pilot-discovery
Istio Pilot provides fleet-wide traffic management capabilities in the Istio Service Mesh.
| Flags | Description |
|---|---|
--ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default `9876`) |
--keepaliveInterval <duration> | The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`) |
--keepaliveMaxServerConnectionAge <duration> | Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`) |
--keepaliveTimeout <duration> | After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`) |
--log_as_json | Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, default, mcp, model, rbac] (default ``) |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> | The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
pilot-discovery discovery
Start Istio proxy discovery service.
pilot-discovery discovery [flags]
| Flags | Shorthand | Description |
|---|---|---|
--appNamespace <string> | -a | Restrict the applications namespace the controller manages; if not set, controller watches all namespaces (default ``) |
--clusterRegistriesNamespace <string> | Namespace for ConfigMap which stores clusters configs (default ``) | |
--configDir <string> | Directory to watch for updates to config yaml files. If specified, the files will be used as the source of config, rather than a CRD client. (default ``) | |
--consulserverInterval <duration> | Interval (in seconds) for polling the Consul service registry (default `2s`) | |
--consulserverURL <string> | URL for the Consul server (default ``) | |
--ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | |
--ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default `9876`) | |
--disable-install-crds | Disable discovery service from verifying the existence of CRDs at startup and then installing if not detected. It is recommended to be disable for highly available setups. | |
--discoveryCache | Enable caching discovery service responses | |
--domain <string> | DNS domain suffix (default `cluster.local`) | |
--grpcAddr <string> | Discovery service grpc address (default `:15010`) | |
--httpAddr <string> | Discovery service HTTP address (default `:8080`) | |
--keepaliveInterval <duration> | The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`) | |
--keepaliveMaxServerConnectionAge <duration> | Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`) | |
--keepaliveTimeout <duration> | After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`) | |
--kubeconfig <string> | Use a Kubernetes configuration file instead of in-cluster configuration (default ``) | |
--log_as_json | Whether to format output as JSON or in plain console-friendly format | |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, default, mcp, model, rbac] (default ``) | |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | |
--log_rotate <string> | The path for the optional rotating log file (default ``) | |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | |
--mcpInitialConnWindowSize <int> | Max message size received by MCP's grpc client (default `1048576`) | |
--mcpInitialWindowSize <int> | Max message size received by MCP's grpc client (default `1048576`) | |
--mcpMaxMsgSize <int> | Max message size received by MCP's grpc client (default `4194304`) | |
--meshConfig <string> | File name for Istio mesh configuration. If not specified, a default mesh will be used. (default `/etc/istio/config/mesh`) | |
--monitoringAddr <string> | HTTP address to use for pilot's self-monitoring information (default `:15014`) | |
--namespace <string> | -n | Select a namespace where the controller resides. If not set, uses ${POD_NAMESPACE} environment variable (default ``) |
--networksConfig <string> | File name for Istio mesh networks configuration. If not specified, a default mesh networks will be used. (default `/etc/istio/config/meshNetworks`) | |
--plugins <stringSlice> | comma separated list of networking plugins to enable (default `[authn,authz,health,mixer]`) | |
--profile | Enable profiling via web interface host:port/debug/pprof | |
--registries <stringSlice> | Comma separated list of platform service registries to read from (choose one or more from {Kubernetes, Consul, MCP, Mock}) (default `[Kubernetes]`) | |
--resync <duration> | Controller resync interval (default `1m0s`) | |
--secureGrpcAddr <string> | Discovery service grpc address, with https (default `:15012`) | |
--trust-domain <string> | The domain serves to identify the system with spiffe (default ``) |
pilot-discovery request
Makes an HTTP request to Pilot metrics/debug endpoint
pilot-discovery request <method> <path> [<body>] [flags]
| Flags | Description |
|---|---|
--ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) |
--ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default `9876`) |
--keepaliveInterval <duration> | The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`) |
--keepaliveMaxServerConnectionAge <duration> | Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`) |
--keepaliveTimeout <duration> | After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`) |
