Istio control interface
Istio configuration command line utility.
Create, list, modify, and delete configuration resources in the Istio system.
Available routing and traffic management configuration types:
[route-rule ingress-rule egress-rule destination-policy]
See https://istio.io/docs/reference/ for an overview of routing rules and destination policies.
-h, --help help for istioctl
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Generate bash completion for Istioctl
Output shell completion code for the bash shell. The shell output must be evaluated to provide interactive completion of istioctl commands.
istioctl completion [flags]
# Add the following to .bash_profile.
source <(istioctl completion)
# Create a separate completion file and source that from .bash_profile
istioctl completion > ~/.istioctl-complete.bash
echo "source ~/.istioctl-complete.bash" >> ~/.bash_profile
-h, --help help for completion
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Create a kubeconfig file suitable for use with istioctl in a non kubernetes environment
Create a kubeconfig file suitable for use with istioctl in a non kubernetes environment
istioctl context-create --api-server http://<ip>:<port> [flags]
# Create a config file for the api server.
istioctl context-create --api-server http://127.0.0.1:8080
--api-server string URL for Istio api server
--context string Kubernetes configuration file context name (default "istio")
-h, --help help for context-create
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Create policies and rules
Create policies and rules
istioctl create [flags]
istioctl create -f example-routing.yaml
-f, --file string Input file with the content of the configuration objects (if not set, command reads from the standard input)
-h, --help help for create
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Delete policies or rules
Delete policies or rules
istioctl delete <type> <name> [<name2> ... <nameN>] [flags]
# Delete a rule using the definition in example-routing.yaml.
istioctl delete -f example-routing.yaml
# Delete the rule productpage-default
istioctl delete routerule productpage-default
-f, --file string Input file with the content of the configuration objects (if not set, command reads from the standard input)
-h, --help help for delete
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Retrieve policies and rules
Retrieve policies and rules
istioctl get <type> [<name>] [flags]
# List all route rules
istioctl get routerules
# List all destination policies
istioctl get destinationpolicies
# Get a specific rule named productpage-default
istioctl get routerule productpage-default
-h, --help help for get
-o, --output string Output format. One of:yaml|short (default "short")
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Inject Envoy sidecar into Kubernetes pod resources
Automatic Envoy sidecar injection via k8s admission controller is not ready yet. Instead, use kube-inject to manually inject Envoy sidecar into Kubernetes resource files. Unsupported resources are left unmodified so it is safe to run kube-inject over a single file that contains multiple Service, ConfigMap, Deployment, etc. definitions for a complex application. Its best to do this when the resource is initially created.
k8s.io/docs/concepts/workloads/pods/pod-overview/#pod-templates is updated for Job, DaemonSet, ReplicaSet, and Deployment YAML resource documents. Support for additional pod-based resource types can be added as necessary.
The Istio project is continually evolving so the Istio sidecar configuration may change unannounced. When in doubt re-run istioctl kube-inject on deployments to get the most up-to-date changes.
istioctl kube-inject [flags]
# Update resources on the fly before applying.
kubectl apply -f <(istioctl kube-inject -f <resource.yaml>)
# Create a persistent version of the deployment with Envoy sidecar
# injected. This is particularly useful to understand what is
# being injected before committing to Kubernetes API server.
istioctl kube-inject -f deployment.yaml -o deployment-with-istio.yaml
# Update an existing deployment.
kubectl get deployment -o yaml | istioctl kube-inject -f - | kubectl apply -f -
--coreDump Enable/Disable core dumps in injected Envoy sidecar (--coreDump=true affects all pods in a node and should only be used the cluster admin) (default true)
--debug Use debug images and settings for the sidecar (default true)
-f, --filename string Input Kubernetes resource filename
-h, --help help for kube-inject
--hub string Docker hub (default "docker.io/istio")
--imagePullPolicy string Sets the container image pull policy. Valid options are Always,IfNotPresent,Never.The default policy is IfNotPresent. (default "IfNotPresent")
--includeIPRanges string Comma separated list of IP ranges in CIDR form. If set, only redirect outbound traffic to Envoy for IP ranges. Otherwise all outbound traffic is redirected
--meshConfigMapName string ConfigMap name for Istio mesh configuration, key should be "mesh" (default "istio")
-o, --output string Modified output Kubernetes resource filename
--setVersionString string Override version info injected into resource
--sidecarProxyUID int Envoy sidecar UID (default 1337)
--tag string Docker tag (default "c371d111adb3da6f4edf0091716380ab97087886")
--verbosity int Runtime verbosity (default 2)
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Registers a service instance (e.g. VM) joining the mesh
Registers a service instance (e.g. VM) joining the mesh
istioctl register <svcname> <ip> [name1:]port1 [name2:]port2 ... [flags]
-a, --annotations stringSlice List of string annotations to apply if creating a service/endpoint; e.g. -a foo=bar,test,x=y
-h, --help help for register
-l, --labels stringSlice List of labels to apply if creating a service/endpoint; e.g. -l env=prod,vers=2
-s, --serviceaccount string Service account to link to the service (default "default")
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Replace existing policies and rules
Replace existing policies and rules
istioctl replace [flags]
istioctl replace -f example-routing.yaml
-f, --file string Input file with the content of the configuration objects (if not set, command reads from the standard input)
-h, --help help for replace
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Display version information
Display version information
istioctl version [flags]
-h, --help help for version
-i, --istioNamespace string Istio system namespace (default "istio-system")
-c, --kubeconfig string Kubernetes configuration file (default "/home/kuat/.kube/config")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
-n, --namespace string Config namespace (default "default")
-p, --platform string Istio host platform (default "kube")
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging