mirror of https://github.com/istio/istio.io.git
177 lines
135 KiB
HTML
177 lines
135 KiB
HTML
<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content=#466BB0><meta name=title content=istioctl><meta name=description content="Istio control interface."><meta name=keywords content=microservices,services,mesh><meta property=og:title content=istioctl><meta property=og:type content=website><meta property=og:description content="Istio control interface."><meta property=og:url content=/v1.1/docs/reference/commands/istioctl/><meta property=og:image content=/v1.1/img/istio-whitelogo-bluebackground-framed.svg><meta property=og:image:alt content="Istio Logo"><meta property=og:image:width content=112><meta property=og:image:height content=150><meta property=og:site_name content=Istio><meta name=twitter:card content=summary><meta name=twitter:site content=@IstioMesh><title>Istioldie 1.1 / istioctl</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
|
|
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.1/feed.xml><link rel="shortcut icon" href=/v1.1/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.1/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.1/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.1/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.1/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.1/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.1/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.1/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.1/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.1/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.1/manifest.json><meta name=apple-mobile-web-app-title content=Istio><meta name=application-name content=Istio><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.1/css/all.css></head><body class="language-unknown archive-site"><script src=/v1.1/js/themes_init.min.js></script><script>const branchName="release-1.1";const docTitle="istioctl";const iconFile="\/v1.1/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.1/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.1/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2" /><path d="M65 240H225L125 270z"/><path d="M65 230l60-10V110z"/><path d="M135 220l90 10L135 30z"/></svg></span><span class=name>Istioldie 1.1</span></a><div id=hamburger><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#hamburger"/></svg></div><div id=header-links><span title="Learn how to deploy, use, and operate Istio.">Docs</span>
|
|
<a title="Posts about using Istio." href=/v1.1/blog/2019/announcing-1.1.9/>Blog</a>
|
|
<a title="A bunch of resources to help you deploy, configure and use Istio." href=/v1.1/help/>Help</a>
|
|
<a title="Get a bit more in-depth info about the Istio project." href=/v1.1/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem lang=en id=switch-lang-en class=active>English</a>
|
|
<a tabindex=-1 role=menuitem lang=zh id=switch-lang-zh>中文</a><div role=separator></div><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
|
|
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/docs\/reference\/commands\/istioctl\/');return false;">Current Release</a>
|
|
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/docs\/reference\/commands\/istioctl\/');return false;">Next Release</a>
|
|
<a tabindex=-1 role=menuitem href=https://archive.istio.io>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=013699703217164175118:iwwf17ikgf4>
|
|
<input type=hidden name=ie value=utf-8>
|
|
<input type=hidden name=hl value=en>
|
|
<input type=hidden id=search-page-url value=/v1.1/search.html>
|
|
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
|
|
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#cancel-x"/></svg></button></form></nav></header><main class=primary><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><button class="header dynamic" id=card19 title="Learn about the different parts of the Istio system and the abstractions it uses." aria-controls=card19-body><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#concepts"/></svg>Concepts</button><div class=body aria-labelledby=card19 role=region id=card19-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card19><li role=none><a role=treeitem title="Introduces Istio, the problems it solves, its high-level architecture and design goals." href=/v1.1/docs/concepts/what-is-istio/>What is Istio?</a></li><li role=none><a role=treeitem title="Describes the various Istio features focused on traffic routing and control." href=/v1.1/docs/concepts/traffic-management/>Traffic Management</a></li><li role=none><a role=treeitem title="Describes Istio's authorization and authentication functionality." href=/v1.1/docs/concepts/security/>Security</a></li><li role=none><a role=treeitem title="Describes the policy enforcement and telemetry mechanisms." href=/v1.1/docs/concepts/policies-and-telemetry/>Policies and Telemetry</a></li><li role=none><a role=treeitem title="Introduces performance and scalability for Istio." href=/v1.1/docs/concepts/performance-and-scalability/>Performance and Scalability</a></li><li role=none><a role=treeitem title="Describes how a service mesh can be configured to include services from more than one cluster." href=/v1.1/docs/concepts/multicluster-deployments/>Multicluster Deployments</a></li></ul></div></div><div class=card><button class="header dynamic" id=card39 title="How to deploy and upgrade Istio in various environments such as Kubernetes and Consul." aria-controls=card39-body><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#setup"/></svg>Setup</button><div class=body aria-labelledby=card39 role=region id=card39-body><ul role=tree aria-expanded=true aria-labelledby=card39><li role=treeitem aria-label=Kubernetes><button aria-hidden=true></button><a title="Instructions for installing the Istio control plane on Kubernetes and adding virtual machines into the mesh." href=/v1.1/docs/setup/kubernetes/>Kubernetes</a><ul role=group aria-expanded=false><li role=treeitem aria-label=Prepare><button aria-hidden=true></button><a title="Getting ready for Istio." href=/v1.1/docs/setup/kubernetes/prepare/>Prepare</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="Prepare your Kubernetes pods and services to run in an Istio-enabled cluster." href=/v1.1/docs/setup/kubernetes/prepare/requirements/>Pods and Services</a></li><li role=treeitem aria-label="Platform Setup"><button aria-hidden=true></button><a title="How to prepare various Kubernetes platforms before installing Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/>Platform Setup</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Instructions to setup an Alibaba Cloud Kubernetes cluster for Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/alicloud/>Alibaba Cloud</a></li><li role=none><a role=treeitem title="Instructions to setup an Azure cluster for Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/azure/>Azure</a></li><li role=none><a role=treeitem title="Instructions to setup Docker For Desktop for use with Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/docker/>Docker For Desktop</a></li><li role=none><a role=treeitem title="Instructions to setup a Google Kubernetes Engine cluster for Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/gke/>Google Kubernetes Engine</a></li><li role=none><a role=treeitem title="Instructions to setup an IBM Cloud cluster for Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/ibm/>IBM Cloud</a></li><li role=none><a role=treeitem title="Instructions to setup Minikube for use with Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/minikube/>Minikube</a></li><li role=none><a role=treeitem title="Instructions to setup an OpenShift cluster for Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/openshift/>OpenShift</a></li><li role=none><a role=treeitem title="Instructions to setup an OKE cluster for Istio." href=/v1.1/docs/setup/kubernetes/prepare/platform-setup/oci/>Oracle Cloud Infrastructure</a></li></ul></li></ul></li><li role=none><a role=treeitem title="Download the Istio release and prepare for installation." href=/v1.1/docs/setup/kubernetes/download/>Download</a></li><li role=treeitem aria-label=Install><button aria-hidden=true></button><a title="Choose the flows that best suit your needs and platform." href=/v1.1/docs/setup/kubernetes/install/>Install</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="Instructions to install and configure an Istio mesh in a Kubernetes cluster for evaluation." href=/v1.1/docs/setup/kubernetes/install/kubernetes/>Quick Start Evaluation Install</a></li><li role=none><a role=treeitem title="Instructions to install Istio using a Helm chart." href=/v1.1/docs/setup/kubernetes/install/helm/>Customizable Install with Helm</a></li><li role=treeitem aria-label="Multicluster Installation"><button aria-hidden=true></button><a title="Configure an Istio mesh spanning multiple Kubernetes clusters." href=/v1.1/docs/setup/kubernetes/install/multicluster/>Multicluster