istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/docs/reference/commands/istioctl/index.html

1916 lines
65 KiB
HTML
Raw Blame History

---
WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE https://github.com/istio/istio REPO
source_repo: https://github.com/istio/istio
title: istioctl
description: Istio control interface.
generator: pkg-collateral-docs
number_of_entries: 37
---
<p>Istio configuration command line utility for service operators to
debug and diagnose their Istio mesh.
</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h2 id="istioctl-authn">istioctl authn</h2>
<p>
A group of commands used to interact with Istio authentication policies.
tls-check
</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-authn Examples">Examples</h3>
<pre class="language-bash"><code># Check whether TLS setting are matching between authentication policy and destination rules:
istioctl authn tls-check
</code></pre>
<h2 id="istioctl-authn-tls-check">istioctl authn tls-check</h2>
<p>
Check what authentication policies and destination rules pilot uses to config a proxy instance,
and check if TLS settings are compatible between them.
</p>
<pre class="language-bash"><code>istioctl authn tls-check &lt;pod-name[.namespace]&gt; [&lt;service&gt;] [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-authn-tls-check Examples">Examples</h3>
<pre class="language-bash"><code>
# Check settings for pod &#34;foo-656bd7df7c-5zp4s&#34; in namespace default:
istioctl authn tls-check foo-656bd7df7c-5zp4s.default
# Check settings for pod &#34;foo-656bd7df7c-5zp4s&#34; in namespace default, filtered on destintation
service &#34;bar&#34; :
istioctl authn tls-check foo-656bd7df7c-5zp4s.default bar
</code></pre>
<h2 id="istioctl-deregister">istioctl deregister</h2>
<p>De-registers a service instance</p>
<pre class="language-bash"><code>istioctl deregister &lt;svcname&gt; &lt;ip&gt; [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-deregister Examples">Examples</h3>
<pre class="language-bash"><code># de-register an endpoint 172.17.0.2 from service my-svc:
istioctl deregister my-svc 172.17.0.2
</code></pre>
<h2 id="istioctl-experimental">istioctl experimental</h2>
<p>Experimental commands that may be modified or deprecated</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h2 id="istioctl-experimental-auth">istioctl experimental auth</h2>
<p>Commands to inspect and interact with the authentication (TLS, JWT) and authorization (RBAC) policies in the mesh
check - check the TLS/JWT/RBAC settings based on the Envoy config
upgrade - upgrade the authorization policy from version v1 to v2
</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-auth Examples">Examples</h3>
<pre class="language-bash"><code> # Check the TLS/JWT/RBAC settings for pod httpbin-88ddbcfdd-nt5jb:
istioctl experimental auth check httpbin-88ddbcfdd-nt5jb
</code></pre>
<h2 id="istioctl-experimental-auth-check">istioctl experimental auth check</h2>
<p>Check analyzes the TLS/JWT/RBAC settings directly based on the Envoy config. The Envoy config could
be provided either by pod name or from a config dump file (the whole output of http://localhost:15000/config_dump
of an Envoy instance).</p>
<p>Currently only the listeners with node IP and clusters on outbound direction are analyzed:
- listeners with node IP generally tell how should other pods talk to the Envoy instance which include
the server side TLS/JWT/RBAC settings.</p>
<p>- clusters on outbound direction generally tell how should the Envoy instance talk to other pods which
include the client side TLS settings.</p>
<p>To check the TLS setting, you could run &#39;check&#39; on both of the client and server pods and compare
the cluster results of the client pod and the listener results of the server pod.</p>
<p>To check the JWT/RBAC setting, you could run &#39;check&#39; only on your server pods and check the listener results.</p>
<p>THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
</p>
<pre class="language-bash"><code>istioctl experimental auth check &lt;pod-name&gt;[.&lt;pod-namespace&gt;] [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--all</code></td>
<td><code>-a</code></td>
<td>Show additional information (e.g. SNI and ALPN) </td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--file &lt;string&gt;</code></td>
<td><code>-f</code></td>
<td>Check the TLS/JWT/RBAC setting from the config dump file (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-auth-check Examples">Examples</h3>
<pre class="language-bash"><code> # Check the TLS/JWT/RBAC policy status for pod httpbin-88ddbcfdd-nt5jb in namespace foo:
istioctl experimental auth check httpbin-88ddbcfdd-nt5jb.foo
# Check the TLS/JWT/RBAC policy status from a config dump file:
istioctl experimental auth check -f httpbin_config_dump.txt
</code></pre>
<h2 id="istioctl-experimental-auth-upgrade">istioctl experimental auth upgrade</h2>
<p>Upgrade converts Istio authorization policy from version v1 to v2. It requires access to Kubernetes
service definition in order to translate the service name specified in the ServiceRole to the corresponding
workload labels in the AuthorizationPolicy. The service definition could be provided either from the current
Kubernetes cluster or from a yaml file specified from command line.</p>
<p>THIS COMMAND IS STILL UNDER ACTIVE DEVELOPMENT AND NOT READY FOR PRODUCTION USE.
