role=none><a role=treeitem title="为您展示如何对 Istio 服务做健康检查。" href=/v1.9/zh/docs/ops/configuration/mesh/app-health-check/>Istio 服务的健康检查</a></li></ul></li><li role=treeitem aria-label=流量管理><button aria-hidden=true></button><a title=帮助您管理正在运行的网格的网络方面。 href=/v1.9/zh/docs/ops/configuration/traffic-management/>流量管理</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title=关于怎么声明协议的信息。 href=/v1.9/zh/docs/ops/configuration/traffic-management/protocol-selection/>协议选择</a></li><li role=none><a role=treeitem title=有关如何启用和理解地域负载平衡。 href=/v1.9/zh/docs/ops/configuration/traffic-management/locality-load-balancing/>地域负载均衡</a></li></ul></li><li role=treeitem aria-label=安全><button aria-hidden=true></button><a title=帮助您管理正在运行的网格的安全性方面。 href=/v1.9/zh/docs/ops/configuration/security/>安全</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="使用加固的容器镜像来减小 Istio 的攻击面。" href=/v1.9/zh/docs/ops/configuration/security/harden-docker-images/>加固 Docker 容器镜像</a></li><li role=none><a role=treeitem title="学习如何延长 Istio 自签名根证书的寿命。" href=/v1.9/zh/docs/ops/configuration/security/root-transition/>延长自签名证书的寿命</a></li></ul></li><li role=treeitem aria-label=可观测性><button aria-hidden=true></button><a title=帮助您管理正在运行的网格中的遥测收集和可视化。 href=/v1.9/zh/docs/ops/configuration/telemetry/>可观测性</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="精细化控制 Envoy 的统计信息。" href=/v1.9/zh/docs/ops/configuration/telemetry/envoy-stats/>Envoy 的统计信息</a></li><li role=none><a role=treeitem title=怎样使用代理生成服务级别的指标。 href=/v1.9/zh/docs/ops/configuration/telemetry/in-proxy-service-telemetry/>不使用 Mixer 生成 Istio 指标 [Alpha]</a></li></ul></li></ul></li><li role=treeitem aria-label=最佳实践><button aria-hidden=true></button><a title="设置和管理 Istio 服务网格的最佳实践。" href=/v1.9/zh/docs/ops/best-practices/>最佳实践</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="设置 Istio 服务网格时的最佳实践。" href=/v1.9/zh/docs/ops/best-practices/deployment/>Deployment 最佳实践</a></li><li role=none><a role=treeitem title=避免网络或流量管理问题的配置最佳实践。 href=/v1.9/zh/docs/ops/best-practices/traffic-management/>流量管理最佳实践</a></li><li role=none><a role=treeitem title="使用 Istio 保护应用的最佳实践。" href=/v1.9/zh/docs/ops/best-practices/security/>安全最佳实践</a></li></ul></li><li role=treeitem aria-label=常见问题><button aria-hidden=true></button><a title="描述如何辨认和解决 Istio 中的常见问题。" href=/v1.9/zh/docs/ops/common-problems/>常见问题</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="定位常见的 Istio 流量管理和网络问题的技术。" href=/v1.9/zh/docs/ops/common-problems/network-issues/>流量管理问题</a></li><li role=none><a role=treeitem title="定位常见 Istio 认证、授权、安全相关问题的技巧。" href=/v1.9/zh/docs/ops/common-problems/security-issues/>安全问题</a></li><li role=none><a role=treeitem title="处理 Telemetry 收集问题。" href=/v1.9/zh/docs/ops/common-problems/observability-issues/>可观测性问题</a></li><li role=none><a role=treeitem title="解决 Istio 使用 Kubernetes Webhooks 进行 sidecar 自动注入的常见问题。" href=/v1.9/zh/docs/ops/common-problems/injection/>Sidecar 自动注入问题</a></li><li role=none><a role=treeitem title=如何解决配置验证的问题。 href=/v1.9/zh/docs/ops/common-problems/validation/>配置验证的问题</a></li></ul></li><li role=treeitem aria-label=诊断工具><button aria-hidden=true></button><a title="帮助解决 Istio 网格问题的工具和技术。" href=/v1.9/zh/docs/ops/diagnostic-tools/>诊断工具</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Istio 自带的一个可以为服务网格部署提供调试和诊断的补充工具。" href=/v1.9/zh/docs/ops/diagnostic-tools/istioctl/>使用 Istioctl 命令行工具</a></li><li role=none><a role=treeitem title="描述诊断与流量管理相关的 Envoy 配置问题的工具和技术。" href=/v1.9/zh/docs/ops/diagnostic-tools/proxy-cmd/>调试 Envoy 和 Pilot</a></li><li role=none><a role=treeitem title="向您展示如何使用 istioctl describe 来验证您的网格中的 pod 的配置。" href=/v1.9/zh/docs/ops/diagnostic-tools/istioctl-describe/>通过 Istioctl Describe 理解您的网格</a></li><li role=none><a role=treeitem title="演示如何使用 istioctl analyze 来识别配置中的潜在问题。" href=/v1.9/zh/docs/ops/diagnostic-tools/istioctl-analyze/>使用 Istioctl Analyze 诊断配置</a></li><li role=none><a role=treeitem title="介绍如何使用 ControlZ 深入了解各个运行组件。" href=/v1.9/zh/docs/ops/diagnostic-tools/controlz/>组件自检</a></li><li role=none><a role=treeitem title=如何使用组件的级别日志来记录正在运行中的组件的行为。 href=/v1.9/zh/docs/ops/diagnostic-tools/component-logging/>组件日志记录</a></li></ul></li><li role=treeitem aria-label=集成><button aria-hidden=true></button><a title="能够与 Istio 集成以提供额外功能的其他软件。" href=/v1.9/zh/docs/ops/integrations/>集成</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="关于如何与 cert-manager 集成的相关说明。" href=/v1.9/zh/docs/ops/integrations/certmanager/>cert-manager</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card159 title="参考部分包含详细的权威参考资料，如命令行选项、配置选项和 API 调用参数。" aria-controls=card159-body><svg class="icon reference"><use xlink:href="/v1.9/img/icons.svg#reference"/></svg>参考</button><div class="body default" aria-labelledby=card159 role=region id=card159-body><ul role=tree aria-expanded=true aria-labelledby=card159><li role=treeitem aria-label=配置><button class=show aria-hidden=true></button><a title=关于配置选项的详细信息。 href=/v1.9/zh/docs/reference/config/>配置</a><ul role=group aria-expanded=true><li role=none><a role=treeitem title="Configuration affecting the service mesh as a whole." href=/v1.9/zh/docs/reference/config/istio.mesh.v1alpha1/>Service Mesh</a></li><li role=none><a role=treeitem title="Configuration for Istio control plane installation through the Operator." href=/v1.9/zh/docs/reference/config/istio.operator.v1alpha12.pb/>Operator Installation</a></li><li role=none><a role=treeitem title="描述使用 Helm chart 安装 Istio 时的可选项。" href=/v1.9/zh/docs/reference/config/installation-options/>安装选项（Helm）</a></li><li role=none><a role=treeitem title="Configuration affecting Istio control plane installation version and shape." href=/v1.9/zh/docs/reference/config/istio.operator.v1alpha1/>IstioOperator Options</a></li><li role=none><a role=treeitem title="Resource annotations used by Istio." href=/v1.9/zh/docs/reference/config/annotations/>Resource Annotations</a></li><li role=treeitem aria-label=流量管理><button aria-hidden=true></button><a title="描述如何配置 HTTP/TCP 路由功能。" href=/v1.9/zh/docs/reference/config/networking/>流量管理</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration affecting load balancing, outlier detection, etc." href=/v1.9/zh/docs/reference/config/networking/destination-rule/>Destination Rule</a></li><li role=none><a role=treeitem title="Customizing Envoy configuration generated by Istio." href=/v1.9/zh/docs/reference/config/networking/envoy-filter/>Envoy Filter</a></li><li role=none><a role=treeitem title="Configuration affecting edge load balancer." href=/v1.9/zh/docs/reference/config/networking/gateway/>Gateway</a></li><li role=none><a role=treeitem title="Configuration affecting label/content routing, sni routing, etc." href=/v1.9/zh/docs/reference/config/networking/virtual-service/>Virtual Service</a></li><li role=none><a role=treeitem title="Configuration affecting network reachability of a sidecar." href=/v1.9/zh/docs/reference/config/networking/sidecar/>Sidecar</a></li><li role=none><a role=treeitem title="Configuration affecting service registry." href=/v1.9/zh/docs/reference/config/networking/service-entry/>Service Entry</a></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="如何配置 Istio 的安全功能。" href=/v1.9/zh/docs/reference/config/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration to validate JWT." href=/v1.9/zh/docs/reference/config/security/jwt/>JWTRule</a></li><li role=none><a role=treeitem title="Request authentication configuration for workloads." href=/v1.9/zh/docs/reference/config/security/request_authentication/>RequestAuthentication</a></li><li role=none><a role=treeitem title="Peer authentication configuration for workloads." href=/v1.9/zh/docs/reference/config/security/peer_authentication/>PeerAuthentication</a></li><li role=none><a role=treeitem title="Authentication policy for Istio services." href=/v1.9/zh/docs/reference/config/security/istio.authentication.v1alpha1/>Authentication Policy</a></li><li role=none><a role=treeitem title="Configuration for access control on workloads." href=/v1.9/zh/docs/reference/config/security/authorization-policy/>Authorization Policy</a></li><li role=none><a role=treeitem title=授权策略中支持的条件。 href=/v1.9/zh/docs/reference/config/security/conditions/>授权策略</a></li><li role=none><a role=treeitem title="Configuration for Role Based Access Control." href=/v1.9/zh/docs/reference/config/security/istio.rbac.v1alpha1/>RBAC (deprecated)</a></li><li role=none><a role=treeitem title=受支持的约束条件和属性。 href=/v1.9/zh/docs/reference/config/security/constraints-and-properties/>RBAC 约束和属性（不建议使用）</a></li></ul></li><li role=treeitem aria-label="Telemetry V2"><button aria-hidden=true></button><a title="介绍如何配置 Istio telemetry V2。" href=/v1.9/zh/docs/reference/config/telemetry/>Telemetry V2</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="通过 Istio 遥测导出的 Istio 标准指标。" href=/v1.9/zh/docs/reference/config/telemetry/metrics/>Istio 标准度量指标</a></li><li role=none><a role=treeitem title="如何配置 v2 指标（实验性）。" href=/v1.9/zh/docs/reference/config/telemetry/configurable_metrics/>可配置指标（实验性）</a></li><li role=none><a role=treeitem title="如何通过 Wasm 运行时启用 Telemetry V2（实验性）。" href=/v1.9/zh/docs/reference/config/telemetry/telemetry_v2_with_wasm/>使用 Wasm 运行时的 Telemetry V2（实验性）</a></li></ul></li><li role=treeitem aria-label=配置分析消息><button aria-hidden=true></button><a title=记录配置分析期间产生的各个错误和警告消息。 href=/v1.9/zh/docs/reference/config/analysis/>配置分析消息</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0123/>NamespaceMultipleInjectionLabels</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/message-format/>Analyzer Message Format</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0109/>ConflictingMeshGatewayVirtualServiceHosts</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0110/>ConflictingSidecarWorkloadSelectors</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0002/>Deprecated</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0104/>GatewayPortNotOnWorkload</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0001/>InternalError</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0122/>InvalidRegexp</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0105/>IstioProxyImageMismatch</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0119/>JwtFailureDueToInvalidServicePortPrefix</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0107/>MisplacedAnnotation</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0113/>MTLSPolicyConflict</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0111/>MultipleSidecarsWithoutWorkloadSelectors</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0112/>VirtualServiceDestinationPortSelectorRequired</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0108/>UnknownAnnotation</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0106/>SchemaValidationError</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0101/>ReferencedResourceNotFound</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0118/>PortNameIsNotUnderNamingConvention</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0103/>PodMissingProxy</a></li><li role=none><a role=treeitem href=/v1.9/zh/docs/reference/config/analysis/ist0102/>NamespaceNotInjected</a></li></ul></li><li role=treeitem aria-label="Mixer 策略和遥测"><button class=show aria-hidden=true></button><a title="描述如何配置 Mixer 的策略和遥测功能。" href=/v1.9/zh/docs/reference/config/policy-and-telemetry/>Mixer 策略和遥测</a><ul role=group aria-expanded=true><li role=none><a role=treeitem title="Configuration state for the Mixer client library." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/istio.mixer.v1.config.client/>Mixer Client</a></li><li role=none><span role=treeitem class=current title="Describes the rules used to configure Mixer's policy and telemetry features.">Rules</span></li><li role=none><a role=treeitem title="描述 Istio 策略执行和遥测机制的配置模型。" href=/v1.9/zh/docs/reference/config/policy-and-telemetry/mixer-overview/>Mixer 配置模型</a></li><li role=none><a role=treeitem title=描述用于策略和控制的基本属性词汇表。 href=/v1.9/zh/docs/reference/config/policy-and-telemetry/attribute-vocabulary/>属性词汇</a></li><li role=none><a role=treeitem title="Mixer 配置表达式语言手册。" href=/v1.9/zh/docs/reference/config/policy-and-telemetry/expression-language/>表达式语言</a></li><li role=treeitem aria-label=适配器><button aria-hidden=true></button><a title="Mixer 适配器能够让 Istio 连接各种基础设施后端以完成类似指标和日志这样的功能。" href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/>适配器</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Adapter to deliver metrics to Apache SkyWalking." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/apache-skywalking/>Apache SkyWalking</a></li><li role=none><a role=treeitem title="Adapter for Apigee's distributed policy checks and analytics." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/apigee/>Apigee</a></li><li role=none><a role=treeitem title="Adapter to enforce authentication and authorization policies for web apps and APIs." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/app-identity-access-adapter/>App Identity and Access</a></li><li role=none><a role=treeitem title="Adapter for circonus.com's monitoring solution." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/circonus/>Circonus</a></li><li role=none><a role=treeitem title="Adapter for cloudmonitor metrics." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/cloudmonitor/>CloudMonitor</a></li><li role=none><a role=treeitem title="Adapter for cloudwatch metrics." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/>CloudWatch</a></li><li role=none><a role=treeitem title="Adapter to deliver metrics to a dogstatsd agent for delivery to DataDog." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/datadog/>Datadog</a></li><li role=none><a role=treeitem title="Adapter to deliver tracing data to Zipkin." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/zipkin/>Zipkin</a></li><li role=none><a role=treeitem title="Adapter that always returns a precondition denial." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/denier/>Denier</a></li><li role=none><a role=treeitem title="Adapter that delivers logs to a Fluentd daemon." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/fluentd/>Fluentd</a></li><li role=none><a role=treeitem title="Adapter that extracts information from a Kubernetes environment." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/>Kubernetes Env</a></li><li role=none><a role=treeitem title="Adapter that performs whitelist or blacklist checks." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/list/>List</a></li><li role=none><a role=treeitem title="Adapter for a simple in-memory quota management system." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/memquota/>Memory quota</a></li><li role=none><a role=treeitem title="Adapter to deliver metrics to Wavefront by VMware." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/wavefront/>Wavefront by VMware</a></li><li role=none><a role=treeitem title="Adapter to locally output logs and metrics." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/stdio/>Stdio</a></li><li role=none><a role=treeitem title="Adapter to deliver metrics to a StatsD backend." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/statsd/>StatsD</a></li><li role=none><a role=treeitem title="Adapter to deliver logs, metrics, and traces to Stackdriver." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/stackdriver/>Stackdriver</a></li><li role=none><a role=treeitem title="Adapter to deliver logs and metrics to Papertrail and AppOptics backends." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/solarwinds/>SolarWinds</a></li><li role=none><a role=treeitem title="Adapter for a Redis-based quota management system." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/redisquota/>Redis Quota</a></li><li role=none><a role=treeitem title="Adapter that exposes Istio metrics for ingestion by a Prometheus harvester." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/prometheus/>Prometheus</a></li><li role=none><a role=treeitem title="Adapter that implements an Open Policy Agent engine." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/opa/>OPA</a></li><li role=none><a role=treeitem title="An Istio Mixer adapter to send telemetry data to New Relic." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/adapters/newrelic/>New Relic</a></li></ul></li><li role=none><a role=treeitem title="通过 Mixer 从 Istio 导出的默认监控指标。" href=/v1.9/zh/docs/reference/config/policy-and-telemetry/metrics/>默认监控指标</a></li><li role=treeitem aria-label=模板><button aria-hidden=true></button><a title="Mixer 模板用于将数据发送到各个适配器。" href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/>模板</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="The Analytics template is used to dispatch runtime telemetry to Apigee." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/analytics/>Analytics</a></li><li role=none><a role=treeitem title="A template that represents a single API key." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/apikey/>API Key</a></li><li role=none><a role=treeitem title="A template used to represent an access control query." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/authorization/>Authorization</a></li><li role=none><a role=treeitem title="A template that carries no data, useful for testing." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/checknothing/>Check Nothing</a></li><li role=none><a role=treeitem title="A template designed to report observed communication edges between workloads." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/edge/>Edge</a></li><li role=none><a role=treeitem title="A template that is used to control the production of Kubernetes-specific attributes." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/kubernetes/>Kubernetes</a></li><li role=none><a role=treeitem title="A template designed to let you perform list checking operations." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/listentry/>List Entry</a></li><li role=none><a role=treeitem title="A template that represents a single runtime log entry." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/logentry/>Log Entry</a></li><li role=none><a role=treeitem title="A template that represents a single runtime metric." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/metric/>Metric</a></li><li role=none><a role=treeitem title="A template that represents an individual span within a distributed trace." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/tracespan/>Trace Span</a></li><li role=none><a role=treeitem title="A template that carries no data, useful for testing." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/reportnothing/>Report Nothing</a></li><li role=none><a role=treeitem title="A template that represents a quota allocation request." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/templates/quota/>Quota</a></li></ul></li></ul></li></ul></li><li role=treeitem aria-label=命令><button aria-hidden=true></button><a title="描述 Istio 命令和工具的用法及选项。" href=/v1.9/zh/docs/reference/commands/>命令</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Galley provides configuration management services for Istio." href=/v1.9/zh/docs/reference/commands/galley/>galley</a></li><li role=none><a role=treeitem title="Istio Certificate Authority (CA)." href=/v1.9/zh/docs/reference/commands/istio_ca/>istio_ca</a></li><li role=none><a role=treeitem title="Istio control interface." href=/v1.9/zh/docs/reference/commands/istioctl/>istioctl</a></li><li role=none><a role=treeitem title="Mixer is Istio's abstraction on top of infrastructure backends." href=/v1.9/zh/docs/reference/commands/mixs/>mixs</a></li><li role=none><a role=treeitem title="Kubernetes webhook for automatic Istio sidecar injection." href=/v1.9/zh/docs/reference/commands/sidecar-injector/>sidecar-injector</a></li><li role=none><a role=treeitem title="Istio Pilot." href=/v1.9/zh/docs/reference/commands/pilot-discovery/>pilot-discovery</a></li><li role=none><a role=treeitem title="Istio Pilot agent." href=/v1.9/zh/docs/reference/commands/pilot-agent/>pilot-agent</a></li><li role=none><a role=treeitem title="The Istio operator." href=/v1.9/zh/docs/reference/commands/operator/>operator</a></li><li role=none><a role=treeitem title="Istio security per-node agent." href=/v1.9/zh/docs/reference/commands/node_agent/>node_agent</a></li></ul></li><li role=none><a role=treeitem title="Istio 常用术语的词汇表。" href=/v1.9/zh/docs/reference/glossary/>术语表</a></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title=折叠导航栏><svg class="icon pull"><use xlink:href="/v1.9/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.9/zh/ title=用于连接、保护、控制和观测服务。>Istio</a></li><li><a href=/v1.9/zh/docs/ title="了解如何部署、使用和运维 Istio。">文档</a></li><li><a href=/v1.9/zh/docs/reference/ title="参考部分包含详细的权威参考资料，如命令行选项、配置选项和 API 调用参数。">参考</a></li><li><a href=/v1.9/zh/docs/reference/config/ title=关于配置选项的详细信息。>配置</a></li><li><a href=/v1.9/zh/docs/reference/config/policy-and-telemetry/ title="描述如何配置 Mixer 的策略和遥测功能。">Mixer 策略和遥测</a></li><li>Rules</li></ol></nav><article aria-labelledby=title><div class=title-area><div style=width:100%><h1 id=title>Rules</h1><p class=byline><span title="3010 字"><svg class="icon clock"><use xlink:href="/v1.9/img/icons.svg#clock"/></svg><span>&nbsp;</span>阅读大约需要 15 分钟</span>
<span>&nbsp;</span>
<span></span></p></div></div><nav class=toc-inlined aria-label="Table of Contents"><div><hr><ol><li role=none aria-label=Action><a href=#Action>Action</a><li role=none aria-label=AttributeManifest><a href=#AttributeManifest>AttributeManifest</a><li role=none aria-label=AttributeManifest.AttributeInfo><a href=#AttributeManifest-AttributeInfo>AttributeManifest.AttributeInfo</a><ol><li role=none aria-label="Istio Attributes"><a href=#istio-attributes>Istio Attributes</a><li role=none aria-label=Design><a href=#design>Design</a><li role=none aria-label="HTTP Mapping"><a href=#http-mapping>HTTP Mapping</a></ol></li><li role=none aria-label=Authentication><a href=#Authentication>Authentication</a><li role=none aria-label=Connection><a href=#Connection>Connection</a><li role=none aria-label=DNSName><a href=#DNSName>DNSName</a><li role=none aria-label=DirectHttpResponse><a href=#DirectHttpResponse>DirectHttpResponse</a><li role=none aria-label=Duration><a href=#Duration>Duration</a><li role=none aria-label=EmailAddress><a href=#EmailAddress>EmailAddress</a><li role=none aria-label=FractionalPercent.DenominatorType><a href=#FractionalPercent-DenominatorType>FractionalPercent.DenominatorType</a><li role=none aria-label=Handler><a href=#Handler>Handler</a><li role=none aria-label=HttpStatusCode><a href=#HttpStatusCode>HttpStatusCode</a><li role=none aria-label=IPAddress><a href=#IPAddress>IPAddress</a><li role=none aria-label=Instance><a href=#Instance>Instance</a><li role=none aria-label=Mutual><a href=#Mutual>Mutual</a><li role=none aria-label=OAuth><a href=#OAuth>OAuth</a><li role=none aria-label=Rule><a href=#Rule>Rule</a><li role=none aria-label=Rule.HeaderOperationTemplate><a href=#Rule-HeaderOperationTemplate>Rule.HeaderOperationTemplate</a><li role=none aria-label=Rule.HeaderOperationTemplate.Operation><a href=#Rule-HeaderOperationTemplate-Operation>Rule.HeaderOperationTemplate.Operation</a><li role=none aria-label=StringMap><a href=#StringMap>StringMap</a><li role=none aria-label=TimeStamp><a href=#TimeStamp>TimeStamp</a><li role=none aria-label=Tls><a href=#Tls>Tls</a><li role=none aria-label=Tls.AuthHeader><a href=#Tls-AuthHeader>Tls.AuthHeader</a><li role=none aria-label=Uri><a href=#Uri>Uri</a><li role=none aria-label=Value><a href=#Value>Value</a><li role=none aria-label=ValueType><a href=#ValueType>ValueType</a></ol><hr></div></nav><p>Describes the rules used to configure Mixer&rsquo;s policy and telemetry features.</p><h2 id=Action>Action</h2><section><p>Action describes which <a href=#Handler>Handler</a> to invoke and what data to pass to it for processing.</p><p>The following example instructs Mixer to invoke &lsquo;prometheus-handler&rsquo; handler and pass it the object
constructed using the instance &lsquo;RequestCountByService&rsquo;.</p><pre><code class=language-yaml>  handler: prometheus-handler
  instances:
  - RequestCountByService
</code></pre><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Action-handler><td><code>handler</code></td><td><code>string</code></td><td><p>Fully qualified name of the handler to invoke.
Must match the <code>name</code> of a <a href=#Handler-name>Handler</a>.</p></td><td>Yes</td></tr><tr id=Action-instances><td><code>instances</code></td><td><code>string[]</code></td><td><p>Each value must match the fully qualified name of the
<a href=#Instance-name>Instance</a>s.
Referenced instances are evaluated by resolving the attributes/literals for all the fields.