--log_as_json | Whether to format output as JSON or in plain console-friendly format |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, default, mcp, model, rbac] (default ``) |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) |
--log_rotate <string> | The path for the optional rotating log file (default ``) |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) |
pilot-discovery version
Prints out build version information
pilot-discovery version [flags]
| Flags | Shorthand | Description |
|---|---|---|
--ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`) | |
--ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default `9876`) | |
--keepaliveInterval <duration> | The time interval if no activity on the connection it pings the peer to see if the transport is alive (default `30s`) | |
--keepaliveMaxServerConnectionAge <duration> | Maximum duration a connection will be kept open on the server before a graceful close. (default `2562047h47m16.854775807s`) | |
--keepaliveTimeout <duration> | After having pinged for keepalive check, the client/server waits for a duration of keepaliveTimeout and if no activity is seen even after that the connection is closed. (default `10s`) | |
--log_as_json | Whether to format output as JSON or in plain console-friendly format | |
--log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, all, default, mcp, model, rbac] (default ``) | |
--log_output_level <string> | Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`) | |
--log_rotate <string> | The path for the optional rotating log file (default ``) | |
--log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`) | |
--log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`) | |
--log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`) | |
--log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, all, default, mcp, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) | |
--log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`) | |
--output <string> | -o | One of 'yaml' or 'json'. (default ``) |
--short | -s | Displays a short form of the version information |
Environment variables
These environment variables affect the behavior of thepilot-discovery command.| Variable Name | Type | Default Value | Description |
|---|---|---|---|
ISTIO_BOOTSTRAP | String | | |
ISTIO_BOOTSTRAP_OVERRIDE | String | | |
ISTIO_GPRC_MAXSTREAMS | Integer | 100000 | |
K8S_INGRESS_NS | String | | |
PILOT_CERT_DIR | String | | |
PILOT_DEBOUNCE_AFTER | Time Duration | 100ms | |
PILOT_DEBOUNCE_MAX | Time Duration | 10s | |
PILOT_DEBUG_ADSZ_CONFIG | Boolean | false | |
PILOT_DISABLE_EDS_ISOLATION | String | | |
PILOT_DISABLE_XDS_MARSHALING_TO_ANY | String | | |
PILOT_ENABLE_FALLTHROUGH_ROUTE | Boolean | true | EnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned. |
PILOT_ENABLE_LOCALITY_LOAD_BALANCING | String | | |
PILOT_ENABLE_MYSQL_FILTER | Boolean | false | EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain. |
PILOT_ENABLE_REDIS_FILTER | Boolean | false | EnableRedisFilter enables injection of `envoy.filters.network.redis_proxy` in the filter chain. |
PILOT_ENABLE_WAIT_CACHE_SYNC | String | | |
PILOT_HTTP10 | Boolean | false | |
PILOT_INITIAL_FETCH_TIMEOUT | Time Duration | 0s | Specifies the initial_fetch_timeout for config. If this time is reached without a response to the config requested by Envoy, the Envoy will move on with the init phase. This prevents envoy from getting stuck waiting on config during startup. |
PILOT_PUSH_BURST | Integer | 100 | |
PILOT_PUSH_THROTTLE | Integer | 10 | |
PILOT_SIDECAR_USE_REMOTE_ADDRESS | Boolean | false | UseRemoteAddress sets useRemoteAddress to true for side car outbound listeners. |
PILOT_TRACE_SAMPLING | Floating-Point | 100 | |
POD_NAME | String | | |
POD_NAMESPACE | String | | |
ProxyInboundListenPort | Integer | 15006 | |
TERMINATION_DRAIN_DURATION_SECONDS | String | | |
V2_REFRESH | Time Duration | 0s |
Annotations
These resource annotations are used by thepilot-discovery command.| Annotation Name | Description |
|---|---|
policy.istio.io/check | Determines the policy for behavior when unable to connect to Mixer. If not set, FAIL_CLOSE is set, rejecting requests. |
policy.istio.io/checkBaseRetryWaitTime | Base time to wait between retries, will be adjusted by backoff and jitter. In duration format. If not set, this will be 80ms. |
policy.istio.io/checkMaxRetryWaitTime | Maximum time to wait between retries to Mixer. In duration format. If not set, this will be 1000ms. |
policy.istio.io/checkRetries | The maximum number of retries on transport errors to Mixer. If not set, this will be 0, indicating no retries. |
sidecar.istio.io/statsInclusionPrefixes | Specifies the comma separated list of prefixes of the stats to be emitted by Envoy. |
sidecar.istio.io/statsInclusionRegexps | Specifies the comma separated list of regexes the stats should match to be emitted by Envoy. |
sidecar.istio.io/statsInclusionSuffixes | Specifies the comma separated list of suffixes of the stats to be emitted by Envoy. |
Exported metrics
| Metric Name | Type | Description |
|---|