</p>
<pre class="language-bash"><code>istioctl experimental auth upgrade -f &lt;yaml-file&gt; [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--file &lt;string&gt;</code></td>
<td><code>-f</code></td>
<td>Authorization policy file (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--service &lt;stringSlice&gt;</code></td>
<td><code>-s</code></td>
<td>Kubernetes Service resource that provides the mapping relationship between service name and pod labels (default `[]`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-auth-upgrade Examples">Examples</h3>
<pre class="language-bash"><code> # Upgrade the Istio authorization policy with service definition from the current k8s cluster:
istioctl experimental auth upgrade -f istio-authz-v1-policy.yaml
# Upgrade the Istio authorization policy with service definition from 2 yaml files specified in the command line:
istioctl experimental auth upgrade -f istio-authz-v1-policy.yaml --service svc-a.yaml,svc-b.yaml
</code></pre>
<h2 id="istioctl-experimental-convert-ingress">istioctl experimental convert-ingress</h2>
<p>Converts Ingresses into VirtualService configuration on a best effort basis. The output should be considered a starting point for your Istio configuration and probably require some minor modification. Warnings will be generated where configs cannot be converted perfectly. The input must be a Kubernetes Ingress. The conversion of v1alpha1 Istio rules has been removed from istioctl.</p>
<pre class="language-bash"><code>istioctl experimental convert-ingress [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--filenames &lt;stringSlice&gt;</code></td>
<td><code>-f</code></td>
<td>Input filenames (default `[]`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output filename (default `-`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-convert-ingress Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental convert-ingress -f samples/bookinfo/platform/kube/bookinfo-ingress.yaml
</code></pre>
<h2 id="istioctl-experimental-dashboard">istioctl experimental dashboard</h2>
<p>Access to Istio web UIs</p>
<pre class="language-bash"><code>istioctl experimental dashboard [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl experimental dash [flags]
istioctl experimental d [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h2 id="istioctl-experimental-dashboard-controlz">istioctl experimental dashboard controlz</h2>
<p>Open the ControlZ web UI for a pod in the Istio control plane</p>
<pre class="language-bash"><code>istioctl experimental dashboard controlz &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--ctrlz_port &lt;int&gt;</code></td>
<td></td>
<td>ControlZ port (default `9876`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-controlz Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard controlz pilot-123-456.istio-system
</code></pre>
<h2 id="istioctl-experimental-dashboard-envoy">istioctl experimental dashboard envoy</h2>
<p>Open the Envoy admin dashboard for a sidecar</p>
<pre class="language-bash"><code>istioctl experimental dashboard envoy &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-envoy Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard envoy productpage-123-456.default
</code></pre>
<h2 id="istioctl-experimental-dashboard-grafana">istioctl experimental dashboard grafana</h2>
<p>Open Istio&#39;s Grafana dashboard</p>
<pre class="language-bash"><code>istioctl experimental dashboard grafana [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-grafana Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard grafana
</code></pre>
<h2 id="istioctl-experimental-dashboard-jaeger">istioctl experimental dashboard jaeger</h2>
<p>Open Istio&#39;s Jaeger dashboard</p>
<pre class="language-bash"><code>istioctl experimental dashboard jaeger [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-jaeger Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard jaeger
</code></pre>
<h2 id="istioctl-experimental-dashboard-kiali">istioctl experimental dashboard kiali</h2>
<p>Open Istio&#39;s Kiali dashboard</p>
<pre class="language-bash"><code>istioctl experimental dashboard kiali [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-kiali Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard kiali
</code></pre>
<h2 id="istioctl-experimental-dashboard-prometheus">istioctl experimental dashboard prometheus</h2>
<p>Open Istio&#39;s Prometheus dashboard</p>
<pre class="language-bash"><code>istioctl experimental dashboard prometheus [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-prometheus Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard prometheus
</code></pre>
<h2 id="istioctl-experimental-dashboard-zipkin">istioctl experimental dashboard zipkin</h2>
<p>Open Istio&#39;s Zipkin dashboard</p>
<pre class="language-bash"><code>istioctl experimental dashboard zipkin [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-dashboard-zipkin Examples">Examples</h3>
<pre class="language-bash"><code>istioctl experimental dashboard zipkin
</code></pre>
<h2 id="istioctl-experimental-metrics">istioctl experimental metrics</h2>
<p>
Prints the metrics for the specified service(s) when running in Kubernetes.</p>
<p>This command finds a Prometheus pod running in the specified istio system
namespace. It then executes a series of queries per requested workload to
find the following top-level workload metrics: total requests per second,
error rate, and request latency at p50, p90, and p99 percentiles. The
query results are printed to the console, organized by workload name.</p>
<p>All metrics returned are from server-side reports. This means that latencies
and error rates are from the perspective of the service itself and not of an
individual client (or aggregate set of clients). Rates and latencies are
calculated over a time interval of 1 minute.