The constructed objects are then passed to the <code>handler</code> referenced within this action.</p></td><td>Yes</td></tr><tr id=Action-name><td><code>name</code></td><td><code>string</code></td><td><p>A handle to refer to the results of the action.</p></td><td>No</td></tr></tbody></table></section><h2 id=AttributeManifest>AttributeManifest</h2><section><p>AttributeManifest describes a set of Attributes produced by some component
of an Istio deployment.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=AttributeManifest-revision><td><code>revision</code></td><td><code>string</code></td><td><p>The revision of this document. Assigned by server.</p></td><td>No</td></tr><tr id=AttributeManifest-name><td><code>name</code></td><td><code>string</code></td><td><p>Name of the component producing these attributes. This can be
the proxy (with the canonical name <code>istio-proxy</code>) or the name of an
<code>attributes</code> kind adapter in Mixer.</p></td><td>Yes</td></tr><tr id=AttributeManifest-attributes><td><code>attributes</code></td><td><code>map&lt;string,&nbsp;<a href=#AttributeManifest-AttributeInfo>AttributeInfo</a>></code></td><td><p>The set of attributes this Istio component will be responsible for producing at runtime.
We map from attribute name to the attribute&rsquo;s specification. The name of an attribute,
which is how attributes are referred to in aspect configuration, must conform to:</p><pre><code>Name = IDENT &lbrace; SEPARATOR IDENT };
</code></pre><p>Where <code>IDENT</code> must match the regular expression <code>*a-z*+</code> and <code>SEPARATOR</code> must
match the regular expression <code>[\.-]</code>.</p><p>Attribute names must be unique within a single Istio deployment. The set of canonical
attributes are described at <a href=/v1.9/zh/docs/reference/config/policy-and-telemetry/attribute-vocabulary/>here</a>.
Attributes not in that list should be named with a component-specific suffix such as
<code>request.count-my.component</code>.</p></td><td>No</td></tr></tbody></table></section><h2 id=AttributeManifest-AttributeInfo>AttributeManifest.AttributeInfo</h2><section><p>AttributeInfo describes the schema of an Istio <code>Attribute</code>.</p><h3 id=istio-attributes>Istio Attributes</h3><p>Istio uses <code>attributes</code> to describe runtime activities of Istio services.
An Istio attribute carries a specific piece of information about an activity,
such as the error code of an API request, the latency of an API request, or the
original IP address of a TCP connection. The attributes are often generated
and consumed by different services. For example, a frontend service can
generate an authenticated user attribute and pass it to a backend service for
access control purpose.</p><p>To simplify the system and improve developer experience, Istio uses
shared attribute definitions across all components. For example, the same
authenticated user attribute will be used for logging, monitoring, analytics,
billing, access control, auditing. Many Istio components provide their
functionality by collecting, generating, and operating on attributes.
For example, the proxy collects the error code attribute, and the logging
stores it into a log.</p><h3 id=design>Design</h3><p>Each Istio attribute must conform to an <code>AttributeInfo</code> in an
<code>AttributeManifest</code> in the current Istio deployment at runtime. An
<em><code>AttributeInfo</code></em> is used to define an attribute&rsquo;s
metadata: the type of its value and a detailed description that explains
the semantics of the attribute type. Each attribute&rsquo;s name is globally unique;
in other words an attribute name can only appear once across all manifests.</p><p>The runtime presentation of an attribute is intentionally left out of this
specification, because passing attribute using JSON, XML, or Protocol Buffers
does not change the semantics of the attribute. Different implementations
can choose different representations based on their needs.</p><h3 id=http-mapping>HTTP Mapping</h3><p>Because many systems already have REST APIs, it makes sense to define a
standard HTTP mapping for Istio attributes that are compatible with typical
REST APIs. The design is to map one attribute to one HTTP header, the
attribute name and value becomes the HTTP header name and value. The actual
encoding scheme will be decided later.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=AttributeManifest-AttributeInfo-description><td><code>description</code></td><td><code>string</code></td><td><p>A human-readable description of the attribute&rsquo;s purpose.</p></td><td>No</td></tr><tr id=AttributeManifest-AttributeInfo-value_type><td><code>valueType</code></td><td><code><a href=#ValueType>ValueType</a></code></td><td><p>The type of data carried by this attribute.</p></td><td>Yes</td></tr></tbody></table></section><h2 id=Authentication>Authentication</h2><section><p>Authentication allows the operator to specify the authentication of
connections to out-of-process infrastructure backend.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Authentication-tls class="oneof oneof-start"><td><code>tls</code></td><td><code><a href=#Tls>Tls (oneof)</a></code></td><td><p>Originate a TLS connection to the adapter and present an auth token
in each call for client authentication.</p></td><td>Yes</td></tr><tr id=Authentication-mutual class=oneof><td><code>mutual</code></td><td><code><a href=#Mutual>Mutual (oneof)</a></code></td><td><p>Secure connections to the adapter using mutual TLS by presenting
client certificates for authentication.</p></td><td>Yes</td></tr></tbody></table></section><h2 id=Connection>Connection</h2><section><p>Connection allows the operator to specify the endpoint for out-of-process infrastructure backend.
Connection is part of the handler custom resource and is specified alongside adapter specific configuration.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Connection-address><td><code>address</code></td><td><code>string</code></td><td><p>The address of the backend.</p></td><td>No</td></tr><tr id=Connection-timeout><td><code>timeout</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>Duration</a></code></td><td><p>Timeout for remote calls to the backend.</p></td><td>No</td></tr><tr id=Connection-authentication><td><code>authentication</code></td><td><code><a href=#Authentication>Authentication</a></code></td><td><p>Auth config for the connection to the backend. If omitted, plain text will
be used.</p></td><td>No</td></tr></tbody></table></section><h2 id=DNSName>DNSName</h2><section><p>An instance field of type DNSName denotes that the expression for the field must evaluate to
<a href=#ValueType-DNS_NAME>ValueType.DNS_NAME</a></p><p>Objects of type DNSName are also passed to the adapters during request-time for the instance fields of
type DNSName</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=DNSName-value><td><code>value</code></td><td><code>string</code></td><td><p>DNSName encoded as string.</p></td><td>No</td></tr></tbody></table></section><h2 id=DirectHttpResponse>DirectHttpResponse</h2><section><p>Direct HTTP response for a client-facing error message which can be attached
to an RPC error.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=DirectHttpResponse-code><td><code>code</code></td><td><code><a href=#HttpStatusCode>HttpStatusCode</a></code></td><td><p>HTTP status code. If not set, RPC error code is used.</p></td><td>No</td></tr><tr id=DirectHttpResponse-body><td><code>body</code></td><td><code>string</code></td><td><p>HTTP response body.</p></td><td>No</td></tr><tr id=DirectHttpResponse-headers><td><code>headers</code></td><td><code>map&lt;string,&nbsp;string></code></td><td><p>HTTP response headers.</p></td><td>No</td></tr></tbody></table></section><h2 id=Duration>Duration</h2><section><p>An instance field of type Duration denotes that the expression for the field must evaluate to
<a href=#ValueType-DURATION>ValueType.DURATION</a></p><p>Objects of type Duration are also passed to the adapters during request-time for the instance fields of
type Duration</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Duration-value><td><code>value</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration>Duration</a></code></td><td><p>Duration encoded as google.protobuf.Duration.</p></td><td>No</td></tr></tbody></table></section><h2 id=EmailAddress>EmailAddress</h2><section><p>DO NOT USE !! Under Development
An instance field of type EmailAddress denotes that the expression for the field must evaluate to
<a href=#ValueType-EMAIL_ADDRESS>ValueType.EMAIL_ADDRESS</a></p><p>Objects of type EmailAddress are also passed to the adapters during request-time for the instance fields of
type EmailAddress</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=EmailAddress-value><td><code>value</code></td><td><code>string</code></td><td><p>EmailAddress encoded as string.</p></td><td>No</td></tr></tbody></table></section><h2 id=FractionalPercent-DenominatorType>FractionalPercent.DenominatorType</h2><section><p>Fraction percentages support several fixed denominator values.</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=FractionalPercent-DenominatorType-HUNDRED><td><code>HUNDRED</code></td><td><p>100.</p><p><strong>Example</strong>: <sup>1</sup>&frasl;<sub>100</sub> = 1%.</p></td></tr><tr id=FractionalPercent-DenominatorType-TEN_THOUSAND><td><code>TEN_THOUSAND</code></td><td><p>10,000.</p><p><strong>Example</strong>: <sup>1</sup>&frasl;<sub>10000</sub> = 0.01%.</p></td></tr></tbody></table></section><h2 id=Handler>Handler</h2><section><p>Handler allows the operator to configure a specific adapter implementation.