Installation</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Install an Istio mesh across multiple Kubernetes clusters using Istio Gateway to reach remote pods." href=/v1.1/docs/setup/kubernetes/install/multicluster/gateways/>Gateway Connectivity</a></li><li role=none><a role=treeitem title="Install an Istio mesh across multiple Kubernetes clusters with direct network access to remote pods." href=/v1.1/docs/setup/kubernetes/install/multicluster/vpn/>VPN Connectivity</a></li></ul></li><li role=treeitem aria-label="Platform-specific Instructions"><button aria-hidden=true></button><a title="Additional installation flows for the supported Kubernetes platforms." href=/v1.1/docs/setup/kubernetes/install/platform/>Platform-specific Instructions</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Instructions to install Istio using the Alibaba Cloud Kubernetes Container Service." href=/v1.1/docs/setup/kubernetes/install/platform/alicloud/>Alibaba Cloud</a></li><li role=none><a role=treeitem title="Instructions to install Istio using the Google Kubernetes Engine (GKE)." href=/v1.1/docs/setup/kubernetes/install/platform/gke/>Google Kubernetes Engine</a></li><li role=none><a role=treeitem title="Instructions to install Istio using IBM Cloud Public or IBM Cloud Private." href=/v1.1/docs/setup/kubernetes/install/platform/ibm/>IBM Cloud</a></li></ul></li></ul></li><li role=treeitem aria-label=Upgrade><button aria-hidden=true></button><a title="Information on upgrading Istio." href=/v1.1/docs/setup/kubernetes/upgrade/>Upgrade</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Important changes operators must understand before upgrading to Istio 1.1." href=/v1.1/docs/setup/kubernetes/upgrade/notice/>1.1 Upgrade Notice</a></li><li role=none><a role=treeitem title="Upgrade the Istio control plane and data plane independently." href=/v1.1/docs/setup/kubernetes/upgrade/steps/>Upgrade Steps</a></li></ul></li><li role=treeitem aria-label="More Guides"><button aria-hidden=true></button><a title="More information on additional setup tasks." href=/v1.1/docs/setup/kubernetes/additional-setup/>More Guides</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes the built-in Istio installation configuration profiles." href=/v1.1/docs/setup/kubernetes/additional-setup/config-profiles/>Installation Configuration Profiles</a></li><li role=none><a role=treeitem title="Install the Istio sidecar in application pods automatically using the sidecar injector webhook or manually using istioctl CLI." href=/v1.1/docs/setup/kubernetes/additional-setup/sidecar-injection/>Installing the Sidecar</a></li><li role=none><a role=treeitem title="Install and use Istio with the Istio CNI plugin, allowing operators to deploy services with lower privilege." href=/v1.1/docs/setup/kubernetes/additional-setup/cni/>Install Istio with the Istio CNI plugin</a></li><li role=none><a role=treeitem title="Integrate VMs and bare metal hosts into an Istio mesh deployed on Kubernetes." href=/v1.1/docs/setup/kubernetes/additional-setup/mesh-expansion/>Mesh Expansion</a></li></ul></li></ul></li><li role=treeitem aria-label="Nomad & Consul"><button aria-hidden=true></button><a title="Instructions for installing the Istio control plane in a Consul based environment, with or without Nomad." href=/v1.1/docs/setup/consul/>Nomad & Consul</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Quick Start instructions to setup the Istio service mesh with Docker Compose." href=/v1.1/docs/setup/consul/quick-start/>Quick Start on Docker</a></li><li role=none><a role=treeitem title="Instructions for installing the Istio control plane in a Consul-based environment, with or without Nomad." href=/v1.1/docs/setup/consul/install/>Installation</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card57 title="How to do single specific targeted activities with the Istio system." aria-controls=card57-body><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#tasks"/></svg>Tasks</button><div class=body aria-labelledby=card57 role=region id=card57-body><ul role=tree aria-expanded=true aria-labelledby=card57><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Tasks that demonstrate Istio's traffic routing features." href=/v1.1/docs/tasks/traffic-management/>Traffic Management</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="This task shows you how to configure dynamic request routing to multiple versions of a microservice." href=/v1.1/docs/tasks/traffic-management/request-routing/>Configuring Request Routing</a></li><li role=none><a role=treeitem title="This task shows you how to inject faults to test the resiliency of your application." href=/v1.1/docs/tasks/traffic-management/fault-injection/>Fault Injection</a></li><li role=none><a role=treeitem title="Shows you how to migrate traffic from an old to new version of a service." href=/v1.1/docs/tasks/traffic-management/traffic-shifting/>Traffic Shifting</a></li><li role=none><a role=treeitem title="Shows you how to migrate TCP traffic from an old to new version of a TCP service." href=/v1.1/docs/tasks/traffic-management/tcp-traffic-shifting/>TCP Traffic Shifting</a></li><li role=none><a role=treeitem title="This task shows you how to setup request timeouts in Envoy using Istio." href=/v1.1/docs/tasks/traffic-management/request-timeouts/>Setting Request Timeouts</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to expose a service outside of the service mesh." href=/v1.1/docs/tasks/traffic-management/ingress/>Control Ingress Traffic</a></li><li role=treeitem aria-label="Securing Ingress Gateway"><button aria-hidden=true></button><a title="Secure ingress gateway controllers using various approaches." href=/v1.1/docs/tasks/traffic-management/secure-ingress/>Securing Ingress Gateway</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Expose a service outside of the service mesh over TLS or mTLS." href=/v1.1/docs/tasks/traffic-management/secure-ingress/mount/>Securing Gateways with HTTPS With a File Mount-Based Approach</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to expose a service outside of the service mesh, over TLS or Mutual TLS, using secret discovery service." href=/v1.1/docs/tasks/traffic-management/secure-ingress/sds/>Securing Gateways with HTTPS Using Secret Discovery Service</a></li></ul></li><li role=none><a role=treeitem title="Describes how to configure Istio to route traffic from services in the mesh to external services." href=/v1.1/docs/tasks/traffic-management/egress/>Control Egress Traffic</a></li><li role=none><a role=treeitem title="This task shows you how to configure circuit breaking for connections, requests, and outlier detection." href=/v1.1/docs/tasks/traffic-management/circuit-breaking/>Circuit Breaking</a></li><li role=none><a role=treeitem title="This task demonstrates the traffic mirroring/shadowing capabilities of Istio." href=/v1.1/docs/tasks/traffic-management/mirroring/>Mirroring</a></li></ul></li><li role=treeitem aria-label=Security><button aria-hidden=true></button><a title="Demonstrates how to secure the mesh." href=/v1.1/docs/tasks/security/>Security</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Shows you how to use Istio authentication policy to setup mutual TLS and basic end-user authentication." href=/v1.1/docs/tasks/security/authn-policy/>Authentication Policy</a></li><li role=none><a role=treeitem title="Shows how to set up role-based access control for HTTP services." href=/v1.1/docs/tasks/security/authz-http/>Authorization for HTTP Services</a></li><li role=none><a role=treeitem title="Shows how to set up role-based access control for TCP services." href=/v1.1/docs/tasks/security/authz-tcp/>Authorization for TCP Services</a></li><li role=none><a role=treeitem title="Tutorial on how to configure the groups-base authorization and configure the authorization of list-typed claims in Istio." href=/v1.1/docs/tasks/security/rbac-groups/>Authorization for groups and list claims</a></li><li role=none><a role=treeitem title="Shows how to use Authorization permissive mode." href=/v1.1/docs/tasks/security/authz-permissive/>Authorization permissive mode</a></li><li role=none><a role=treeitem title="This task shows you how to integrate a Vault Certificate Authority with Istio for mutual TLS." href=/v1.1/docs/tasks/security/vault-ca/>Istio Vault CA Integration</a></li><li role=none><a role=treeitem title="Shows you how to verify and test Istio's automatic mutual TLS authentication." href=/v1.1/docs/tasks/security/mutual-tls/>Mutual TLS Deep-Dive</a></li><li role=none><a role=treeitem title="Shows how operators can configure Citadel with existing root certificate, signing certificate and key." href=/v1.1/docs/tasks/security/plugin-ca-cert/>Plugging in External CA Key and Certificate</a></li><li role=none><a role=treeitem title="Shows how to enable Citadel health checking with Kubernetes." href=/v1.1/docs/tasks/security/health-check/>Citadel Health Checking</a></li><li role=none><a