pilot-agent
Istio Pilot agent runs in the sidecar or gateway container and bootstraps Envoy.
| Flags | Description |
|---|---|
--log_as_json | Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``) |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> | The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
pilot-agent proxy
Envoy proxy agent
pilot-agent proxy [flags]
| Flags | Description |
|---|---|
--applicationPorts <stringSlice> | Ports exposed by the application. Used to determine that Envoy is configured and ready to receive traffic. (default `[]`) |
--binaryPath <string> | Path to the proxy binary (default `/usr/local/bin/envoy`) |
--concurrency <int> | number of worker threads to run (default `0`) |
--configPath <string> | Path to the generated configuration file directory (default `/etc/istio/proxy`) |
--connectTimeout <duration> | Connection timeout used by Envoy for supporting services (default `1s`) |
--controlPlaneAuthPolicy <string> | Control Plane Authentication Policy (default `NONE`) |
--controlPlaneBootstrap | Process bootstrap provided via templateFile to be used by control plane components. |
--customConfigFile <string> | Path to the custom configuration file (default ``) |
--datadogAgentAddress <string> | Address of the Datadog Agent (default ``) |
--disableInternalTelemetry | Disable internal telemetry |
--discoveryAddress <string> | Address of the discovery service exposing xDS (e.g. istio-pilot:8080) (default `istio-pilot:15010`) |
--dnsRefreshRate <string> | The dns_refresh_rate for bootstrap STRICT_DNS clusters (default `300s`) |
--domain <string> | DNS domain suffix. If not provided uses ${POD_NAMESPACE}.svc.cluster.local (default ``) |
--drainDuration <duration> | The time in seconds that Envoy will drain connections during a hot restart (default `45s`) |
--envoyMetricsServiceAddress <string> | Host and Port of an Envoy Metrics Service API implementation (e.g. metrics-service:15000) (default ``) |
--id <string> | Proxy unique ID. If not provided uses ${POD_NAME}.${POD_NAMESPACE} from environment variables (default ``) |
--ip <string> | Proxy IP address. If not provided uses ${INSTANCE_IP} environment variable. (default ``) |
--lightstepAccessToken <string> | Access Token for LightStep Satellite pool (default ``) |
--lightstepAddress <string> | Address of the LightStep Satellite pool (default ``) |
--lightstepCacertPath <string> | Path to the trusted cacert used to authenticate the pool (default ``) |
--lightstepSecure | Should connection to the LightStep Satellite pool be secure |
--log_as_json | Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``) |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> | The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
--mixerIdentity <string> | The identity used as the suffix for mixer's spiffe SAN. This would only be used by pilot all other proxy would get this value from pilot (default ``) |
--parentShutdownDuration <duration> | The time in seconds that Envoy will wait before shutting down the parent process during a hot restart (default `1m0s`) |
--pilotIdentity <string> | The identity used as the suffix for pilot's spiffe SAN (default ``) |
--proxyAdminPort <uint16> | Port on which Envoy should listen for administrative commands (default `15000`) |
--proxyComponentLogLevel <string> | The component log level used to start the Envoy proxy (default `misc:error`) |
--proxyLogLevel <string> | The log level used to start the Envoy proxy (choose from {trace, debug, info, warning, error, critical, off}) (default `warning`) |
--serviceCluster <string> | Service cluster (default `istio-proxy`) |
--serviceregistry <string> | Select the platform for service registry, options are {Kubernetes, Consul, Mock} (default `Kubernetes`) |
--statsdUdpAddress <string> | IP Address and Port of a statsd UDP listener (e.g. 10.75.241.127:9125) (default ``) |
--statusPort <uint16> | HTTP Port on which to serve pilot agent status. If zero, agent status will not be provided. (default `0`) |
--templateFile <string> | Go template bootstrap config (default ``) |
--trust-domain <string> | The domain to use for identities (default ``) |
--zipkinAddress <string> | Address of the Zipkin service (e.g. zipkin:9411) (default ``) |
pilot-agent request
Makes an HTTP request to the Envoy admin API