Each adapter implementation defines its own <code>params</code> proto.</p><p>In the following example we define a <code>metrics</code> handler for the <code>prometheus</code> adapter.
The example is in the form of a Kubernetes resource:
* The <code>metadata.name</code> is the name of the handler
* The <code>kind</code> refers to the adapter name
* The <code>spec</code> block represents adapter-specific configuration as well as the connection information</p><pre><code class=language-yaml>### Sample-1: No connection specified (for compiled in adapters)
### Note: if connection information is not specified, the adapter configuration is directly inside
### `spec` block. This is going to be DEPRECATED in favor of Sample-2
apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: handler
metadata:
  name: requestcount
  namespace: istio-system
spec:
  compiledAdapter: prometheus
  params:
    metrics:
    - name: request_count
      instance_name: requestcount.metric.istio-system
      kind: COUNTER
      label_names:
      - source_service
      - source_version
      - destination_service
      - destination_version
---
### Sample-2: With connection information (for out-of-process adapters)
### Note: Unlike sample-1, the adapter configuration is parallel to `connection` and is nested inside `param` block.
apiVersion: &quot;config.istio.io/v1alpha2&quot;
kind: handler
metadata:
  name: requestcount
  namespace: istio-system
spec:
  compiledAdapter: prometheus
  params:
    param:
      metrics:
      - name: request_count
        instance_name: requestcount.metric.istio-system
        kind: COUNTER
        label_names:
        - source_service
        - source_version
        - destination_service
        - destination_version
    connection:
      address: localhost:8090
---
</code></pre><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Handler-name><td><code>name</code></td><td><code>string</code></td><td><p>Must be unique in the entire Mixer configuration. Used by <a href=#Action-handler>Actions</a>
to refer to this handler.</p></td><td>Yes</td></tr><tr id=Handler-compiled_adapter><td><code>compiledAdapter</code></td><td><code>string</code></td><td><p>The name of the compiled in adapter this handler instantiates. For referencing non compiled-in
adapters, use the <code>adapter</code> field instead.</p><p>The value must match the name of the available adapter Mixer is built with. An adapter&rsquo;s name is typically a
constant in its code.</p></td><td>Yes</td></tr><tr id=Handler-adapter><td><code>adapter</code></td><td><code>string</code></td><td><p>The name of a specific adapter implementation. For referencing compiled-in
adapters, use the <code>compiled_adapter</code> field instead.</p><p>An adapter&rsquo;s implementation name is typically a constant in its code.</p></td><td>No</td></tr><tr id=Handler-params><td><code>params</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct>Struct</a></code></td><td><p>Depends on adapter implementation. Struct representation of a
proto defined by the adapter implementation; this varies depending on the value of field <code>adapter</code>.</p></td><td>No</td></tr><tr id=Handler-connection><td><code>connection</code></td><td><code><a href=#Connection>Connection</a></code></td><td><p>Information on how to connect to the out-of-process adapter.
This is used if the adapter is not compiled into Mixer binary and is running as a separate process.</p></td><td>No</td></tr></tbody></table></section><h2 id=HttpStatusCode>HttpStatusCode</h2><section><p>HTTP response codes.
For more details: http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=HttpStatusCode-Empty><td><code>Empty</code></td><td><p>Empty - This code not part of the HTTP status code specification, but it is needed for proto
<code>enum</code> type.</p></td></tr><tr id=HttpStatusCode-Continue><td><code>Continue</code></td><td></td></tr><tr id=HttpStatusCode-OK><td><code>OK</code></td><td></td></tr><tr id=HttpStatusCode-Created><td><code>Created</code></td><td></td></tr><tr id=HttpStatusCode-Accepted><td><code>Accepted</code></td><td></td></tr><tr id=HttpStatusCode-NonAuthoritativeInformation><td><code>NonAuthoritativeInformation</code></td><td></td></tr><tr id=HttpStatusCode-NoContent><td><code>NoContent</code></td><td></td></tr><tr id=HttpStatusCode-ResetContent><td><code>ResetContent</code></td><td></td></tr><tr id=HttpStatusCode-PartialContent><td><code>PartialContent</code></td><td></td></tr><tr id=HttpStatusCode-MultiStatus><td><code>MultiStatus</code></td><td></td></tr><tr id=HttpStatusCode-AlreadyReported><td><code>AlreadyReported</code></td><td></td></tr><tr id=HttpStatusCode-IMUsed><td><code>IMUsed</code></td><td></td></tr><tr id=HttpStatusCode-MultipleChoices><td><code>MultipleChoices</code></td><td></td></tr><tr id=HttpStatusCode-MovedPermanently><td><code>MovedPermanently</code></td><td></td></tr><tr id=HttpStatusCode-Found><td><code>Found</code></td><td></td></tr><tr id=HttpStatusCode-SeeOther><td><code>SeeOther</code></td><td></td></tr><tr id=HttpStatusCode-NotModified><td><code>NotModified</code></td><td></td></tr><tr id=HttpStatusCode-UseProxy><td><code>UseProxy</code></td><td></td></tr><tr id=HttpStatusCode-TemporaryRedirect><td><code>TemporaryRedirect</code></td><td></td></tr><tr id=HttpStatusCode-PermanentRedirect><td><code>PermanentRedirect</code></td><td></td></tr><tr id=HttpStatusCode-BadRequest><td><code>BadRequest</code></td><td></td></tr><tr id=HttpStatusCode-Unauthorized><td><code>Unauthorized</code></td><td></td></tr><tr id=HttpStatusCode-PaymentRequired><td><code>PaymentRequired</code></td><td></td></tr><tr id=HttpStatusCode-Forbidden><td><code>Forbidden</code></td><td></td></tr><tr id=HttpStatusCode-NotFound><td><code>NotFound</code></td><td></td></tr><tr id=HttpStatusCode-MethodNotAllowed><td><code>MethodNotAllowed</code></td><td></td></tr><tr id=HttpStatusCode-NotAcceptable><td><code>NotAcceptable</code></td><td></td></tr><tr id=HttpStatusCode-ProxyAuthenticationRequired><td><code>ProxyAuthenticationRequired</code></td><td></td></tr><tr id=HttpStatusCode-RequestTimeout><td><code>RequestTimeout</code></td><td></td></tr><tr id=HttpStatusCode-Conflict><td><code>Conflict</code></td><td></td></tr><tr id=HttpStatusCode-Gone><td><code>Gone</code></td><td></td></tr><tr id=HttpStatusCode-LengthRequired><td><code>LengthRequired</code></td><td></td></tr><tr id=HttpStatusCode-PreconditionFailed><td><code>PreconditionFailed</code></td><td></td></tr><tr id=HttpStatusCode-PayloadTooLarge><td><code>PayloadTooLarge</code></td><td></td></tr><tr id=HttpStatusCode-URITooLong><td><code>URITooLong</code></td><td></td></tr><tr id=HttpStatusCode-UnsupportedMediaType><td><code>UnsupportedMediaType</code></td><td></td></tr><tr id=HttpStatusCode-RangeNotSatisfiable><td><code>RangeNotSatisfiable</code></td><td></td></tr><tr id=HttpStatusCode-ExpectationFailed><td><code>ExpectationFailed</code></td><td></td></tr><tr id=HttpStatusCode-MisdirectedRequest><td><code>MisdirectedRequest</code></td><td></td></tr><tr id=HttpStatusCode-UnprocessableEntity><td><code>UnprocessableEntity</code></td><td></td></tr><tr id=HttpStatusCode-Locked><td><code>Locked</code></td><td></td></tr><tr id=HttpStatusCode-FailedDependency><td><code>FailedDependency</code></td><td></td></tr><tr id=HttpStatusCode-UpgradeRequired><td><code>UpgradeRequired</code></td><td></td></tr><tr id=HttpStatusCode-PreconditionRequired><td><code>PreconditionRequired</code></td><td></td></tr><tr id=HttpStatusCode-TooManyRequests><td><code>TooManyRequests</code></td><td></td></tr><tr id=HttpStatusCode-RequestHeaderFieldsTooLarge><td><code>RequestHeaderFieldsTooLarge</code></td><td></td></tr><tr id=HttpStatusCode-InternalServerError><td><code>InternalServerError</code></td><td></td></tr><tr id=HttpStatusCode-NotImplemented><td><code>NotImplemented</code></td><td></td></tr><tr id=HttpStatusCode-BadGateway><td><code>BadGateway</code></td><td></td></tr><tr id=HttpStatusCode-ServiceUnavailable><td><code>ServiceUnavailable</code></td><td></td></tr><tr id=HttpStatusCode-GatewayTimeout><td><code>GatewayTimeout</code></td><td></td></tr><tr id=HttpStatusCode-HTTPVersionNotSupported><td><code>HTTPVersionNotSupported</code></td><td></td></tr><tr id=HttpStatusCode-VariantAlsoNegotiates><td><code>VariantAlsoNegotiates</code></td><td></td></tr><tr id=HttpStatusCode-InsufficientStorage><td><code>InsufficientStorage</code></td><td></td></tr><tr id=HttpStatusCode-LoopDetected><td><code>LoopDetected</code></td><td></td></tr><tr id=HttpStatusCode-NotExtended><td><code>NotExtended</code></td><td></td></tr><tr id=HttpStatusCode-NetworkAuthenticationRequired><td><code>NetworkAuthenticationRequired</code></td><td></td></tr></tbody></table></section><h2 id=IPAddress>IPAddress</h2><section><p>An instance field of type IPAddress denotes that the expression for the field must evaluate to
<a href=#ValueType-IP_ADDRESS>ValueType.IP_ADDRESS</a></p><p>Objects of type IPAddress are also passed to the adapters during request-time for the instance fields of
type IPAddress</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=IPAddress-value><td><code>value</code></td><td><code>bytes</code></td><td><p>IPAddress encoded as bytes.</p></td><td>No</td></tr></tbody></table></section><h2 id=Instance>Instance</h2><section><p>An Instance tells Mixer how to create instances for particular template.</p><p>Instance is defined by the operator. Instance is defined relative to a known
template. Their purpose is to tell Mixer how to use attributes or literals to produce
instances of the specified template at runtime.</p><p>The following example instructs Mixer to construct an instance associated with template
&lsquo;istio.mixer.adapter.metric.Metric&rsquo;. It provides a mapping from the template&rsquo;s fields to expressions.