role=treeitem title="Shows how to enable SDS (secret discovery service) for Istio identity provisioning." href=/v1.1/docs/tasks/security/auth-sds/>Provisioning Identity through SDS</a></li><li role=none><a role=treeitem title="Shows you how to incrementally migrate your Istio services to mutual TLS." href=/v1.1/docs/tasks/security/mtls-migration/>Mutual TLS Migration</a></li><li role=none><a role=treeitem title="Shows how to enable mutual TLS on HTTPS services." href=/v1.1/docs/tasks/security/https-overlay/>Mutual TLS over HTTPS</a></li></ul></li><li role=treeitem aria-label=Policies><button aria-hidden=true></button><a title="Demonstrates policy enforcement features." href=/v1.1/docs/tasks/policy-enforcement/>Policies</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to enable Istio policy enforcement." href=/v1.1/docs/tasks/policy-enforcement/enabling-policy/>Enabling Policy Enforcement</a></li><li role=none><a role=treeitem title="This task shows you how to use Istio to dynamically limit the traffic to a service." href=/v1.1/docs/tasks/policy-enforcement/rate-limiting/>Enabling Rate Limits</a></li><li role=none><a role=treeitem title="Shows how to modify request headers and routing using policy adapters." href=/v1.1/docs/tasks/policy-enforcement/control-headers/>Control Headers and Routing</a></li><li role=none><a role=treeitem title="Shows how to control access to a service using simple denials or white/black listing." href=/v1.1/docs/tasks/policy-enforcement/denial-and-list/>Denials and White/Black Listing</a></li></ul></li><li role=treeitem aria-label=Telemetry><button aria-hidden=true></button><a title="Demonstrates how to collect telemetry information from the mesh." href=/v1.1/docs/tasks/telemetry/>Telemetry</a><ul role=group aria-expanded=false><li role=treeitem aria-label=Metrics><button aria-hidden=true></button><a title="Demonstrates the configuration, collection, and processing of Istio mesh metrics." href=/v1.1/docs/tasks/telemetry/metrics/>Metrics</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to configure Istio to collect and customize metrics." href=/v1.1/docs/tasks/telemetry/metrics/collecting-metrics/>Collecting Metrics</a></li><li role=none><a role=treeitem title="This task shows you how to configure Istio to collect metrics for TCP services." href=/v1.1/docs/tasks/telemetry/metrics/tcp-metrics/>Collecting Metrics for TCP services</a></li><li role=none><a role=treeitem title="This task shows you how to query for Istio Metrics using Prometheus." href=/v1.1/docs/tasks/telemetry/metrics/querying-metrics/>Querying Metrics from Prometheus</a></li><li role=none><a role=treeitem title="This task shows you how to setup and use the Istio Dashboard to monitor mesh traffic." href=/v1.1/docs/tasks/telemetry/metrics/using-istio-dashboard/>Visualizing Metrics with Grafana</a></li></ul></li><li role=treeitem aria-label=Logs><button aria-hidden=true></button><a title="Demonstrates the configuration, collection, and processing of Istio mesh logs." href=/v1.1/docs/tasks/telemetry/logs/>Logs</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="This task shows you how to configure Istio to collect and customize logs." href=/v1.1/docs/tasks/telemetry/logs/collecting-logs/>Collecting Logs</a></li><li role=none><a role=treeitem title="This task shows you how to configure Envoy proxies to print access log to their standard output." href=/v1.1/docs/tasks/telemetry/logs/access-log/>Getting Envoy's Access Logs</a></li><li role=none><a role=treeitem title="This task shows you how to configure Istio to log to a Fluentd daemon." href=/v1.1/docs/tasks/telemetry/logs/fluentd/>Logging with Fluentd</a></li></ul></li><li role=treeitem aria-label="Distributed Tracing"><button aria-hidden=true></button><a title="This task shows you how to configure Istio-enabled applications to collect trace spans." href=/v1.1/docs/tasks/telemetry/distributed-tracing/>Distributed Tracing</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Overview of distributed tracing in Istio." href=/v1.1/docs/tasks/telemetry/distributed-tracing/overview/>Overview</a></li><li role=none><a role=treeitem title="Learn how to configure the proxies to send tracing requests to Jaeger." href=/v1.1/docs/tasks/telemetry/distributed-tracing/jaeger/>Jaeger</a></li><li role=none><a role=treeitem title="Learn how to configure the proxies to send tracing requests to Zipkin." href=/v1.1/docs/tasks/telemetry/distributed-tracing/zipkin/>Zipkin</a></li><li role=none><a role=treeitem title="How to configure the proxies to send tracing requests to LightStep." href=/v1.1/docs/tasks/telemetry/distributed-tracing/lightstep/>LightStep</a></li></ul></li><li role=none><a role=treeitem title="This task shows you how to visualize your services within an Istio mesh." href=/v1.1/docs/tasks/telemetry/kiali/>Visualizing Your Mesh</a></li><li role=none><a role=treeitem title="This task shows you how to configure external access to the set of Istio telemetry addons." href=/v1.1/docs/tasks/telemetry/gateways/>Remotely Accessing Telemetry Addons</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card72 title="A variety of fully working example uses for Istio that you can experiment with." aria-controls=card72-body><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#examples"/></svg>Examples</button><div class=body aria-labelledby=card72 role=region id=card72-body><ul role=tree aria-expanded=true aria-labelledby=card72><li role=none><a role=treeitem title="Deploys a sample application composed of four separate microservices used to demonstrate various Istio features." href=/v1.1/docs/examples/bookinfo/>Bookinfo Application</a></li><li role=none><a role=treeitem title="Explains how to manually integrate Google Cloud Endpoints services with Istio." href=/v1.1/docs/examples/endpoints/>Install Istio for Google Cloud Endpoints Services</a></li><li role=none><a role=treeitem title="Illustrates how to use Istio to control a Kubernetes cluster and raw VMs as a single mesh." href=/v1.1/docs/examples/integrating-vms/>Integrating Virtual Machines</a></li><li role=treeitem aria-label="Edge Traffic Management"><button aria-hidden=true></button><a title="A variety of advanced examples for managing traffic at the edge (i.e., ingress and egress traffic) of an Istio service mesh." href=/v1.1/docs/examples/advanced-gateways/>Edge Traffic Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes how to configure SNI passthrough for an ingress gateway." href=/v1.1/docs/examples/advanced-gateways/ingress-sni-passthrough/>Ingress Gateway without TLS Termination</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to perform TLS origination for traffic to external services." href=/v1.1/docs/examples/advanced-gateways/egress-tls-origination/>TLS Origination for Egress Traffic</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to direct traffic to external services through a dedicated gateway." href=/v1.1/docs/examples/advanced-gateways/egress-gateway/>Configure an Egress Gateway</a></li><li role=none><a role=treeitem title="Describes how to configure an Egress Gateway to perform TLS origination to external services." href=/v1.1/docs/examples/advanced-gateways/egress-gateway-tls-origination/>Egress Gateway with TLS Origination</a></li><li role=none><a role=treeitem title="Describes how to enable egress traffic for a set of hosts in a common domain, instead of configuring each and every host separately." href=/v1.1/docs/examples/advanced-gateways/wildcard-egress-hosts/>Configure Egress Traffic using Wildcard Hosts</a></li><li role=none><a role=treeitem title="Describes how to configure SNI monitoring and apply policies on TLS egress traffic." href=/v1.1/docs/examples/advanced-gateways/egress_sni_monitoring_and_policies/>SNI Monitoring and Policies for TLS Egress Traffic</a></li><li role=none><a role=treeitem title="Describes how to configure Istio to let applications use an external HTTPS proxy." href=/v1.1/docs/examples/advanced-gateways/http-proxy/>Connect to an External HTTPS Proxy</a></li><li role=none><a role=treeitem title="Demonstrates how to obtain Let's Encrypt TLS certificates for Kubernetes Ingress automatically using Cert-Manager." href=/v1.1/docs/examples/advanced-gateways/ingress-certmgr/>Securing Kubernetes Ingress with Cert-Manager</a></li></ul></li><li role=treeitem aria-label="Multicluster Service Mesh"><button aria-hidden=true></button><a title="A variety of fully working multicluster examples for Istio that you can experiment with." href=/v1.1/docs/examples/multicluster/>Multicluster Service Mesh</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuring remote services in a gateway-connected multicluster mesh." href=/v1.1/docs/examples/multicluster/gateways/>Gateway-Connected Clusters</a></li><li role=none><a role=treeitem title="Set up a multicluster mesh over two GKE clusters." href=/v1.1/docs/examples/multicluster/gke/>Google Kubernetes Engine</a></li><li role=none><a role=treeitem title="Example multicluster mesh over two IBM Cloud Private clusters." href=/v1.1/docs/examples/multicluster/icp/>IBM Cloud Private</a></li><li role=none><a role=treeitem title="Multicluster mesh between IBM Cloud Kubernetes Service and IBM Cloud Private." href=/v1.1/docs/examples/multicluster/iks-icp/>IBM Cloud Kubernetes Service & IBM Cloud Private</a></li><li role=none><a role=treeitem title="Leveraging Istio's Split-horizon EDS to create a multicluster mesh." href=/v1.1/docs/examples/multicluster/split-horizon-eds/>Cluster-Aware Service Routing</a></li></ul></li></ul></div></div><div class=card><button class="header dynamic" id=card106 title="Detailed authoritative reference material such as command-line options, configuration options, and API calling parameters." aria-controls=card106-body><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#reference"/></svg>Reference</button><div class="body default" aria-labelledby=card106 role=region id=card106-body><ul role=tree aria-expanded=true aria-labelledby=card106><li role=treeitem aria-label=Configuration><button aria-hidden=true></button><a title="Detailed information on configuration options." href=/v1.1/docs/reference/config/>Configuration</a><ul role=group aria-expanded=false><li role=treeitem aria-label="Traffic Management"><button aria-hidden=true></button><a title="Describes how to configure HTTP/TCP routing features." href=/v1.1/docs/reference/config/networking/>Traffic Management</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Configuration affecting load balancing, outlier detection, etc." href=/v1.1/docs/reference/config/networking/v1alpha3/destination-rule/>Destination Rule</a></li><li role=none><a role=treeitem title="Configuration affecting insertion of custom Envoy filters." href=/v1.1/docs/reference/config/networking/v1alpha3/envoy-filter/>Envoy Filter</a></li><li role=none><a role=treeitem title="Configuration affecting edge load balancer." href=/v1.1/docs/reference/config/networking/v1alpha3/gateway/>Gateway</a></li><li role=none><a role=treeitem title="Configuration affecting service registry." href=/v1.1/docs/reference/config/networking/v1alpha3/service-entry/>Service Entry</a></li><li role=none><a role=treeitem title="Configuration affecting network reachability of a sidecar." href=/v1.1/docs/reference/config/networking/v1alpha3/sidecar/>Sidecar</a></li><li role=none><a role=treeitem title="Configuration affecting label/content routing, sni routing, etc." href=/v1.1/docs/reference/config/networking/v1alpha3/virtual-service/>Virtual Service</a></li></ul></li><li role=treeitem aria-label=Authorization><button aria-hidden=true></button><a title="Describes how to configure Istio's authorization features." href=/v1.1/docs/reference/config/authorization/>Authorization</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Describes the supported constraints and properties." href=/v1.1/docs/reference/config/authorization/constraints-and-properties/>Constraints and Properties</a></li><li role=none><a role=treeitem title="Configuration for Role Based Access Control." href=/v1.1/docs/reference/config/authorization/istio.rbac.v1alpha1/>RBAC</a></li></ul></li><li role=none><a role=treeitem title="Describes the options available when installing Istio using the included Helm chart." href=/v1.1/docs/reference/config/installation-options/>Installation Options</a></li><li role=none><a role=treeitem title="Details the Helm chart installation options differences between release-1.0 and release-1.1." href=/v1.1/docs/reference/config/installation-options-changes/>Installation Options Changes</a></li><li role=treeitem aria-label="Policies and Telemetry"><button aria-hidden=true></button><a title="Describes how to configure Istio's policy and telemetry features." href=/v1.1/docs/reference/config/policy-and-telemetry/>Policies and Telemetry</a><ul role=group aria-expanded=false><li role=none><a role=treeitem title="Describes the base attribute vocabulary used for policy and control." href=/v1.1/docs/reference/config/policy-and-telemetry/attribute-vocabulary/>Attribute Vocabulary</a></li><li role=none><a role=treeitem title="Mixer configuration expression language reference." href=/v1.1/docs/reference/config/policy-and-telemetry/expression-language/>Expression Language</a></li><li role=treeitem aria-label=Adapters><button aria-hidden=true></button><a title="Mixer adapters allow Istio to interface to a variety of infrastructure backends for such things as metrics and logs." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/>Adapters</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="Adapter to deliver metrics to Apache SkyWalking." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/apache-skywalking/>Apache SkyWalking</a></li><li role=none><a role=treeitem title="Adapter for Apigee's distributed policy checks and analytics." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/apigee/>Apigee</a></li><li role=none><a role=treeitem title="Adapter for circonus.com's monitoring solution." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/circonus/>Circonus</a></li><li role=none><a role=treeitem title="Adapter for cloudmonitor metrics." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/cloudmonitor/>CloudMonitor</a></li><li role=none><a role=treeitem title="Adapter for cloudwatch metrics." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/cloudwatch/>CloudWatch</a></li><li role=none><a role=treeitem title="Adapter to deliver metrics to a dogstatsd agent for delivery to DataDog." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/datadog/>Datadog</a></li><li role=none><a role=treeitem title="Adapter that always returns a precondition denial." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/denier/>Denier</a></li><li role=none><a role=treeitem title="Adapter that delivers logs to a Fluentd daemon." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/fluentd/>Fluentd</a></li><li role=none><a role=treeitem title="Adapter that extracts information from a Kubernetes environment." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/kubernetesenv/>Kubernetes Env</a></li><li role=none><a role=treeitem title="Adapter that performs whitelist or blacklist checks." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/list/>List</a></li><li role=none><a role=treeitem title="Adapter for a simple in-memory quota management system." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/memquota/>Memory quota</a></li><li role=none><a role=treeitem title="Adapter that implements an Open Policy Agent engine." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/opa/>OPA</a></li><li role=none><a role=treeitem title="Adapter that exposes Istio metrics for ingestion by a Prometheus harvester." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/prometheus/>Prometheus</a></li><li role=none><a role=treeitem title="Adapter for a Redis-based quota management system." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/redisquota/>Redis Quota</a></li><li role=none><a role=treeitem title="Adapter that sends metrics to SignalFx." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/signalfx/>SignalFx</a></li><li role=none><a role=treeitem title="Adapter to deliver logs and metrics to Papertrail and AppOptics backends." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/solarwinds/>SolarWinds</a></li><li role=none><a role=treeitem title="Adapter to deliver logs, metrics, and traces to Stackdriver." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/stackdriver/>Stackdriver</a></li><li role=none><a role=treeitem title="Adapter to deliver metrics to a StatsD backend." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/statsd/>StatsD</a></li><li role=none><a role=treeitem title="Adapter to locally output logs and metrics." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/stdio/>Stdio</a></li><li role=none><a role=treeitem title="Adapter to deliver metrics to Wavefront by VMware." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/wavefront/>Wavefront by VMware</a></li><li role=none><a role=treeitem title="Adapter to deliver tracing data to Zipkin." href=/v1.1/docs/reference/config/policy-and-telemetry/adapters/zipkin/>Zipkin</a></li></ul></li><li role=none><a role=treeitem title="Default Metrics exported from Istio through Mixer." href=/v1.1/docs/reference/config/policy-and-telemetry/metrics/>Default Metrics</a></li><li role=treeitem aria-label=Templates><button aria-hidden=true></button><a title="Mixer templates are used to send data to individual adapters." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/>Templates</a><ul role=group aria-expanded=false class=leaf-section><li role=none><a role=treeitem title="A template that represents a single API key." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/apikey/>API Key</a></li><li role=none><a role=treeitem title="The Analytics template is used to dispatch runtime telemetry to Apigee." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/analytics/>Analytics</a></li><li role=none><a role=treeitem title="A template used to represent an access control query." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/authorization/>Authorization</a></li><li role=none><a role=treeitem title="A template that carries no data, useful for testing." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/checknothing/>Check Nothing</a></li><li role=none><a role=treeitem title="A template designed to report observed communication edges between workloads." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/edge/>Edge</a></li><li role=none><a role=treeitem title="A template that is used to control the production of Kubernetes-specific attributes." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/kubernetes/>Kubernetes</a></li><li role=none><a role=treeitem title="A template designed to let you perform list checking operations." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/listentry/>List Entry</a></li><li role=none><a role=treeitem title="A template that represents a single runtime log entry." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/logentry/>Log Entry</a></li><li role=none><a role=treeitem title="A template that represents a single runtime metric." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/metric/>Metric</a></li><li role=none><a role=treeitem title="A template that represents a quota allocation request." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/quota/>Quota</a></li><li role=none><a role=treeitem title="A template that carries no data, useful for testing." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/reportnothing/>Report Nothing</a></li><li role=none><a role=treeitem title="A template that represents an individual span within a distributed trace." href=/v1.1/docs/reference/config/policy-and-telemetry/templates/tracespan/>Trace Span</a></li></ul></li><li role=none><a role=treeitem title="Configuration state for the Mixer client library." href=/v1.1/docs/reference/config/policy-and-telemetry/istio.mixer.v1.config.client/>Mixer Client</a></li><li role=none><a role=treeitem title="Describes the rules used to configure Mixer's policy and telemetry features." href=/v1.1/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/>Rules</a></li></ul></li><li role=none><a role=treeitem title="Authentication policy for Istio services." href=/v1.1/docs/reference/config/istio.authentication.v1alpha1/>Authentication Policy</a></li><li role=none><a role=treeitem title="Configuration affecting the service mesh as a whole." href=/v1.1/docs/reference/config/istio.mesh.v1alpha1/>Service Mesh</a></li></ul></li><li role=treeitem aria-label=Commands><button class=show aria-hidden=true></button><a title="Describes usage and options of the Istio commands and utilities." href=/v1.1/docs/reference/commands/>Commands</a><ul role=group aria-expanded=true class=leaf-section><li role=none><a role=treeitem title="Galley provides configuration management services for Istio." href=/v1.1/docs/reference/commands/galley/>galley</a></li><li role=none><a role=treeitem title="Istio Certificate Authority (CA)." href=/v1.1/docs/reference/commands/istio_ca/>istio_ca</a></li><li role=none><span role=treeitem class=current title="Istio control interface.">istioctl</span></li><li role=none><a role=treeitem title="Utility to trigger direct calls to Mixer's API." href=/v1.1/docs/reference/commands/mixc/>mixc</a></li><li role=none><a role=treeitem title="Mixer is Istio's abstraction on top of infrastructure backends." href=/v1.1/docs/reference/commands/mixs/>mixs</a></li><li role=none><a role=treeitem title="Istio security per-node agent." href=/v1.1/docs/reference/commands/node_agent/>node_agent</a></li><li role=none><a role=treeitem title="Istio Pilot agent." href=/v1.1/docs/reference/commands/pilot-agent/>pilot-agent</a></li><li role=none><a role=treeitem title="Istio Pilot." href=/v1.1/docs/reference/commands/pilot-discovery/>pilot-discovery</a></li><li role=none><a role=treeitem title="Kubernetes webhook for automatic Istio sidecar injection." href=/v1.1/docs/reference/commands/sidecar-injector/>sidecar-injector</a></li></ul></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title="Toggle the navigation bar"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.1/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.1/docs/ title="Learn how to deploy, use, and operate Istio.">Docs</a></li><li><a href=/v1.1/docs/reference/ title="Detailed authoritative reference material such as command-line options, configuration options, and API calling parameters.">Reference</a></li><li><a href=/v1.1/docs/reference/commands/ title="Describes usage and options of the Istio commands and utilities.">Commands</a></li><li>istioctl</li></ol></nav><article aria-labelledby=title><div class=title-area><div><h1 id=title>istioctl</h1><p class=byline><span title="7659 words"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#clock"/></svg><span> </span>36 minute read</span></p></div></div><nav class=toc-inlined aria-label="Table of Contents"><div><hr><ol><li role=none aria-label="istioctl authn"><a href=#istioctl-authn>istioctl authn</a><ol><li role=none aria-label=Examples><a href=#istioctl-authn%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl authn tls-check"><a href=#istioctl-authn-tls-check>istioctl authn tls-check</a><ol><li role=none aria-label=Examples><a href=#istioctl-authn-tls-check%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl deregister"><a href=#istioctl-deregister>istioctl deregister</a><ol><li role=none aria-label=Examples><a href=#istioctl-deregister%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental"><a href=#istioctl-experimental>istioctl experimental</a><li role=none aria-label="istioctl experimental convert-ingress"><a href=#istioctl-experimental-convert-ingress>istioctl experimental convert-ingress</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-convert-ingress%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental metrics"><a href=#istioctl-experimental-metrics>istioctl experimental metrics</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-metrics%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental rbac"><a href=#istioctl-experimental-rbac>istioctl experimental rbac</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-rbac%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental rbac can"><a href=#istioctl-experimental-rbac-can>istioctl experimental rbac can</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-rbac-can%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental verify-install"><a href=#istioctl-experimental-verify-install>istioctl experimental verify-install</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-verify-install%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl kube-inject"><a href=#istioctl-kube-inject>istioctl kube-inject</a><ol><li role=none aria-label=Examples><a href=#istioctl-kube-inject%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config"><a href=#istioctl-proxy-config>istioctl proxy-config</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config bootstrap"><a href=#istioctl-proxy-config-bootstrap>istioctl proxy-config bootstrap</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-bootstrap%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config cluster"><a href=#istioctl-proxy-config-cluster>istioctl proxy-config cluster</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-cluster%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config endpoint"><a href=#istioctl-proxy-config-endpoint>istioctl proxy-config endpoint</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-endpoint%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config listener"><a href=#istioctl-proxy-config-listener>istioctl proxy-config listener</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-listener%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config route"><a href=#istioctl-proxy-config-route>istioctl proxy-config route</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-route%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-status"><a href=#istioctl-proxy-status>istioctl proxy-status</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-status%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl register"><a href=#istioctl-register>istioctl register</a><li role=none aria-label="istioctl validate"><a href=#istioctl-validate>istioctl validate</a><ol><li role=none aria-label=Examples><a href=#istioctl-validate%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl version"><a href=#istioctl-version>istioctl version</a></ol><hr></div></nav><p>Istio configuration command line utility for service operators to
|
|
debug and diagnose their Istio mesh.</p><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h2 id=istioctl-authn>istioctl authn</h2><p>A group of commands used to interact with Istio authentication policies.
|
|
tls-check</p><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-authn Examples">Examples</h3><pre class=language-bash><code># Check whether TLS setting are matching between authentication policy and destination rules:
|
|
istioctl authn tls-check
|
|
</code></pre><h2 id=istioctl-authn-tls-check>istioctl authn tls-check</h2><p>Check what authentication policies and destination rules pilot uses to config a proxy instance,
|
|
and check if TLS settings are compatible between them.</p><pre class=language-bash><code>istioctl authn tls-check <pod-name[.namespace]> [<service>] [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-authn-tls-check Examples">Examples</h3><pre class=language-bash><code>
|
|
# Check settings for pod "foo-656bd7df7c-5zp4s" in namespace default:
|
|
istioctl authn tls-check 656bd7df7c-5zp4s.default
|
|
|
|
# Check settings for pod "foo-656bd7df7c-5zp4s" in namespace default, filtered on destintation
|
|
service "bar" :
|
|
istioctl authn tls-check 656bd7df7c-5zp4s.default bar
|
|
|
|
</code></pre><h2 id=istioctl-deregister>istioctl deregister</h2><p>De-registers a service instance</p><pre class=language-bash><code>istioctl deregister <svcname> <ip> [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-deregister Examples">Examples</h3><pre class=language-bash><code># de-register an endpoint 172.17.0.2 from service my-svc:
|
|
istioctl deregister my-svc 172.17.0.2
|
|
</code></pre><h2 id=istioctl-experimental>istioctl experimental</h2><p>Experimental commands that may be modified or deprecated</p><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h2 id=istioctl-experimental-convert-ingress>istioctl experimental convert-ingress</h2><p>Converts Ingresses into VirtualService configuration on a best effort basis. The output should be considered a starting point for your Istio configuration and probably require some minor modification. Warnings will be generated where configs cannot be converted perfectly. The input must be a Kubernetes Ingress. The conversion of v1alpha1 Istio rules has been removed from istioctl.</p><pre class=language-bash><code>istioctl experimental convert-ingress [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--filenames <stringSlice></code></td><td><code>-f</code></td><td>Input filenames (default `[]`)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output filename (default `-`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-experimental-convert-ingress Examples">Examples</h3><pre class=language-bash><code>istioctl experimental convert-ingress -f samples/bookinfo/platform/kube/bookinfo-ingress.yaml
|
|
</code></pre><h2 id=istioctl-experimental-metrics>istioctl experimental metrics</h2><p>Prints the metrics for the specified service(s) when running in Kubernetes.</p><p>This command finds a Prometheus pod running in the specified istio system
|
|
namespace. It then executes a series of queries per requested workload to
|
|
find the following top-level workload metrics: total requests per second,
|
|
error rate, and request latency at p50, p90, and p99 percentiles. The
|
|
query results are printed to the console, organized by workload name.</p><p>All metrics returned are from server-side reports. This means that latencies
|
|
and error rates are from the perspective of the service itself and not of an
|
|
individual client (or aggregate set of clients). Rates and latencies are
|
|
calculated over a time interval of 1 minute.</p><pre class=language-bash><code>istioctl experimental metrics <workload name>...
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl experimental m <workload name>...
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-experimental-metrics Examples">Examples</h3><pre class=language-bash><code>
|
|
# Retrieve workload metrics for productpage-v1 workload
|
|
istioctl experimental metrics productpage-v1
|
|
|
|
# Retrieve workload metrics for various services in the different namespaces
|
|
istioctl experimental metrics productpage-v1.foo reviews-v1.bar ratings-v1.baz
|
|
|
|
</code></pre><h2 id=istioctl-experimental-rbac>istioctl experimental rbac</h2><p>A group of commands used to interact with Istio RBAC policies. For example, Query whether a specific
|
|
request is allowed or denied under the current Istio RBAC policies.</p><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-experimental-rbac Examples">Examples</h3><pre class=language-bash><code># Query if user test is allowed to GET /v1/health of service rating.
|
|
istioctl experimental rbac can -u test GET rating /v1/health
|
|
</code></pre><h2 id=istioctl-experimental-rbac-can>istioctl experimental rbac can</h2><p>This command lets you query whether a specific request will be allowed or denied under current Istio
|
|
RBAC policies. It constructs a fake request with the custom subject and action specified in the command
|
|
line to check if your Istio RBAC policies are working as expected. Note the fake request is only used
|
|
locally to evaluate the effect of the Istio RBAC policies, no actual request will be issued.</p><p>METHOD is the HTTP method being taken, like GET, POST, etc. SERVICE is the short service name the action
|
|
is being taken on. PATH is the HTTP path within the service.</p><pre class=language-bash><code>istioctl experimental rbac can METHOD SERVICE PATH [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--action-properties <stringArray></code></td><td><code>-a</code></td><td>[Action] Additional data about the action. Specified as name1=value1,name2=value2,... (default `[]`)</td></tr><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--subject-properties <stringArray></code></td><td><code>-s</code></td><td>[Subject] Additional data about the subject. Specified as name1=value1,name2=value2,... (default `[]`)</td></tr><tr><td><code>--user <string></code></td><td><code>-u</code></td><td>[Subject] User name/ID that the subject represents. (default ``)</td></tr></tbody></table><h3 id="istioctl-experimental-rbac-can Examples">Examples</h3><pre class=language-bash><code># Query if user "cluster.local/ns/default/sa/productpage" is allowed to GET /v1/health of service rating.
|
|
istioctl experimental rbac can -u cluster.local/ns/default/sa/productpage GET rating /v1/health
|
|
|
|
# Query if namespace foo is allowed to POST to /data of service rating with label version=dev.
|
|
istioctl experimental rbac can -s source.namespace=foo POST rating /data -a destination.labels[version]=dev
|
|
</code></pre><h2 id=istioctl-experimental-verify-install>istioctl experimental verify-install</h2><p>verify-install verifies Istio installation status against the installation file
|
|
you specified when you installed Istio. It loops through all the installation
|
|
resources defined in your installation file and reports whether all of them are
|
|
in ready status. It will report failure when any of them are not ready.</p><pre class=language-bash><code>istioctl experimental verify-install [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--enableVerbose</code></td><td></td><td>Enable verbose output</td></tr><tr><td><code>--filename <stringSlice></code></td><td><code>-f</code></td><td>Istio YAML installation file. (default `[]`)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--recursive</code></td><td><code>-R</code></td><td>Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.</td></tr></tbody></table><h3 id="istioctl-experimental-verify-install Examples">Examples</h3><pre class=language-bash><code>
|
|
istioctl verify-install -f istio-demo.yaml
|
|
|
|
</code></pre><h2 id=istioctl-kube-inject>istioctl kube-inject</h2><p></p><p>kube-inject manually injects the Envoy sidecar into Kubernetes
|
|
workloads. Unsupported resources are left unmodified so it is safe to
|
|
run kube-inject over a single file that contains multiple Service,
|
|
ConfigMap, Deployment, etc. definitions for a complex application. Its
|
|
best to do this when the resource is initially created.</p><p>k8s.io/docs/concepts/workloads/pods/pod-overview/#pod-templates is
|
|
updated for Job, DaemonSet, ReplicaSet, Pod and Deployment YAML resource
|
|
documents. Support for additional pod-based resource types can be
|
|
added as necessary.</p><p>The Istio project is continually evolving so the Istio sidecar
|
|
configuration may change unannounced. When in doubt re-run istioctl
|
|
kube-inject on deployments to get the most up-to-date changes.</p><p>To override the sidecar injection template built into istioctl, the
|
|
parameters --injectConfigFile or --injectConfigMapName can be used.
|
|
Both options override any other template configuration parameters, eg.
|
|
--hub and --tag. These options would typically be used with the
|
|
file/configmap created with a new Istio release.</p><pre class=language-bash><code>istioctl kube-inject [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--filename <string></code></td><td><code>-f</code></td><td>Input Kubernetes resource filename (default ``)</td></tr><tr><td><code>--injectConfigFile <string></code></td><td></td><td>injection configuration filename. Cannot be used with --injectConfigMapName (default ``)</td></tr><tr><td><code>--injectConfigMapName <string></code></td><td></td><td>ConfigMap name for Istio sidecar injection, key should be "config".This option overrides any other sidecar injection config options, eg. --hub (default `istio-sidecar-injector`)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--meshConfigFile <string></code></td><td></td><td>mesh configuration filename. Takes precedence over --meshConfigMapName if set (default ``)</td></tr><tr><td><code>--meshConfigMapName <string></code></td><td></td><td>ConfigMap name for Istio mesh configuration, key should be "mesh" (default `istio`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Modified output Kubernetes resource filename (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--readinessFailureThreshold <uint32></code></td><td></td><td>The threshold for successive failed readiness probes. (default `30`)</td></tr><tr><td><code>--readinessInitialDelaySeconds <uint32></code></td><td></td><td>The initial delay (in seconds) for the readiness probe. (default `1`)</td></tr><tr><td><code>--readinessPeriodSeconds <uint32></code></td><td></td><td>The period between readiness probes (in seconds). (default `2`)</td></tr><tr><td><code>--rewriteAppProbe</code></td><td></td><td>Whether injector rewrites the liveness health check to let kubelet health check the app when mtls is on.</td></tr><tr><td><code>--statusPort <int></code></td><td></td><td>HTTP Port on which to serve pilot agent status. The path /healthz/ can be used for health checking. If zero, agent status will not be provided. (default `15020`)</td></tr></tbody></table><h3 id="istioctl-kube-inject Examples">Examples</h3><pre class=language-bash><code>
|
|
# Update resources on the fly before applying.
|
|
kubectl apply -f <(istioctl kube-inject -f <resource.yaml>)
|
|
|
|
# Create a persistent version of the deployment with Envoy sidecar
|
|
# injected.
|
|
istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml
|
|
|
|
# Update an existing deployment.
|
|
kubectl get deployment -o yaml | istioctl kube-inject -f - | kubectl apply -f -
|
|
|
|
# Create a persistent version of the deployment with Envoy sidecar
|
|
# injected configuration from Kubernetes configmap 'istio-inject'
|
|
istioctl kube-inject -f deployment.yaml -o deployment-injected.yaml --injectConfigMapName istio-inject
|
|
|
|
</code></pre><h2 id=istioctl-proxy-config>istioctl proxy-config</h2><p>A group of commands used to retrieve information about proxy configuration from the Envoy config dump</p><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output format: one of json|short (default `short`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-proxy-config Examples">Examples</h3><pre class=language-bash><code> # Retrieve information about proxy configuration from an Envoy instance.
|
|
istioctl proxy-config <clusters|listeners|routes|endpoints|bootstrap> <pod-name[.namespace]>
|
|
</code></pre><h2 id=istioctl-proxy-config-bootstrap>istioctl proxy-config bootstrap</h2><p>Retrieve information about bootstrap configuration for the Envoy instance in the specified pod.</p><pre class=language-bash><code>istioctl proxy-config bootstrap <pod-name[.namespace]> [flags]
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl proxy-config b <pod-name[.namespace]> [flags]
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output format: one of json|short (default `short`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-proxy-config-bootstrap Examples">Examples</h3><pre class=language-bash><code> # Retrieve full bootstrap configuration for a given pod from Envoy.
|
|
istioctl proxy-config bootstrap <pod-name[.namespace]>
|
|
|
|
</code></pre><h2 id=istioctl-proxy-config-cluster>istioctl proxy-config cluster</h2><p>Retrieve information about cluster configuration for the Envoy instance in the specified pod.</p><pre class=language-bash><code>istioctl proxy-config cluster <pod-name[.namespace]> [flags]
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl proxy-config clusters <pod-name[.namespace]> [flags]
|
|
istioctl proxy-config c <pod-name[.namespace]> [flags]
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--direction <string></code></td><td></td><td>Filter clusters by Direction field (default ``)</td></tr><tr><td><code>--fqdn <string></code></td><td></td><td>Filter clusters by substring of Service FQDN field (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output format: one of json|short (default `short`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--port <int></code></td><td></td><td>Filter clusters by Port field (default `0`)</td></tr><tr><td><code>--subset <string></code></td><td></td><td>Filter clusters by substring of Subset field (default ``)</td></tr></tbody></table><h3 id="istioctl-proxy-config-cluster Examples">Examples</h3><pre class=language-bash><code> # Retrieve summary about cluster configuration for a given pod from Envoy.
|
|
istioctl proxy-config clusters <pod-name[.namespace]>
|
|
|
|
# Retrieve cluster summary for clusters with port 9080.
|
|
istioctl proxy-config clusters <pod-name[.namespace]> --port 9080
|
|
|
|
# Retrieve full cluster dump for clusters that are inbound with a FQDN of details.default.svc.cluster.local.
|
|
istioctl proxy-config clusters <pod-name[.namespace]> --fqdn details.default.svc.cluster.local --direction inbound -o json
|
|
|
|
</code></pre><h2 id=istioctl-proxy-config-endpoint>istioctl proxy-config endpoint</h2><p>Retrieve information about endpoint configuration for the Envoy instance in the specified pod.</p><pre class=language-bash><code>istioctl proxy-config endpoint <pod-name[.namespace]> [flags]
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl proxy-config endpoints <pod-name[.namespace]> [flags]
|
|
istioctl proxy-config ep <pod-name[.namespace]> [flags]
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--address <string></code></td><td></td><td>Filter endpoints by address field (default ``)</td></tr><tr><td><code>--cluster <string></code></td><td></td><td>Filter endpoints by cluster name field (default ``)</td></tr><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output format: one of json|short (default `short`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--port <int></code></td><td></td><td>Filter endpoints by Port field (default `0`)</td></tr><tr><td><code>--status <string></code></td><td></td><td>Filter endpoints by status field (default ``)</td></tr></tbody></table><h3 id="istioctl-proxy-config-endpoint Examples">Examples</h3><pre class=language-bash><code> # Retrieve full endpoint configuration for a given pod from Envoy.
|
|
istioctl proxy-config endpoint <pod-name[.namespace]>
|
|
|
|
# Retrieve endpoint summary for endpoint with port 9080.
|
|
istioctl proxy-config endpoint <pod-name[.namespace]> --port 9080
|
|
|
|
# Retrieve full endpoint with a address (172.17.0.2).
|
|
istioctl proxy-config endpoint <pod-name[.namespace]> --address 172.17.0.2 -o json
|
|
|
|
# Retrieve full endpoint with a cluster name (outbound|9411||zipkin.istio-system.svc.cluster.local).
|
|
istioctl proxy-config endpoint <pod-name[.namespace]> --cluster "outbound|9411||zipkin.istio-system.svc.cluster.local" -o json
|
|
# Retrieve full endpoint with the status (healthy).
|
|
istioctl proxy-config endpoint <pod-name[.namespace]> --status healthy -ojson
|
|
|
|
</code></pre><h2 id=istioctl-proxy-config-listener>istioctl proxy-config listener</h2><p>Retrieve information about listener configuration for the Envoy instance in the specified pod.</p><pre class=language-bash><code>istioctl proxy-config listener <pod-name[.namespace]> [flags]
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl proxy-config listeners <pod-name[.namespace]> [flags]
|
|
istioctl proxy-config l <pod-name[.namespace]> [flags]
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--address <string></code></td><td></td><td>Filter listeners by address field (default ``)</td></tr><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output format: one of json|short (default `short`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--port <int></code></td><td></td><td>Filter listeners by Port field (default `0`)</td></tr><tr><td><code>--type <string></code></td><td></td><td>Filter listeners by type field (default ``)</td></tr></tbody></table><h3 id="istioctl-proxy-config-listener Examples">Examples</h3><pre class=language-bash><code> # Retrieve summary about listener configuration for a given pod from Envoy.
|
|
istioctl proxy-config listeners <pod-name[.namespace]>
|
|
|
|
# Retrieve listener summary for listeners with port 9080.
|
|
istioctl proxy-config listeners <pod-name[.namespace]> --port 9080
|
|
|
|
# Retrieve full listener dump for HTTP listeners with a wildcard address (0.0.0.0).
|
|
istioctl proxy-config listeners <pod-name[.namespace]> --type HTTP --address 0.0.0.0 -o json
|
|
|
|
</code></pre><h2 id=istioctl-proxy-config-route>istioctl proxy-config route</h2><p>Retrieve information about route configuration for the Envoy instance in the specified pod.</p><pre class=language-bash><code>istioctl proxy-config route <pod-name[.namespace]> [flags]
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl proxy-config routes <pod-name[.namespace]> [flags]
|
|
istioctl proxy-config r <pod-name[.namespace]> [flags]
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--name <string></code></td><td></td><td>Filter listeners by route name field (default ``)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>Output format: one of json|short (default `short`)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-proxy-config-route Examples">Examples</h3><pre class=language-bash><code> # Retrieve summary about route configuration for a given pod from Envoy.
|
|
istioctl proxy-config routes <pod-name[.namespace]>
|
|
|
|
# Retrieve route summary for route 9080.
|
|
istioctl proxy-config route <pod-name[.namespace]> --name 9080
|
|
|
|
# Retrieve full route dump for route 9080
|
|
istioctl proxy-config route <pod-name[.namespace]> --name 9080 -o json
|
|
|
|
</code></pre><h2 id=istioctl-proxy-status>istioctl proxy-status</h2><p>Retrieves last sent and last acknowledged xDS sync from Pilot to each Envoy in the mesh</p><p></p><pre class=language-bash><code>istioctl proxy-status [<pod-name[.namespace]>] [flags]
|
|
</code></pre><div class=aliases><pre class=language-bash><code>istioctl ps [<pod-name[.namespace]>] [flags]
|
|
</code></pre></div><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr></tbody></table><h3 id="istioctl-proxy-status Examples">Examples</h3><pre class=language-bash><code># Retrieve sync status for all Envoys in a mesh
|
|
istioctl proxy-status
|
|
|
|
# Retrieve sync diff for a single Envoy and Pilot
|
|
istioctl proxy-status istio-egressgateway-59585c5b9c-ndc59.istio-system
|
|
|
|
</code></pre><h2 id=istioctl-register>istioctl register</h2><p>Registers a service instance (e.g. VM) joining the mesh</p><pre class=language-bash><code>istioctl register <svcname> <ip> [name1:]port1 [name2:]port2 ... [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--annotations <stringSlice></code></td><td><code>-a</code></td><td>List of string annotations to apply if creating a service/endpoint; e.g. -a foo=bar,test,x=y (default `[]`)</td></tr><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--labels <stringSlice></code></td><td><code>-l</code></td><td>List of labels to apply if creating a service/endpoint; e.g. -l env=prod,vers=2 (default `[]`)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--serviceaccount <string></code></td><td><code>-s</code></td><td>Service account to link to the service (default `default`)</td></tr></tbody></table><h2 id=istioctl-validate>istioctl validate</h2><p>Validate Istio policy and rules</p><pre class=language-bash><code>istioctl validate -f FILENAME [options] [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--filename <stringSlice></code></td><td><code>-f</code></td><td>(default `[]`)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--recursive</code></td><td><code>-R</code></td><td>Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.</td></tr></tbody></table><h3 id="istioctl-validate Examples">Examples</h3><pre class=language-bash><code>istioctl validate -f bookinfo-gateway.yaml
|
|
</code></pre><h2 id=istioctl-version>istioctl version</h2><p>Prints out build version information</p><pre class=language-bash><code>istioctl version [flags]
|
|
</code></pre><table class=command-flags><thead><th>Flags</th><th>Shorthand</th><th>Description</th></thead><tbody><tr><td><code>--context <string></code></td><td></td><td>The name of the kubeconfig context to use (default ``)</td></tr><tr><td><code>--istioNamespace <string></code></td><td><code>-i</code></td><td>Istio system namespace (default `istio-system`)</td></tr><tr><td><code>--kubeconfig <string></code></td><td><code>-c</code></td><td>Kubernetes configuration file (default ``)</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, default, kube-converter, meshconfig, model, rbac] (default ``)</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ``)</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, default, kube-converter, meshconfig, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Config namespace (default ``)</td></tr><tr><td><code>--output <string></code></td><td><code>-o</code></td><td>One of 'yaml' or 'json'. (default ``)</td></tr><tr><td><code>--platform <string></code></td><td><code>-p</code></td><td>Istio host platform (default `kube`)</td></tr><tr><td><code>--remote</code></td><td></td><td>Prints remote version information, from the control plane</td></tr><tr><td><code>--short</code></td><td><code>-s</code></td><td>Displays a short form of the version information</td></tr></tbody></table></article><nav class=pagenav><div class=left><a title="Istio Certificate Authority (CA)." href=/v1.1/docs/reference/commands/istio_ca/><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#left-arrow"/></svg>istio_ca</a></div><div class=right><a title="Utility to trigger direct calls to Mixer's API." href=/v1.1/docs/reference/commands/mixc/>mixc<svg class="icon"><use xlink:href="/v1.1/img/icons.svg#right-arrow"/></svg></a></div></nav><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div><div class=toc-container><nav class=toc aria-label="Table of Contents"><div id=toc><ol><li role=none aria-label="istioctl authn"><a href=#istioctl-authn>istioctl authn</a><ol><li role=none aria-label=Examples><a href=#istioctl-authn%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl authn tls-check"><a href=#istioctl-authn-tls-check>istioctl authn tls-check</a><ol><li role=none aria-label=Examples><a href=#istioctl-authn-tls-check%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl deregister"><a href=#istioctl-deregister>istioctl deregister</a><ol><li role=none aria-label=Examples><a href=#istioctl-deregister%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental"><a href=#istioctl-experimental>istioctl experimental</a><li role=none aria-label="istioctl experimental convert-ingress"><a href=#istioctl-experimental-convert-ingress>istioctl experimental convert-ingress</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-convert-ingress%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental metrics"><a href=#istioctl-experimental-metrics>istioctl experimental metrics</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-metrics%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental rbac"><a href=#istioctl-experimental-rbac>istioctl experimental rbac</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-rbac%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental rbac can"><a href=#istioctl-experimental-rbac-can>istioctl experimental rbac can</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-rbac-can%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl experimental verify-install"><a href=#istioctl-experimental-verify-install>istioctl experimental verify-install</a><ol><li role=none aria-label=Examples><a href=#istioctl-experimental-verify-install%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl kube-inject"><a href=#istioctl-kube-inject>istioctl kube-inject</a><ol><li role=none aria-label=Examples><a href=#istioctl-kube-inject%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config"><a href=#istioctl-proxy-config>istioctl proxy-config</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config bootstrap"><a href=#istioctl-proxy-config-bootstrap>istioctl proxy-config bootstrap</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-bootstrap%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config cluster"><a href=#istioctl-proxy-config-cluster>istioctl proxy-config cluster</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-cluster%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config endpoint"><a href=#istioctl-proxy-config-endpoint>istioctl proxy-config endpoint</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-endpoint%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config listener"><a href=#istioctl-proxy-config-listener>istioctl proxy-config listener</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-listener%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-config route"><a href=#istioctl-proxy-config-route>istioctl proxy-config route</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-config-route%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl proxy-status"><a href=#istioctl-proxy-status>istioctl proxy-status</a><ol><li role=none aria-label=Examples><a href=#istioctl-proxy-status%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl register"><a href=#istioctl-register>istioctl register</a><li role=none aria-label="istioctl validate"><a href=#istioctl-validate>istioctl validate</a><ol><li role=none aria-label=Examples><a href=#istioctl-validate%20Examples>Examples</a></ol></li><li role=none aria-label="istioctl version"><a href=#istioctl-version>istioctl version</a></ol></div></nav></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.1.9 now" href=https://github.com/istio/istio/releases/tag/1.1.9 aria-label="Download Istio"><span>download</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#download"/></svg>
|
|
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#discourse"/></svg></a>
|
|
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#stackoverflow"/></svg></a>
|
|
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
|
|
1.1.9<br>© 2019 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on June 18, 2019</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#github"/></svg></a>
|
|
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://istio.slack.com aria-label=slack><span>slack</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#slack"/></svg></a>
|
|
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#drive"/></svg></a>
|
|
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon"><use xlink:href="/v1.1/img/icons.svg#top"/></svg></button></div></body></html> |