</p>
<pre class="language-bash"><code>istioctl experimental metrics &lt;workload name&gt;...
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl experimental m &lt;workload name&gt;...
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-experimental-metrics Examples">Examples</h3>
<pre class="language-bash"><code>
# Retrieve workload metrics for productpage-v1 workload
istioctl experimental metrics productpage-v1
# Retrieve workload metrics for various services in the different namespaces
istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
</code></pre>
<h2 id="istioctl-kube-inject">istioctl kube-inject</h2>
<p></p>
<p>kube-inject manually injects the Envoy sidecar into Kubernetes
workloads. Unsupported resources are left unmodified so it is safe to
run kube-inject over a single file that contains multiple Service,
ConfigMap, Deployment, etc. definitions for a complex application. Its
best to do this when the resource is initially created.</p>
<p>k8s.io/docs/concepts/workloads/pods/pod-overview/#pod-templates is
updated for Job, DaemonSet, ReplicaSet, Pod and Deployment YAML resource
documents. Support for additional pod-based resource types can be
added as necessary.</p>
<p>The Istio project is continually evolving so the Istio sidecar
configuration may change unannounced. When in doubt re-run istioctl
kube-inject on deployments to get the most up-to-date changes.</p>
<p>To override the sidecar injection template from kubernetes configmap
&#39;istio-inject&#39;, the parameters --injectConfigFile or --injectConfigMapName
can be used. Either of options would typically be used with the
file/configmap created with a new Istio release.
</p>
<pre class="language-bash"><code>istioctl kube-inject [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--filename &lt;string&gt;</code></td>
<td><code>-f</code></td>
<td>Input Kubernetes resource filename (default ``)</td>
</tr>
<tr>
<td><code>--injectConfigFile &lt;string&gt;</code></td>
<td></td>
<td>injection configuration filename. Cannot be used with --injectConfigMapName (default ``)</td>
</tr>
<tr>
<td><code>--injectConfigMapName &lt;string&gt;</code></td>
<td></td>
<td>ConfigMap name for Istio sidecar injection, key should be &#34;config&#34;. (default `istio-sidecar-injector`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--meshConfigFile &lt;string&gt;</code></td>
<td></td>
<td>mesh configuration filename. Takes precedence over --meshConfigMapName if set (default ``)</td>
</tr>
<tr>
<td><code>--meshConfigMapName &lt;string&gt;</code></td>
<td></td>
<td>ConfigMap name for Istio mesh configuration, key should be &#34;mesh&#34; (default `istio`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Modified output Kubernetes resource filename (default ``)</td>
</tr>
<tr>
<td><code>--valuesFile &lt;string&gt;</code></td>
<td></td>
<td>injection values configuration filename. (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-kube-inject Examples">Examples</h3>
<pre class="language-bash"><code>
# Update resources on the fly before applying.
kubectl apply -f &lt;(istioctl kube-inject -f &lt;resource.yaml&gt;)
# Create a persistent version of the deployment with Envoy sidecar
# injected.
istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml
# Update an existing deployment.
kubectl get deployment -o yaml | istioctl kube-inject -f - | kubectl apply -f -
# Create a persistent version of the deployment with Envoy sidecar
# injected configuration from Kubernetes configmap &#39;istio-inject&#39;
istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConfigMapName istio-inject
</code></pre>
<h2 id="istioctl-proxy-config">istioctl proxy-config</h2>
<p>A group of commands used to retrieve information about proxy configuration from the Envoy config dump</p>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output format: one of json|short (default `short`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-config Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve information about proxy configuration from an Envoy instance.