Instances produced with this instance can be referenced by <a href=#Action>Actions</a> using name
&lsquo;RequestCountByService&rsquo;</p><pre><code class=language-yaml>- name: RequestCountByService
  template: istio.mixer.adapter.metric.Metric
  params:
    value: 1
    dimensions:
      source: source.name
      destination_ip: destination.ip
</code></pre><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Instance-name><td><code>name</code></td><td><code>string</code></td><td><p>The name of this instance</p><p>Must be unique amongst other Instances in scope. Used by <a href=#Action>Action</a> to refer
to an instance produced by this instance.</p></td><td>Yes</td></tr><tr id=Instance-compiled_template><td><code>compiledTemplate</code></td><td><code>string</code></td><td><p>The name of the compiled in template this instance creates instances for. For referencing non compiled-in
templates, use the <code>template</code> field instead.</p><p>The value must match the name of the available template Mixer is built with.</p></td><td>Yes</td></tr><tr id=Instance-template><td><code>template</code></td><td><code>string</code></td><td><p>The name of the template this instance creates instances for. For referencing compiled-in
templates, use the <code>compiled_template</code> field instead.</p><p>The value must match the name of the available template in scope.</p></td><td>No</td></tr><tr id=Instance-params><td><code>params</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#struct>Struct</a></code></td><td><p>Depends on referenced template. Struct representation of a
proto defined by the template; this varies depending on the value of field <code>template</code>.</p></td><td>Yes</td></tr><tr id=Instance-attribute_bindings><td><code>attributeBindings</code></td><td><code>map&lt;string,&nbsp;string></code></td><td><p>Defines attribute bindings to map the output of attribute-producing adapters back into
the attribute space. The variable <code>output</code> refers to the output template instance produced
by the adapter.
The following example derives <code>source.namespace</code> from <code>source.uid</code> in the context of Kubernetes:</p><pre><code class=language-yaml>params:
  # Pass the required attribute data to the adapter
  source_uid: source.uid | &quot;&quot;
attribute_bindings:
  # Fill the new attributes from the adapter produced output
  source.namespace: output.source_namespace
</code></pre></td><td>No</td></tr></tbody></table></section><h2 id=Mutual>Mutual</h2><section><p>Mutual let operator specify TLS configuration for Mixer as client if mutual TLS is used to
secure connection to adapter backend.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Mutual-private_key><td><code>privateKey</code></td><td><code>string</code></td><td><p>The path to the file holding the private key for mutual TLS. If omitted, the
default Mixer private key will be used.</p></td><td>No</td></tr><tr id=Mutual-client_certificate><td><code>clientCertificate</code></td><td><code>string</code></td><td><p>The path to the file holding client certificate for mutual TLS. If omitted, the
default Mixer certificates will be used.</p></td><td>No</td></tr><tr id=Mutual-ca_certificates><td><code>caCertificates</code></td><td><code>string</code></td><td><p>The path to the file holding additional CA certificates that are needed to
verify the presented adapter certificates. By default Mixer should already
include Istio CA certificates and system certificates in cert pool.</p></td><td>No</td></tr><tr id=Mutual-server_name><td><code>serverName</code></td><td><code>string</code></td><td><p>Used to configure mixer mutual TLS client to supply server name for SNI.
It is not used to verify the hostname of the peer certificate, since
Istio verifies whitelisted SAN fields in mutual TLS.</p></td><td>No</td></tr></tbody></table></section><h2 id=OAuth>OAuth</h2><section><p>OAuth let operator specify config to fetch access token via oauth when using
TLS for connection to the backend.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=OAuth-client_id><td><code>clientId</code></td><td><code>string</code></td><td><p>OAuth client id for mixer.</p></td><td>Yes</td></tr><tr id=OAuth-client_secret><td><code>clientSecret</code></td><td><code>string</code></td><td><p>The path to the file holding the client secret for oauth.</p></td><td>Yes</td></tr><tr id=OAuth-token_url><td><code>tokenUrl</code></td><td><code>string</code></td><td><p>The Resource server&rsquo;s token endpoint URL.</p></td><td>Yes</td></tr><tr id=OAuth-scopes><td><code>scopes</code></td><td><code>string[]</code></td><td><p>List of requested permissions.</p></td><td>No</td></tr><tr id=OAuth-endpoint_params><td><code>endpointParams</code></td><td><code>map&lt;string,&nbsp;string></code></td><td><p>Additional parameters for requests to the token endpoint.</p></td><td>No</td></tr></tbody></table></section><h2 id=Rule>Rule</h2><section><p>A Rule is a selector and a set of intentions to be executed when the
selector is <code>true</code></p><p>The following example instructs Mixer to invoke <code>prometheus-handler</code> handler for all services and pass it the
instance constructed using the &lsquo;RequestCountByService&rsquo; instance.</p><pre><code class=language-yaml>- match: match(destination.service.host, &quot;*&quot;)
  actions:
  - handler: prometheus-handler
    instances:
    - RequestCountByService
</code></pre><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Rule-match><td><code>match</code></td><td><code>string</code></td><td><p>Match is an attribute based predicate. When Mixer receives a
request it evaluates the match expression and executes all the associated <code>actions</code>
if the match evaluates to true.</p><p>A few example match:</p><ul><li>an empty match evaluates to <code>true</code></li><li><code>true</code>, a boolean literal; a rule with this match will always be executed</li><li><code>match(destination.service.host, "ratings.*")</code> selects any request targeting a service whose
name starts with &ldquo;ratings&rdquo;</li><li><code>attr1 == "20" && attr2 == "30"</code> logical AND, OR, and NOT are also available</li></ul></td><td>No</td></tr><tr id=Rule-actions><td><code>actions</code></td><td><code><a href=#Action>Action[]</a></code></td><td><p>The actions that will be executed when match evaluates to <code>true</code>.</p></td><td>No</td></tr><tr id=Rule-request_header_operations><td><code>requestHeaderOperations</code></td><td><code><a href=#Rule-HeaderOperationTemplate>HeaderOperationTemplate[]</a></code></td><td><p>Templatized operations on the request headers using values produced by the
rule actions. Require the check action result to be OK.</p></td><td>No</td></tr><tr id=Rule-response_header_operations><td><code>responseHeaderOperations</code></td><td><code><a href=#Rule-HeaderOperationTemplate>HeaderOperationTemplate[]</a></code></td><td><p>Templatized operations on the response headers using values produced by the
rule actions. Require the check action result to be OK.</p></td><td>No</td></tr></tbody></table></section><h2 id=Rule-HeaderOperationTemplate>Rule.HeaderOperationTemplate</h2><section><p>A template for an HTTP header manipulation. Values in the template are expressions
that may reference action outputs by name. For example, if an action <code>x</code> produces an output
with a field <code>f</code>, then the header value expressions may use attribute <code>x.output.f</code> to reference
the field value:</p><pre><code class=language-yaml>request_header_operations:
- name: x-istio-header
  values:
  - x.output.f
</code></pre><p>If the header value expression evaluates to an empty string, and the operation is to either replace
