Resource Annotations

This page presents the various resource annotations that Istio supports to control its behavior.

Annotation NameFeature StatusResource TypesDescription
galley.istio.io/analyze-suppressAlpha[Any]A comma separated list of configuration analysis message codes to suppress when Istio analyzers are run. For example, to suppress reporting of IST0103 (PodMissingProxy) and IST0108 (UnknownAnnotation) on a resource, apply the annotation 'galley.istio.io/analyze-suppress=IST0108,IST0103'. If the value is '*', then all configuration analysis messages are suppressed.
inject.istio.io/templatesAlpha[Pod]The name of the inject template(s) to use, as a comma separate list. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental for more information.
install.operator.istio.io/chart-ownerAlpha[Any]Represents the name of the chart used to create this resource.
install.operator.istio.io/owner-generationAlpha[Any]Represents the generation to which the resource was last reconciled.
install.operator.istio.io/versionAlpha[Any]Represents the Istio version associated with the resource
istio.io/dry-runAlpha[AuthorizationPolicy]Specifies whether or not the given resource is in dry-run mode. See https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/ for more information.
kubernetes.io/ingress.classStable[Ingress]Annotation on an Ingress resources denoting the class of controllers responsible for it.
networking.istio.io/exportToAlpha[Service]Specifies the namespaces to which this service should be exported to. A value of '*' indicates it is reachable within the mesh '.' indicates it is reachable within its namespace.
prometheus.istio.io/merge-metricsAlpha[Pod]Specifies if application Prometheus metric will be merged with Envoy metrics for this workload.
proxy.istio.io/configBeta[Pod]Overrides for the proxy configuration for this specific proxy. Available options can be found at https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig.
readiness.status.sidecar.istio.io/applicationPortsAlpha[Pod]Specifies the list of ports exposed by the application container. Used by the Envoy sidecar readiness probe to determine that Envoy is configured and ready to receive traffic.
readiness.status.sidecar.istio.io/failureThresholdAlpha[Pod]Specifies the failure threshold for the Envoy sidecar readiness probe.
readiness.status.sidecar.istio.io/initialDelaySecondsAlpha[Pod]Specifies the initial delay (in seconds) for the Envoy sidecar readiness probe.
readiness.status.sidecar.istio.io/periodSecondsAlpha[Pod]Specifies the period (in seconds) for the Envoy sidecar readiness probe.
sidecar.istio.io/agentLogLevelAlpha[Pod]Specifies the log output level for pilot-agent.
sidecar.istio.io/bootstrapOverrideAlpha[Pod]Specifies an alternative Envoy bootstrap configuration file.
sidecar.istio.io/componentLogLevelAlpha[Pod]Specifies the component log level for Envoy.
sidecar.istio.io/controlPlaneAuthPolicyDeprecated[Pod]Specifies the auth policy used by the Istio control plane. If NONE, traffic will not be encrypted. If MUTUAL_TLS, traffic between Envoy sidecar will be wrapped into mutual TLS connections.
sidecar.istio.io/discoveryAddressDeprecated[Pod]Specifies the XDS discovery address to be used by the Envoy sidecar.
sidecar.istio.io/enableCoreDumpAlpha[Pod]Specifies whether or not an Envoy sidecar should enable core dump.
sidecar.istio.io/extraStatTagsAlpha[Pod]An additional list of tags to extract from the in-proxy Istio telemetry. each additional tag needs to be present in this list.
sidecar.istio.io/injectDeprecated[Pod]Specifies whether or not an Envoy sidecar should be automatically injected into the workload.
sidecar.istio.io/interceptionModeAlpha[Pod]Specifies the mode used to redirect inbound connections to Envoy (REDIRECT or TPROXY).
sidecar.istio.io/logLevelAlpha[Pod]Specifies the log level for Envoy.
sidecar.istio.io/proxyCPUAlpha[Pod]Specifies the requested CPU setting for the Envoy sidecar.
sidecar.istio.io/proxyCPULimitAlpha[Pod]Specifies the CPU limit for the Envoy sidecar.
sidecar.istio.io/proxyImageAlpha[Pod]Specifies the Docker image to be used by the Envoy sidecar.
sidecar.istio.io/proxyImageTypeAlpha[Pod]Specifies the Docker image type to be used by the Envoy sidecar. Istio publishes debug and distroless image types for every release tag.
sidecar.istio.io/proxyMemoryAlpha[Pod]Specifies the requested memory setting for the Envoy sidecar.
sidecar.istio.io/proxyMemoryLimitAlpha[Pod]Specifies the memory limit for the Envoy sidecar.
sidecar.istio.io/rewriteAppHTTPProbersAlpha[Pod]Rewrite HTTP readiness and liveness probes to be redirected to the Envoy sidecar.
sidecar.istio.io/statsInclusionPrefixesDeprecated[Pod]Specifies the comma separated list of prefixes of the stats to be emitted by Envoy.
sidecar.istio.io/statsInclusionRegexpsDeprecated[Pod]Specifies the comma separated list of regexes the stats should match to be emitted by Envoy.
sidecar.istio.io/statsInclusionSuffixesDeprecated[Pod]Specifies the comma separated list of suffixes of the stats to be emitted by Envoy.
sidecar.istio.io/statusAlpha[Pod]Generated by Envoy sidecar injection that indicates the status of the operation. Includes a version hash of the executed template, as well as names of injected resources.
sidecar.istio.io/userVolumeAlpha[Pod]Specifies one or more user volumes (as a JSON array) to be added to the Envoy sidecar.
sidecar.istio.io/userVolumeMountAlpha[Pod]Specifies one or more user volume mounts (as a JSON array) to be added to the Envoy sidecar.
status.sidecar.istio.io/portAlpha[Pod]Specifies the HTTP status Port for the Envoy sidecar. If zero, the sidecar will not provide status.
topology.istio.io/controlPlaneClustersAlpha[Namespace]A comma-separated list of clusters (or * for any) running istiod that should attempt leader election for a remote cluster thats system namespace includes this annotation. Istiod will not attempt to lead unannotated remote clusters.
traffic.istio.io/nodeSelectorStable[Service]This annotation is a set of node-labels (key1=value,key2=value). If the annotated Service is of type NodePort and is a multi-network gateway (see topology.istio.io/network), the addresses for selected nodes will be used for cross-network communication.
traffic.sidecar.istio.io/excludeInboundPortsAlpha[Pod]A comma separated list of inbound ports to be excluded from redirection to Envoy. Only applies when all inbound traffic (i.e. '*') is being redirected.
traffic.sidecar.istio.io/excludeInterfacesAlpha[Pod]A comma separated list of interfaces to be excluded from Istio traffic capture
traffic.sidecar.istio.io/excludeOutboundIPRangesAlpha[Pod]A comma separated list of IP ranges in CIDR form to be excluded from redirection. Only applies when all outbound traffic (i.e. '*') is being redirected.
traffic.sidecar.istio.io/excludeOutboundPortsAlpha[Pod]A comma separated list of outbound ports to be excluded from redirection to Envoy.
traffic.sidecar.istio.io/includeInboundPortsAlpha[Pod]A comma separated list of inbound ports for which traffic is to be redirected to Envoy. The wildcard character '*' can be used to configure redirection for all ports. An empty list will disable all inbound redirection.
traffic.sidecar.istio.io/includeOutboundIPRangesAlpha[Pod]A comma separated list of IP ranges in CIDR form to redirect to Envoy (optional). The wildcard character '*' can be used to redirect all outbound traffic. An empty list will disable all outbound redirection.
traffic.sidecar.istio.io/includeOutboundPortsAlpha[Pod]A comma separated list of outbound ports for which traffic is to be redirected to Envoy, regardless of the destination IP.
traffic.sidecar.istio.io/kubevirtInterfacesAlpha[Pod]A comma separated list of virtual interfaces whose inbound traffic (from VM) will be treated as outbound.
这些信息有用吗?
Do you have any suggestions for improvement?

Thanks for your feedback!