istioctl proxy-config &lt;clusters|listeners|routes|endpoints|bootstrap&gt; &lt;pod-name[.namespace]&gt;
</code></pre>
<h2 id="istioctl-proxy-config-bootstrap">istioctl proxy-config bootstrap</h2>
<p>Retrieve information about bootstrap configuration for the Envoy instance in the specified pod.</p>
<pre class="language-bash"><code>istioctl proxy-config bootstrap &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl proxy-config b &lt;pod-name[.namespace]&gt; [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output format: one of json|short (default `short`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-config-bootstrap Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve full bootstrap configuration for a given pod from Envoy.
istioctl proxy-config bootstrap &lt;pod-name[.namespace]&gt;
</code></pre>
<h2 id="istioctl-proxy-config-cluster">istioctl proxy-config cluster</h2>
<p>Retrieve information about cluster configuration for the Envoy instance in the specified pod.</p>
<pre class="language-bash"><code>istioctl proxy-config cluster &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl proxy-config clusters &lt;pod-name[.namespace]&gt; [flags]
istioctl proxy-config c &lt;pod-name[.namespace]&gt; [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--direction &lt;string&gt;</code></td>
<td></td>
<td>Filter clusters by Direction field (default ``)</td>
</tr>
<tr>
<td><code>--fqdn &lt;string&gt;</code></td>
<td></td>
<td>Filter clusters by substring of Service FQDN field (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output format: one of json|short (default `short`)</td>
</tr>
<tr>
<td><code>--port &lt;int&gt;</code></td>
<td></td>
<td>Filter clusters by Port field (default `0`)</td>
</tr>
<tr>
<td><code>--subset &lt;string&gt;</code></td>
<td></td>
<td>Filter clusters by substring of Subset field (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-config-cluster Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about cluster configuration for a given pod from Envoy.
istioctl proxy-config clusters &lt;pod-name[.namespace]&gt;
# Retrieve cluster summary for clusters with port 9080.
istioctl proxy-config clusters &lt;pod-name[.namespace]&gt; --port 9080
# Retrieve full cluster dump for clusters that are inbound with a FQDN of details.default.svc.cluster.local.
istioctl proxy-config clusters &lt;pod-name[.namespace]&gt; --fqdn details.default.svc.cluster.local --direction inbound -o json
</code></pre>
<h2 id="istioctl-proxy-config-endpoint">istioctl proxy-config endpoint</h2>
<p>Retrieve information about endpoint configuration for the Envoy instance in the specified pod.</p>
<pre class="language-bash"><code>istioctl proxy-config endpoint &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl proxy-config endpoints &lt;pod-name[.namespace]&gt; [flags]
istioctl proxy-config ep &lt;pod-name[.namespace]&gt; [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--address &lt;string&gt;</code></td>
<td></td>
<td>Filter endpoints by address field (default ``)</td>
</tr>
<tr>
<td><code>--cluster &lt;string&gt;</code></td>
<td></td>
<td>Filter endpoints by cluster name field (default ``)</td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output format: one of json|short (default `short`)</td>
</tr>
<tr>
<td><code>--port &lt;int&gt;</code></td>
<td></td>
<td>Filter endpoints by Port field (default `0`)</td>
</tr>
<tr>
<td><code>--status &lt;string&gt;</code></td>
<td></td>
<td>Filter endpoints by status field (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-config-endpoint Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve full endpoint configuration for a given pod from Envoy.
istioctl proxy-config endpoint &lt;pod-name[.namespace]&gt;
# Retrieve endpoint summary for endpoint with port 9080.
istioctl proxy-config endpoint &lt;pod-name[.namespace]&gt; --port 9080
# Retrieve full endpoint with a address (172.17.0.2).
istioctl proxy-config endpoint &lt;pod-name[.namespace]&gt; --address 172.17.0.2 -o json
# Retrieve full endpoint with a cluster name (outbound|9411||zipkin.istio-system.svc.cluster.local).
istioctl proxy-config endpoint &lt;pod-name[.namespace]&gt; --cluster &#34;outbound|9411||zipkin.istio-system.svc.cluster.local&#34; -o json
# Retrieve full endpoint with the status (healthy).
istioctl proxy-config endpoint &lt;pod-name[.namespace]&gt; --status healthy -ojson
</code></pre>
<h2 id="istioctl-proxy-config-listener">istioctl proxy-config listener</h2>
<p>Retrieve information about listener configuration for the Envoy instance in the specified pod.</p>
<pre class="language-bash"><code>istioctl proxy-config listener &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl proxy-config listeners &lt;pod-name[.namespace]&gt; [flags]
istioctl proxy-config l &lt;pod-name[.namespace]&gt; [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--address &lt;string&gt;</code></td>
<td></td>
<td>Filter listeners by address field (default ``)</td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output format: one of json|short (default `short`)</td>
</tr>
<tr>
<td><code>--port &lt;int&gt;</code></td>
<td></td>
<td>Filter listeners by Port field (default `0`)</td>
</tr>
<tr>
<td><code>--type &lt;string&gt;</code></td>
<td></td>
<td>Filter listeners by type field (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-config-listener Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about listener configuration for a given pod from Envoy.
istioctl proxy-config listeners &lt;pod-name[.namespace]&gt;
# Retrieve listener summary for listeners with port 9080.
istioctl proxy-config listeners &lt;pod-name[.namespace]&gt; --port 9080
# Retrieve full listener dump for HTTP listeners with a wildcard address (0.0.0.0).
istioctl proxy-config listeners &lt;pod-name[.namespace]&gt; --type HTTP --address 0.0.0.0 -o json
</code></pre>
<h2 id="istioctl-proxy-config-route">istioctl proxy-config route</h2>
<p>Retrieve information about route configuration for the Envoy instance in the specified pod.</p>
<pre class="language-bash"><code>istioctl proxy-config route &lt;pod-name[.namespace]&gt; [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl proxy-config routes &lt;pod-name[.namespace]&gt; [flags]
istioctl proxy-config r &lt;pod-name[.namespace]&gt; [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--name &lt;string&gt;</code></td>
<td></td>
<td>Filter listeners by route name field (default ``)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>Output format: one of json|short (default `short`)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-config-route Examples">Examples</h3>
<pre class="language-bash"><code> # Retrieve summary about route configuration for a given pod from Envoy.
istioctl proxy-config routes &lt;pod-name[.namespace]&gt;
# Retrieve route summary for route 9080.
istioctl proxy-config route &lt;pod-name[.namespace]&gt; --name 9080
# Retrieve full route dump for route 9080
istioctl proxy-config route &lt;pod-name[.namespace]&gt; --name 9080 -o json
</code></pre>
<h2 id="istioctl-proxy-status">istioctl proxy-status</h2>
<p>
Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in the mesh</p>
<p></p>
<pre class="language-bash"><code>istioctl proxy-status [&lt;pod-name[.namespace]&gt;] [flags]
</code></pre>
<div class="aliases">
<pre class="language-bash"><code>istioctl ps [&lt;pod-name[.namespace]&gt;] [flags]
</code></pre></div>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
</tbody>
</table>
<h3 id="istioctl-proxy-status Examples">Examples</h3>
<pre class="language-bash"><code># Retrieve sync status for all Envoys in a mesh
istioctl proxy-status
# Retrieve sync diff for a single Envoy and Pilot
istioctl proxy-status istio-egressgateway-59585c5b9c-ndc59.istio-system
</code></pre>
<h2 id="istioctl-register">istioctl register</h2>
<p>Registers a service instance (e.g. VM) joining the mesh</p>
<pre class="language-bash"><code>istioctl register &lt;svcname&gt; &lt;ip&gt; [name1:]port1 [name2:]port2 ... [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--annotations &lt;stringSlice&gt;</code></td>
<td><code>-a</code></td>
<td>List of string annotations to apply if creating a service/endpoint; e.g. -a foo=bar,test,x=y (default `[]`)</td>
</tr>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--labels &lt;stringSlice&gt;</code></td>
<td><code>-l</code></td>
<td>List of labels to apply if creating a service/endpoint; e.g. -l env=prod,vers=2 (default `[]`)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--serviceaccount &lt;string&gt;</code></td>
<td><code>-s</code></td>
<td>Service account to link to the service (default `default`)</td>
</tr>
</tbody>
</table>
<h2 id="istioctl-validate">istioctl validate</h2>
<p>Validate Istio policy and rules</p>
<pre class="language-bash"><code>istioctl validate -f FILENAME [options] [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--filename &lt;stringSlice&gt;</code></td>
<td><code>-f</code></td>
<td>Names of files to validate (default `[]`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--referential</code></td>
<td><code>-x</code></td>
<td>Enable structural validation for policy and telemetry </td>
</tr>
</tbody>
</table>
<h3 id="istioctl-validate Examples">Examples</h3>
<pre class="language-bash"><code>istioctl validate -f bookinfo-gateway.yaml
</code></pre>
<h2 id="istioctl-verify-install">istioctl verify-install</h2>
<p>
verify-install verifies Istio installation status against the installation file
you specified when you installed Istio. It loops through all the installation
resources defined in your installation file and reports whether all of them are
in ready status. It will report failure when any of them are not ready.</p>
<p> If you do not specify installation file it will perform pre-check for your cluster
and report whether the cluster is ready for Istio installation.
</p>
<pre class="language-bash"><code>istioctl verify-install [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--enableVerbose</code></td>
<td></td>
<td>Enable verbose output </td>
</tr>
<tr>
<td><code>--filename &lt;stringSlice&gt;</code></td>
<td><code>-f</code></td>
<td>Istio YAML installation file. (default `[]`)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--recursive</code></td>
<td><code>-R</code></td>
<td>Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. </td>
</tr>
</tbody>
</table>
<h3 id="istioctl-verify-install Examples">Examples</h3>
<pre class="language-bash"><code>
# Verify that Istio can be freshly installed
istioctl experimental verify-install
# Verify that the deployment matches the istio-demo profile
istioctl experimental verify-install -f istio-demo.yaml
# Verify the deployment matches a custom Istio deployment configuration
istioctl experimental verify-install -f $HOME/istio.yaml
</code></pre>
<h2 id="istioctl-version">istioctl version</h2>
<p>Prints out build version information</p>
<pre class="language-bash"><code>istioctl version [flags]
</code></pre>
<table class="command-flags">
<thead>
<tr>
<th>Flags</th>
<th>Shorthand</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--context &lt;string&gt;</code></td>
<td></td>
<td>The name of the kubeconfig context to use (default ``)</td>
</tr>
<tr>
<td><code>--istioNamespace &lt;string&gt;</code></td>
<td><code>-i</code></td>
<td>Istio system namespace (default `istio-system`)</td>
</tr>
<tr>
<td><code>--kubeconfig &lt;string&gt;</code></td>
<td><code>-c</code></td>
<td>Kubernetes configuration file (default ``)</td>
</tr>
<tr>
<td><code>--log_output_level &lt;string&gt;</code></td>
<td></td>
<td>Comma-separated minimum per-scope logging level of messages to output, in the form of &lt;scope&gt;:&lt;level&gt;,&lt;scope&gt;:&lt;level&gt;,... where scope can be one of [ads, attributes, default, grpcAdapter, kube-converter, mcp, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td>
</tr>
<tr>
<td><code>--namespace &lt;string&gt;</code></td>
<td><code>-n</code></td>
<td>Config namespace (default ``)</td>
</tr>
<tr>
<td><code>--output &lt;string&gt;</code></td>
<td><code>-o</code></td>
<td>One of &#39;yaml&#39; or &#39;json&#39;. (default ``)</td>
</tr>
<tr>
<td><code>--remote</code></td>
<td></td>
<td>Prints remote version information, from the control plane </td>
</tr>
<tr>
<td><code>--short</code></td>
<td><code>-s</code></td>
<td>Displays a short form of the version information </td>
</tr>
</tbody>
</table>
<h2 id="envvars">Environment variables</h2>
These environment variables affect the behavior of the <code>istioctl</code> command.