or append a header, then the operation is not applied. This permits conditional behavior on behalf of the
adapter to optionally modify the headers.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Rule-HeaderOperationTemplate-name><td><code>name</code></td><td><code>string</code></td><td><p>Header name literal value.</p></td><td>Yes</td></tr><tr id=Rule-HeaderOperationTemplate-values><td><code>values</code></td><td><code>string[]</code></td><td><p>Header value expressions.</p></td><td>No</td></tr><tr id=Rule-HeaderOperationTemplate-operation><td><code>operation</code></td><td><code><a href=#Rule-HeaderOperationTemplate-Operation>Operation</a></code></td><td><p>Header operation type. Default operation is to replace the value of the header by name.</p></td><td>No</td></tr></tbody></table></section><h2 id=Rule-HeaderOperationTemplate-Operation>Rule.HeaderOperationTemplate.Operation</h2><section><p>Header operation type.</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=Rule-HeaderOperationTemplate-Operation-REPLACE><td><code>REPLACE</code></td><td><p>Replace a header by name.</p></td></tr><tr id=Rule-HeaderOperationTemplate-Operation-REMOVE><td><code>REMOVE</code></td><td><p>Remove a header by name. Values are ignored.</p></td></tr><tr id=Rule-HeaderOperationTemplate-Operation-APPEND><td><code>APPEND</code></td><td><p>Append values to the existing header values.</p></td></tr></tbody></table></section><h2 id=StringMap>StringMap</h2><section><p>An instance field of type StringMap denotes that the expression for the field must evaluate to
<a href=#ValueType-STRING_MAP>ValueType.STRING_MAP</a></p><p>Objects of type StringMap are also passed to the adapters during request-time for the instance fields of
type StringMap</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=StringMap-value><td><code>value</code></td><td><code>map&lt;string,&nbsp;string></code></td><td><p>StringMap encoded as a map of strings</p></td><td>No</td></tr></tbody></table></section><h2 id=TimeStamp>TimeStamp</h2><section><p>An instance field of type TimeStamp denotes that the expression for the field must evaluate to
<a href=#ValueType-TIMESTAMP>ValueType.TIMESTAMP</a></p><p>Objects of type TimeStamp are also passed to the adapters during request-time for the instance fields of
type TimeStamp</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=TimeStamp-value><td><code>value</code></td><td><code><a href=https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp>Timestamp</a></code></td><td><p>TimeStamp encoded as google.protobuf.Timestamp.</p></td><td>No</td></tr></tbody></table></section><h2 id=Tls>Tls</h2><section><p>Tls let operator specify client authentication setting when TLS is used for
connection to the backend.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Tls-ca_certificates><td><code>caCertificates</code></td><td><code>string</code></td><td><p>The path to the file holding additional CA certificates to well known
public certs.</p></td><td>No</td></tr><tr id=Tls-token_path class="oneof oneof-start"><td><code>tokenPath</code></td><td><code>string (oneof)</code></td><td><p>The path to the file holding the auth token (password, jwt token, api
key, etc).</p></td><td>Yes</td></tr><tr id=Tls-oauth class=oneof><td><code>oauth</code></td><td><code><a href=#OAuth>OAuth (oneof)</a></code></td><td><p>Oauth config to fetch access token from auth provider.</p></td><td>Yes</td></tr><tr id=Tls-auth_header class="oneof oneof-start"><td><code>authHeader</code></td><td><code><a href=#Tls-AuthHeader>AuthHeader (oneof)</a></code></td><td><p>Access token is passed as authorization header.</p></td><td>Yes</td></tr><tr id=Tls-custom_header class=oneof><td><code>customHeader</code></td><td><code>string (oneof)</code></td><td><p>Customized header key to hold access token, e.g. x-api-key. Token will be
passed as what it is.</p></td><td>Yes</td></tr><tr id=Tls-server_name><td><code>serverName</code></td><td><code>string</code></td><td><p>Used to configure mixer TLS client to verify the hostname on the returned
certificates. It is also included in the client&rsquo;s handshake to support SNI.</p></td><td>No</td></tr></tbody></table></section><h2 id=Tls-AuthHeader>Tls.AuthHeader</h2><section><p>AuthHeader specifies how to pass access token with authorization header.</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=Tls-AuthHeader-PLAIN><td><code>PLAIN</code></td><td><p>Access token is passed in authorization header as what it is
(authorization: some-token).</p></td></tr><tr id=Tls-AuthHeader-BEARER><td><code>BEARER</code></td><td><p>Access token is passed to adapter as bearer token (i.e. authorization:
bearer some-token).</p></td></tr></tbody></table></section><h2 id=Uri>Uri</h2><section><p>DO NOT USE !! Under Development
An instance field of type Uri denotes that the expression for the field must evaluate to
<a href=#ValueType-URI>ValueType.URI</a></p><p>Objects of type Uri are also passed to the adapters during request-time for the instance fields of
type Uri</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Uri-value><td><code>value</code></td><td><code>string</code></td><td><p>Uri encoded as string.</p></td><td>No</td></tr></tbody></table></section><h2 id=Value>Value</h2><section><p>An instance field of type Value denotes that the expression for the field is of dynamic type and can evaluate to any
<a href=#ValueType>ValueType</a> enum values. For example, when
authoring an instance configuration for a template that has a field <code>data</code> of type <code>istio.policy.v1beta1.Value</code>,
both of the following expressions are valid <code>data: source.ip | ip("0.0.0.0")</code>, <code>data: request.id | ""</code>;
the resulting type is either ValueType.IP_ADDRESS or ValueType.STRING for the two cases respectively.</p><p>Objects of type Value are also passed to the adapters during request-time. There is a 1:1 mapping between
oneof fields in <code>Value</code> and enum values inside <code>ValueType</code>. Depending on the expression&rsquo;s evaluated <code>ValueType</code>,
the equivalent oneof field in <code>Value</code> is populated by Mixer and passed to the adapters.</p><table class=message-fields><thead><tr><th>Field</th><th>Type</th><th>Description</th><th>Required</th></tr></thead><tbody><tr id=Value-string_value class="oneof oneof-start"><td><code>stringValue</code></td><td><code>string (oneof)</code></td><td><p>Used for values of type STRING</p></td><td>Yes</td></tr><tr id=Value-int64_value class=oneof><td><code>int64Value</code></td><td><code>int64 (oneof)</code></td><td><p>Used for values of type INT64</p></td><td>Yes</td></tr><tr id=Value-double_value class=oneof><td><code>doubleValue</code></td><td><code>double (oneof)</code></td><td><p>Used for values of type DOUBLE</p></td><td>Yes</td></tr><tr id=Value-bool_value class=oneof><td><code>boolValue</code></td><td><code>bool (oneof)</code></td><td><p>Used for values of type BOOL</p></td><td>Yes</td></tr><tr id=Value-ip_address_value class=oneof><td><code>ipAddressValue</code></td><td><code><a href=#IPAddress>IPAddress (oneof)</a></code></td><td><p>Used for values of type IPAddress</p></td><td>Yes</td></tr><tr id=Value-timestamp_value class=oneof><td><code>timestampValue</code></td><td><code><a href=#TimeStamp>TimeStamp (oneof)</a></code></td><td><p>Used for values of type TIMESTAMP</p></td><td>Yes</td></tr><tr id=Value-duration_value class=oneof><td><code>durationValue</code></td><td><code><a href=#Duration>Duration (oneof)</a></code></td><td><p>Used for values of type DURATION</p></td><td>Yes</td></tr><tr id=Value-email_address_value class=oneof><td><code>emailAddressValue</code></td><td><code><a href=#EmailAddress>EmailAddress (oneof)</a></code></td><td><p>Used for values of type EmailAddress</p></td><td>Yes</td></tr><tr id=Value-dns_name_value class=oneof><td><code>dnsNameValue</code></td><td><code><a href=#DNSName>DNSName (oneof)</a></code></td><td><p>Used for values of type DNSName</p></td><td>Yes</td></tr><tr id=Value-uri_value class=oneof><td><code>uriValue</code></td><td><code><a href=#Uri>Uri (oneof)</a></code></td><td><p>Used for values of type Uri</p></td><td>Yes</td></tr><tr id=Value-string_map_value class=oneof><td><code>stringMapValue</code></td><td><code><a href=#StringMap>StringMap (oneof)</a></code></td><td><p>Used for values of type STRING_MAP</p></td><td>Yes</td></tr></tbody></table></section><h2 id=ValueType>ValueType</h2><section><p>ValueType describes the types that values in the Istio system can take. These
