我的书签
添加书签
移除书签pilot-discovery
| Flags | Shorthand | Description |
|---|---|---|
—appNamespace <string> | -a | Restrict the applications namespace the controller manages; if not set, controller watches all namespaces (default )</td></tr><tr><td><code>--clusterRegistriesNamespace <string></code></td><td></td><td>Namespace for ConfigMap which stores clusters configs (default) |
—configDir <string> | Directory to watch for updates to config yaml files. If specified, the files will be used as the source of config, rather than a CRD client. (default )</td></tr><tr><td><code>--consulserverInterval <duration></code></td><td></td><td>Interval (in seconds) for polling the Consul service registry (default `2s`)</td></tr><tr><td><code>--consulserverURL <string></code></td><td></td><td>URL for the Consul server (default) | |
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default localhost) | |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876) | |
—disable-install-crds | Disable discovery service from verifying the existence of CRDs at startup and then installing if not detected. It is recommended to be disable for highly available setups. | |
—discoveryCache | Enable caching discovery service responses | |
—domain <string> | DNS domain suffix (default cluster.local) | |
—grpcAddr <string> | Discovery service grpc address (default :15010) | |
—httpAddr <string> | Discovery service HTTP address (default :8080) | |
—keepaliveInterval <duration> | The time interval if no activity on the connection it pings the peer to see if the transport is alive (default 30s) | |
—keepaliveMaxServerConnectionAge <duration> | Maximum duration a connection will be kept open on the server before a graceful close. (default 2562047h47m16.854775807s) | |
—keepaliveTimeout <duration> | After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default 10s) | |
—kubeconfig <string> | Use a Kubernetes configuration file instead of in-cluster configuration (default )</td></tr><tr><td><code>--log_as_json</code></td><td></td><td>Whether to format output as JSON or in plain console-friendly format</td></tr><tr><td><code>--log_caller <string></code></td><td></td><td>Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator, validation] (default) | |
—log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,… where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator, validation] and level can be one of [debug, info, warn, error, fatal, none] (default default:info) | |
—log_rotate <string> | The path for the optional rotating log file (default )</td></tr><tr><td><code>--log_rotate_max_age <int></code></td><td></td><td>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)</td></tr><tr><td><code>--log_rotate_max_backups <int></code></td><td></td><td>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)</td></tr><tr><td><code>--log_rotate_max_size <int></code></td><td></td><td>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)</td></tr><tr><td><code>--log_stacktrace_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)</td></tr><tr><td><code>--log_target <stringArray></code></td><td></td><td>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)</td></tr><tr><td><code>--mcpInitialConnWindowSize <int></code></td><td></td><td>Initial connection window size for MCP's gRPC connection (default `1048576`)</td></tr><tr><td><code>--mcpInitialWindowSize <int></code></td><td></td><td>Initial window size for MCP's gRPC connection (default `1048576`)</td></tr><tr><td><code>--mcpMaxMsgSize <int></code></td><td></td><td>Max message size received by MCP's grpc client (default `4194304`)</td></tr><tr><td><code>--meshConfig <string></code></td><td></td><td>File name for Istio mesh configuration. If not specified, a default mesh will be used. (default `/etc/istio/config/mesh`)</td></tr><tr><td><code>--monitoringAddr <string></code></td><td></td><td>HTTP address to use for pilot's self-monitoring information (default `:15014`)</td></tr><tr><td><code>--namespace <string></code></td><td><code>-n</code></td><td>Select a namespace where the controller resides. If not set, uses ${POD_NAMESPACE} environment variable (default) | |
—networksConfig <string> | File name for Istio mesh networks configuration. If not specified, a default mesh networks will be used. (default /etc/istio/config/meshNetworks) | |
—plugins <stringSlice> | comma separated list of networking plugins to enable (default [authn,authz,health,mixer]) | |
—profile | Enable profiling via web interface host:port/debug/pprof | |
—registries <stringSlice> | Comma separated list of platform service registries to read from (choose one or more from {Kubernetes, Consul, MCP, Mock}) (default [Kubernetes]) | |
—resync <duration> | Controller resync interval (default 1m0s) | |
—secureGrpcAddr <string> | Discovery service grpc address, with https (default :15012) | |
—trust-domain <string> | The domain serves to identify the system with spiffe (default ``) |
| Flags | Shorthand | Description |
|---|---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default localhost) | |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876) | |
—keepaliveInterval <duration> | The time interval if no activity on the connection it pings the peer to see if the transport is alive (default 30s) | |
—keepaliveMaxServerConnectionAge <duration> | Maximum duration a connection will be kept open on the server before a graceful close. (default 2562047h47m16.854775807s) | |
—keepaliveTimeout <duration> | After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default ) | |
—log_as_json | Whether to format output as JSON or in plain console-friendly format | |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator, validation] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default) | |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30) | |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000) | |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600) | |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [ads, all, authn, caSecretController, configMapController, default, k8sController, mcp, model, pkiCaLog, rbac, rootCertRotator, validation] and level can be one of [debug, info, warn, error, fatal, none] (default default:none) | |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout]) | |
—output <string> | -o | One of 'yaml' or 'json'. (default ``) |
—short | -s | Use —short=false to generate full version information |
| Metric Name | Type | Description |
|---|---|---|
citadel_secret_controller_csr_err_count | Sum | The number of errors occurred when creating the CSR. |
citadel_secret_controller_csr_sign_err_count | Sum | The number of errors occurred when signing the CSR. |
citadel_secret_controller_secret_deleted_cert_count | Sum | The number of certificates recreated due to secret deletion (service account still exists). |
citadel_secret_controller_svc_acc_created_cert_count | Sum | The number of certificates created due to service account creation. |
citadel_secret_controller_svc_acc_deleted_cert_count | The number of certificates deleted due to service account deletion. | |
endpoint_no_pod | LastValue | Endpoints without an associated pod. |
istio_build | LastValue | Istio component build info |
istio_mcp_clients_total | LastValue | The number of streams currently connected. |
istio_mcp_message_sizes_bytes | Distribution | Size of messages received from clients. |
istio_mcp_reconnections | Sum | The number of times the sink has reconnected. |
istio_mcp_recv_failures_total | Sum | The number of recv failures in the source. |
istio_mcp_request_acks_total | Sum | The number of request acks received by the source. |
istio_mcp_request_nacks_total | Sum | The number of request nacks received by the source. |
istio_mcp_send_failures_total | Sum | The number of send failures in the source. |
pilot_conflict_inbound_listener | LastValue | Number of conflicting inbound listeners. |
pilot_conflict_outbound_listener_http_over_current_tcp | LastValue | Number of conflicting wildcard http listeners with current wildcard tcp listener. |
pilot_conflict_outbound_listener_http_over_https | LastValue | Number of conflicting HTTP listeners with well known HTTPS ports |
pilot_conflict_outbound_listener_tcp_over_current_http | LastValue | Number of conflicting wildcard tcp listeners with current wildcard http listener. |
pilot_conflict_outbound_listener_tcp_over_current_tcp | LastValue | Number of conflicting tcp listeners with current tcp listener. |
pilot_destrule_subsets | LastValue | Duplicate subsets across destination rules for same host |
pilot_discovery_calls | Sum | Individual method calls in Pilot |
pilot_discovery_errors | Sum | Errors encountered during a given method call within Pilot |
pilot_discovery_resources | Distribution | Returned resource counts per method by Pilot |
pilot_duplicate_envoy_clusters | LastValue | Duplicate envoy clusters caused by service entries with same hostname |
pilot_eds_no_instances | LastValue | Number of clusters without instances. |
pilot_endpoint_not_ready | LastValue | Endpoint found in unready state. |
pilot_inbound_updates | Sum | Total number of updates received by pilot. |
pilot_invalid_out_listeners | LastValue | Number of invalid outbound listeners. |
pilot_jwks_resolver_network_fetch_fail_total | Sum | Total number of failed network fetch by pilot jwks resolver |
pilot_jwks_resolver_network_fetch_success_total | Sum | Total number of successfully network fetch by pilot jwks resolver |
pilot_k8s_cfg_events | Sum | Events from k8s config. |
pilot_k8s_object_errors | LastValue | Errors converting k8s CRDs |
pilot_k8s_reg_events | Sum | Events from k8s registry. |
pilot_no_ip | LastValue | Pods not found in the endpoint table, possibly invalid. |
pilot_proxy_convergence_time | Distribution | Delay in seconds between config change and a proxy receiving all required configuration. |
pilot_proxy_queue_time | Distribution | Time in seconds, a proxy is in the push queue before being dequeued. |
pilot_rds_expired_nonce | Sum | Total number of RDS messages with an expired nonce. |
pilot_services | LastValue | Total services known to pilot. |
pilot_total_rejected_configs | Sum | Total number of configs that Pilot had to reject or ignore. |
pilot_total_xds_internal_errors | Sum | Total number of internal XDS errors in pilot. |
pilot_total_xds_rejects | Sum | Total number of XDS responses from pilot rejected by proxy. |
pilot_virt_services | LastValue | Total virtual services known to pilot. |
pilot_vservice_dup_domain | LastValue | Virtual services with dup domains. |
pilot_xds | LastValue | Number of endpoints connected to this pilot using XDS. |
pilot_xds_cds_reject | LastValue | Pilot rejected CSD configs. |
pilot_xds_eds_instances | LastValue | Instances for each cluster, as of last push. Zero instances is an error. |
pilot_xds_eds_reject | LastValue | Pilot rejected EDS. |
pilot_xds_lds_reject | LastValue | Pilot rejected LDS. |
pilot_xds_push_context_errors | Sum | Number of errors (timeouts) initiating push context. |
pilot_xds_push_time | Distribution | Total time in seconds Pilot takes to push lds, rds, cds and eds. |
pilot_xds_pushes | Sum | Pilot build and send errors for lds, rds, cds and eds. |
pilot_xds_rds_reject | LastValue | Pilot rejected RDS. |
pilot_xds_write_timeout | Pilot XDS response write timeouts. |