<table class="envvars">
<thead>
<tr>
<th>Variable Name</th>
<th>Type</th>
<th>Default Value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>BYPASS_OOP_MTLS_SAN_VERIFICATION</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td></td>
</tr>
<tr>
<td><code>ISTIO_GPRC_MAXSTREAMS</code></td>
<td>Integer</td>
<td><code>100000</code></td>
<td></td>
</tr>
<tr>
<td><code>ISTIO_LANG</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>K8S_INGRESS_NS</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_CERT_DIR</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_DEBOUNCE_AFTER</code></td>
<td>Time Duration</td>
<td><code>100ms</code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_DEBOUNCE_MAX</code></td>
<td>Time Duration</td>
<td><code>10s</code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_DEBUG_ADSZ_CONFIG</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_DISABLE_EDS_ISOLATION</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_DISABLE_XDS_MARSHALING_TO_ANY</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_ENABLE_FALLTHROUGH_ROUTE</code></td>
<td>Boolean</td>
<td><code>true</code></td>
<td>EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.</td>
</tr>
<tr>
<td><code>PILOT_ENABLE_LOCALITY_LOAD_BALANCING</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_ENABLE_MYSQL_FILTER</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td>EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.</td>
</tr>
<tr>
<td><code>PILOT_ENABLE_WAIT_CACHE_SYNC</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_HTTP10</code></td>
<td>Boolean</td>
<td><code>false</code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_PUSH_BURST</code></td>
<td>Integer</td>
<td><code>100</code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_PUSH_THROTTLE</code></td>
<td>Integer</td>
<td><code>10</code></td>
<td></td>
</tr>
<tr>
<td><code>PILOT_TRACE_SAMPLING</code></td>
<td>Floating-Point</td>
<td><code>100</code></td>
<td></td>
</tr>
<tr>
<td><code>POD_NAME</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>ProxyInboundListenPort</code></td>
<td>Integer</td>
<td><code>15006</code></td>
<td></td>
</tr>
<tr>
<td><code>TERMINATION_DRAIN_DURATION_SECONDS</code></td>
<td>String</td>
<td><code></code></td>
<td></td>
</tr>
<tr>
<td><code>V2_REFRESH</code></td>
<td>Time Duration</td>
<td><code>0s</code></td>
<td></td>
</tr>
</tbody>
</table>
<h2 id="annotations">Annotations</h2>
These resource annotations are used by the <code>istioctl</code> command.
<table class="annotations">
<thead>
<tr>
<th>Annotation Name</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>policy.istio.io/check</code></td>
<td>Determines the policy for behavior when unable to connect to Mixer. If not set, FAIL_CLOSE is set, rejecting requests.</td>
</tr>
<tr>
<td><code>policy.istio.io/checkBaseRetryWaitTime</code></td>
<td>Base time to wait between retries, will be adjusted by backoff and jitter. In duration format. If not set, this will be 80ms.</td>
</tr>
<tr>
<td><code>policy.istio.io/checkMaxRetryWaitTime</code></td>
<td>Maximum time to wait between retries to Mixer. In duration format. If not set, this will be 1000ms.</td>
</tr>
<tr>
<td><code>policy.istio.io/checkRetries</code></td>
<td>The maximum number of retries on transport errors to Mixer. If not set, this will be 0, indicating no retries.</td>
</tr>
<tr>
<td><code>policy.istio.io/lang</code></td>
<td>Select a language runtime</td>
</tr>
<tr>
<td><code>readiness.status.sidecar.istio.io/applicationPorts</code></td>
<td></td>
</tr>
<tr>
<td><code>readiness.status.sidecar.istio.io/failureThreshold</code></td>
<td></td>
</tr>
<tr>
<td><code>readiness.status.sidecar.istio.io/initialDelaySeconds</code></td>
<td></td>
</tr>
<tr>
<td><code>readiness.status.sidecar.istio.io/periodSeconds</code></td>
<td></td>
</tr>
<tr>
<td><code>sidecar.istio.io/inject</code></td>
<td></td>
</tr>
<tr>
<td><code>sidecar.istio.io/interceptionMode</code></td>
<td></td>
</tr>
<tr>
<td><code>sidecar.istio.io/proxyImage</code></td>
<td></td>
</tr>
<tr>
<td><code>sidecar.istio.io/rewriteAppHTTPProbers</code></td>
<td>Rewrite HTTP readiness and liveness probes to be redirected to istio-proxy sidecar</td>
</tr>
<tr>
<td><code>sidecar.istio.io/status</code></td>
<td></td>
</tr>
<tr>
<td><code>status.sidecar.istio.io/port</code></td>
<td></td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeInboundPorts</code></td>
<td></td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeOutboundIPRanges</code></td>
<td></td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/excludeOutboundPorts</code></td>
<td></td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/includeInboundPorts</code></td>
<td></td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/includeOutboundIPRanges</code></td>
<td></td>
</tr>
<tr>
<td><code>traffic.sidecar.istio.io/kubevirtInterfaces</code></td>
<td></td>
</tr>
</tbody>
</table>
Reference in New Issue View Git Blame Copy Permalink