are used to describe the type of Attributes at run time, describe the type of
the result of evaluating an expression, and to describe the runtime type of
fields of other descriptors.</p><table class=enum-values><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody><tr id=ValueType-VALUE_TYPE_UNSPECIFIED><td><code>VALUE_TYPE_UNSPECIFIED</code></td><td><p>Invalid, default value.</p></td></tr><tr id=ValueType-STRING><td><code>STRING</code></td><td><p>An undiscriminated variable-length string.</p></td></tr><tr id=ValueType-INT64><td><code>INT64</code></td><td><p>An undiscriminated 64-bit signed integer.</p></td></tr><tr id=ValueType-DOUBLE><td><code>DOUBLE</code></td><td><p>An undiscriminated 64-bit floating-point value.</p></td></tr><tr id=ValueType-BOOL><td><code>BOOL</code></td><td><p>An undiscriminated boolean value.</p></td></tr><tr id=ValueType-TIMESTAMP><td><code>TIMESTAMP</code></td><td><p>A point in time.</p></td></tr><tr id=ValueType-IP_ADDRESS><td><code>IP_ADDRESS</code></td><td><p>An IP address.</p></td></tr><tr id=ValueType-EMAIL_ADDRESS><td><code>EMAIL_ADDRESS</code></td><td><p>An email address.</p></td></tr><tr id=ValueType-URI><td><code>URI</code></td><td><p>A URI.</p></td></tr><tr id=ValueType-DNS_NAME><td><code>DNS_NAME</code></td><td><p>A DNS name.</p></td></tr><tr id=ValueType-DURATION><td><code>DURATION</code></td><td><p>A span between two points in time.</p></td></tr><tr id=ValueType-STRING_MAP><td><code>STRING_MAP</code></td><td><p>A map string -> string, typically used by headers.</p></td></tr></tbody></table></section></article><nav class=pagenav><div class=left><a title="Configuration state for the Mixer client library." href=/v1.9/zh/docs/reference/config/policy-and-telemetry/istio.mixer.v1.config.client/><svg class="icon left-arrow"><use xlink:href="/v1.9/img/icons.svg#left-arrow"/></svg>Mixer Client</a></div><div class=right></div></nav><div id=feedback><div id=feedback-initial>这些信息有用吗？<br><button class="btn feedback" onclick="sendFeedback('zh',1)">是的</button>
<button class="btn feedback" onclick="sendFeedback('zh',0)">没有</button></div><div id=feedback-comment>Do you have any suggestions for improvement?<br><br><input id=feedback-textbox type=text placeholder="Help us improve..." data-lang=zh></div><div id=feedback-thankyou>Thanks for your feedback!</div></div><div id=endnotes-container aria-hidden=true><h2>链接</h2><ol id=endnotes></ol></div></div><div class=toc-container><nav class=toc aria-label="Table of Contents"><div id=toc><ol><li role=none aria-label=Action><a href=#Action>Action</a><li role=none aria-label=AttributeManifest><a href=#AttributeManifest>AttributeManifest</a><li role=none aria-label=AttributeManifest.AttributeInfo><a href=#AttributeManifest-AttributeInfo>AttributeManifest.AttributeInfo</a><ol><li role=none aria-label="Istio Attributes"><a href=#istio-attributes>Istio Attributes</a><li role=none aria-label=Design><a href=#design>Design</a><li role=none aria-label="HTTP Mapping"><a href=#http-mapping>HTTP Mapping</a></ol></li><li role=none aria-label=Authentication><a href=#Authentication>Authentication</a><li role=none aria-label=Connection><a href=#Connection>Connection</a><li role=none aria-label=DNSName><a href=#DNSName>DNSName</a><li role=none aria-label=DirectHttpResponse><a href=#DirectHttpResponse>DirectHttpResponse</a><li role=none aria-label=Duration><a href=#Duration>Duration</a><li role=none aria-label=EmailAddress><a href=#EmailAddress>EmailAddress</a><li role=none aria-label=FractionalPercent.DenominatorType><a href=#FractionalPercent-DenominatorType>FractionalPercent.DenominatorType</a><li role=none aria-label=Handler><a href=#Handler>Handler</a><li role=none aria-label=HttpStatusCode><a href=#HttpStatusCode>HttpStatusCode</a><li role=none aria-label=IPAddress><a href=#IPAddress>IPAddress</a><li role=none aria-label=Instance><a href=#Instance>Instance</a><li role=none aria-label=Mutual><a href=#Mutual>Mutual</a><li role=none aria-label=OAuth><a href=#OAuth>OAuth</a><li role=none aria-label=Rule><a href=#Rule>Rule</a><li role=none aria-label=Rule.HeaderOperationTemplate><a href=#Rule-HeaderOperationTemplate>Rule.HeaderOperationTemplate</a><li role=none aria-label=Rule.HeaderOperationTemplate.Operation><a href=#Rule-HeaderOperationTemplate-Operation>Rule.HeaderOperationTemplate.Operation</a><li role=none aria-label=StringMap><a href=#StringMap>StringMap</a><li role=none aria-label=TimeStamp><a href=#TimeStamp>TimeStamp</a><li role=none aria-label=Tls><a href=#Tls>Tls</a><li role=none aria-label=Tls.AuthHeader><a href=#Tls-AuthHeader>Tls.AuthHeader</a><li role=none aria-label=Uri><a href=#Uri>Uri</a><li role=none aria-label=Value><a href=#Value>Value</a><li role=none aria-label=ValueType><a href=#ValueType>ValueType</a></ol></div></nav></div></main><footer><div class=user-links><a class=channel title="立刻下载 Istio 1.9.5" href=/v1.9/docs/setup/getting-started/#download aria-label="Download Istio"><span>download</span><svg class="icon download"><use xlink:href="/v1.9/img/icons.svg#download"/></svg>
</a><a class=channel title="加入 Istio discussion board 参与讨论获取帮助" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon discourse"><use xlink:href="/v1.9/img/icons.svg#discourse"/></svg></a>
<a class=channel title="Stack Overflow 中列举了针对实际问题以及部署、配置和使用 Istio 的各项回答" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon stackoverflow"><use xlink:href="/v1.9/img/icons.svg#stackoverflow"/></svg></a>
<a class=channel title="在 Slack 上与 Istio 社区交互讨论开发问题（仅限邀请）" href=https://slack.istio.io aria-label=slack><span>slack</span><svg class="icon slack"><use xlink:href="/v1.9/img/icons.svg#slack"/></svg></a>
<a class=channel title="关注我们的 Twitter 来获取最新信息" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon twitter"><use xlink:href="/v1.9/img/icons.svg#twitter"/></svg></a><div class=tag>对于用户</div></div><div class=info><p class=copyright>中文内容由 ServiceMesher 社区维护，部分文档可能稍微滞后于英文版本，同步工作持续进行中<br>Istio 归档
1.9.5<br>&copy; 2020 Istio Authors, <a href=https://policies.google.com/privacy>隐私政策</a><br>归档于 2021年5月18日</p></div><div class=dev-links><a class=channel title="Istio 的代码在 GitHub 上开发" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon github"><use xlink:href="/v1.9/img/icons.svg#github"/></svg></a>
<a class=channel title="如果您想深入了解 Istio 的技术细节，请查看我们日益完善的设计文档" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon drive"><use xlink:href="/v1.9/img/icons.svg#drive"/></svg></a>
<a class=channel title="如果您想为 Istio 项目做出贡献，请考虑加入我们的工作组" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon working-groups"><use xlink:href="/v1.9/img/icons.svg#working-groups"/></svg></a><div class=tag>对于开发者</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title=回到顶部><svg class="icon top"><use xlink:href="/v1.9/img/icons.svg#top"/></svg></button></div></body></html>