pilot-agent request <method> <path> [<body>] [flags]
| Flags | Description |
|---|---|
--log_as_json | Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``) |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> | The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
pilot-agent version
Prints out build version information
pilot-agent version [flags]
| Flags | Shorthand | Description |
|---|---|---|
--log_as_json | Whether to format output as JSON or in plain console-friendly format | |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, default, model, rbac] (default ``) | |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | |
--log_rotate <string> | The path for the optional rotating log file (default ``) | |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | |
--output <string> | -o | One of 'yaml' or 'json'. (default ``) |
--short | -s | Displays a short form of the version information |
Environment variables
These environment variables affect the behavior of thepilot-agent command.| Variable Name | Type | Default Value | Description |
|---|---|---|---|
INSTANCE_IP | String | | |
ISTIO_BOOTSTRAP | String | | |
ISTIO_BOOTSTRAP_OVERRIDE | String | | |
ISTIO_GPRC_MAXSTREAMS | Integer | 100000 | |
ISTIO_KUBE_APP_PROBERS | String | | |
ISTIO_META_TLS_CLIENT_CERT_CHAIN | String | /etc/certs/cert-chain.pem | |
ISTIO_META_TLS_CLIENT_KEY | String | /etc/certs/key.pem | |
ISTIO_META_TLS_CLIENT_ROOT_CERT | String | /etc/certs/root-cert.pem | |
ISTIO_META_TLS_SERVER_CERT_CHAIN | String | /etc/certs/cert-chain.pem | |
ISTIO_META_TLS_SERVER_KEY | String | /etc/certs/key.pem | |
ISTIO_META_TLS_SERVER_ROOT_CERT | String | /etc/certs/root-cert.pem | |
ISTIO_NAMESPACE | String | | |
PILOT_CERT_DIR | String | | |
PILOT_DEBOUNCE_AFTER | Time Duration | 100ms | |
PILOT_DEBOUNCE_MAX | Time Duration | 10s | |
PILOT_DEBUG_ADSZ_CONFIG | Boolean | false | |
PILOT_DISABLE_EDS_ISOLATION | String | | |
PILOT_DISABLE_XDS_MARSHALING_TO_ANY | String | | |
PILOT_ENABLE_FALLTHROUGH_ROUTE | Boolean | true | EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned. |
PILOT_ENABLE_LOCALITY_LOAD_BALANCING | String | | |
PILOT_ENABLE_MYSQL_FILTER | Boolean | false | EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain. |
PILOT_ENABLE_REDIS_FILTER | Boolean | false | EnableRedisFilter enables injection of `envoy.filters.network.redis_proxy` in the filter chain. |
PILOT_ENABLE_WAIT_CACHE_SYNC | String | | |
PILOT_HTTP10 | Boolean | false | |
PILOT_INITIAL_FETCH_TIMEOUT | Time Duration | 0s | Specifies the initial_fetch_timeout for config. If this time is reached without a response to the config requested by Envoy, the Envoy will move on with the init phase. This prevents envoy from getting stuck waiting on config during startup. |
PILOT_PUSH_BURST | Integer | 100 | |
PILOT_PUSH_THROTTLE | Integer | 10 | |
PILOT_SIDECAR_USE_REMOTE_ADDRESS | Boolean | false | UseRemoteAddress sets useRemoteAddress to true for side car outbound listeners. |
PILOT_TRACE_SAMPLING | Floating-Point | 100 | |
POD_NAME | String | | |
POD_NAMESPACE | String | | |
TERMINATION_DRAIN_DURATION_SECONDS | String | | |
V2_REFRESH | Time Duration | 0s |
Annotations
These resource annotations are used by thepilot-agent command.| Annotation Name | Description |
|---|---|
policy.istio.io/check | Determines the policy for behavior when unable to connect to Mixer. If not set, FAIL_CLOSE is set, rejecting requests. |
policy.istio.io/checkBaseRetryWaitTime | Base time to wait between retries, will be adjusted by backoff and jitter. In duration format. If not set, this will be 80ms. |
policy.istio.io/checkMaxRetryWaitTime | Maximum time to wait between retries to Mixer. In duration format. If not set, this will be 1000ms. |
policy.istio.io/checkRetries | The maximum number of retries on transport errors to Mixer. If not set, this will be 0, indicating no retries. |
sidecar.istio.io/statsInclusionPrefixes | Specifies the comma separated list of prefixes of the stats to be emitted by Envoy. |
sidecar.istio.io/statsInclusionRegexps | Specifies the comma separated list of regexes the stats should match to be emitted by Envoy. |
sidecar.istio.io/statsInclusionSuffixes | Specifies the comma separated list of suffixes of the stats to be emitted by Envoy. |
Exported metrics
| Metric Name | Type | Description |
|---|