Resource Labels

This page presents the various resource labels that Istio supports to control its behavior.

istio.io/rev

Nameistio.io/rev
Feature StatusAlpha
Resource Types[Namespace]
DescriptionIstio control plane revision associated with the resource; e.g. `canary`

networking.istio.io/gatewayPort

Namenetworking.istio.io/gatewayPort
Feature StatusAlpha
Resource Types[Service]
DescriptionIstioGatewayPortLabel overrides the default 15443 value to use for a multi-network gateway's port

service.istio.io/canonical-name

Nameservice.istio.io/canonical-name
Feature StatusAlpha
Resource Types[Pod]
DescriptionThe name of the canonical service a workload belongs to

service.istio.io/canonical-revision

Nameservice.istio.io/canonical-revision
Feature StatusAlpha
Resource Types[Pod]
DescriptionThe name of a revision within a canonical service that the workload belongs to

sidecar.istio.io/inject

Namesidecar.istio.io/inject
Feature StatusBeta
Resource Types[Pod]
DescriptionSpecifies whether or not an Envoy sidecar should be automatically injected into the workload.

topology.istio.io/cluster

Nametopology.istio.io/cluster
Feature StatusAlpha
Resource Types[Pod]
DescriptionThis label is applied to a workload internally that identifies the Kubernetes cluster containing the workload. The cluster ID is specified during Istio installation for each cluster via `values.global.multiCluster.clusterName`. It should be noted that this is only used internally within Istio and is not an actual label on workload pods. If a pod contains this label, it will be overridden by Istio internally with the cluster ID specified during Istio installation. This label provides a way to select workloads by cluster when using DestinationRules. For example, a service owner could create a DestinationRule containing a subset per cluster and then use these subsets to control traffic flow to each cluster independently.

topology.istio.io/network

Nametopology.istio.io/network
Feature StatusBeta
Resource Types[Namespace Pod Service]
DescriptionA label used to identify the network for one or more pods. This is used
internally by Istio to group pods resident in the same L3 domain/network.
Istio assumes that pods in the same network are directly reachable from
one another. When pods are in different networks, an Istio Gateway
(e.g. east-west gateway) is typically used to establish connectivity
(with AUTO_PASSTHROUGH mode). This label can be applied to the following
resources to help automate Istio's multi-network configuration.

* Istio System Namespace: Applying this label to the system namespace
establishes a default network for pods managed by the control plane.
This is typically configured during control plane installation using an
admin-specified value.

* Pod: Applying this label to a pod allows overriding the default network
on a per-pod basis. This is typically applied to the pod via webhook
injection, but can also be manually specified on the pod by the service
owner. The Istio installation in each cluster configures webhook injection
using an admin-specified value.

* Gateway Service: Applying this label to the Service for an Istio Gateway,
indicates that Istio should use this service as the gateway for the
network, when configuring cross-network traffic. Istio will configure
pods residing outside of the network to access the Gateway service
via `spec.externalIPs`, `status.loadBalancer.ingress[].ip`, or in the case
of a NodePort service, the Node's address. The label is configured when
installing the gateway (e.g. east-west gateway) and should match either
the default network for the control plane (as specified by the Istio System
Namespace label) or the network of the targeted pods.

topology.istio.io/subzone

Nametopology.istio.io/subzone
Feature StatusBeta
Resource Types[Node]
DescriptionUser-provided node label for identifying the locality subzone of a workload. This allows admins to specify a more granular level of locality than what is offered by default with Kubernetes regions and zones.
这些信息有用吗?
您是否有更多建议和改进意见?

感谢您的反馈!