install-cni
Install and configure Istio CNI plugin on a node, detect and repair pod which is broken by race condition.
install-cni [flags]
Flags | Description |
---|---|
—chained-cni-plugin | Whether to install CNI plugin as a chained or standalone |
—cni-conf-name <string> | Name of the CNI configuration file (default )</td></tr><tr><td><code>--cni-net-dir <string></code></td><td>Directory on the host where CNI network plugins are installed (default `/etc/cni/net.d`)</td></tr><tr><td><code>--cni-network-config <string></code></td><td>CNI configuration template as a string (default ) |
—cni-network-config-file <string> | CNI config template as a file (default )</td></tr><tr><td><code>--ctrlz_address <string></code></td><td>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)</td></tr><tr><td><code>--ctrlz_port <uint16></code></td><td>The IP port to use for the ControlZ introspection facility (default `9876`)</td></tr><tr><td><code>--kube-ca-file <string></code></td><td>CA file for kubeconfig. Defaults to the same as install-cni pod (default ) |
—kubecfg-file-name <string> | Name of the kubeconfig file which CNI plugin will use when interacting with API server (default ZZZ-istio-cni-kubeconfig ) |
—kubeconfig-mode <int> | File mode of the kubeconfig file (default 384 ) |
—log-level <string> | Fallback value for log level in CNI config file, if not specified in helm template (default warn ) |
—log-uds-address <string> | The UDS server address which CNI plugin will copy log ouptut to (default /var/run/istio-cni/log.sock ) |
—log_as_json | Whether to format output as JSON or in plain console-friendly format |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td>The path for the optional rotating log file (default ) |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) |
—monitoring-port <int> | HTTP port to serve prometheus metrics (default 15014 ) |
—mounted-cni-net-dir <string> | Directory on the container where CNI networks are installed (default /host/etc/cni/net.d ) |
—repair-broken-pod-label-key <string> | The key portion of the label which will be set by the ace repair if label pods is true (default cni.istio.io/uninitialized ) |
—repair-broken-pod-label-value <string> | The value portion of the label which will be set by the race repair if label pods is true (default true ) |
—repair-delete-pods | Controller will delete pods when detecting pod broken by race condition |
—repair-enabled | Whether to enable race condition repair or not |
—repair-field-selectors <string> | A set of field selectors in label=value format that will be added to the pod list filters (default )</td></tr><tr><td><code>--repair-init-container-exit-code <int></code></td><td>Expected exit code for the init container when crash-looping because of CNI misconfiguration (default `126`)</td></tr><tr><td><code>--repair-init-container-name <string></code></td><td>The name of the istio init container (will crash-loop if CNI is not configured for the pod) (default `istio-validation`)</td></tr><tr><td><code>--repair-init-container-termination-message <string></code></td><td>The expected termination message for the init container when crash-looping because of CNI misconfiguration (default ) |
—repair-label-pods | Controller will label pods when detecting pod broken by race condition |
—repair-label-selectors <string> | A set of label selectors in label=value format that will be added to the pod list filters (default )</td></tr><tr><td><code>--repair-node-name <string></code></td><td>The name of the managed node (will manage all nodes if unset) (default ) |
—repair-run-as-daemon | Controller will run in a loop |
—repair-sidecar-annotation <string> | An annotation key that indicates this pod contains an istio sidecar. All pods without this annotation will be ignored.The value of the annotation is ignored. (default sidecar.istio.io/status ) |
—skip-cni-binaries <istio-cni> | Binaries that should not be installed. Currently Istio only installs one binary istio-cni (default [] ) |
—skip-tls-verify | Whether to use insecure TLS in kubeconfig file |
—update-cni-binaries | Whether to refresh existing binaries when installing CNI |
install-cni completion
Generate the autocompletion script for install-cni for the specified shell. See each sub-command’s help for details on how to use the generated script.
Flags | Description |
---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use ‘*’ to indicate all addresses. (default localhost ) |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876 ) |
—log_as_json | Whether to format output as JSON or in plain console-friendly format |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td>The path for the optional rotating log file (default ) |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) |
install-cni completion bash
Generate the autocompletion script for the bash shell.
This script depends on the ‘bash-completion’ package. If it is not installed already, you can install it via your OS’s package manager.
To load completions in your current shell session: $ source <(install-cni completion bash)
To load completions for every new session, execute once: Linux: $ install-cni completion bash > /etc/bash_completion.d/install-cni MacOS: $ install-cni completion bash > /usr/local/etc/bash_completion.d/install-cni
You will need to start a new shell for this setup to take effect.
install-cni completion bash
Flags | Description |
---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use ‘*’ to indicate all addresses. (default localhost ) |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876 ) |
—log_as_json | Whether to format output as JSON or in plain console-friendly format |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td>The path for the optional rotating log file (default ) |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) |
—no-descriptions | disable completion descriptions |
install-cni completion fish
Generate the autocompletion script for the fish shell.
To load completions in your current shell session: $ install-cni completion fish | source
To load completions for every new session, execute once: $ install-cni completion fish > ~/.config/fish/completions/install-cni.fish
You will need to start a new shell for this setup to take effect.
install-cni completion fish [flags]
Flags | Description |
---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use ‘*’ to indicate all addresses. (default localhost ) |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876 ) |
—log_as_json | Whether to format output as JSON or in plain console-friendly format |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td>The path for the optional rotating log file (default ) |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) |
—no-descriptions | disable completion descriptions |
install-cni completion powershell
Generate the autocompletion script for powershell.
To load completions in your current shell session: PS C:\> install-cni completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command to your powershell profile.
install-cni completion powershell [flags]
Flags | Description |
---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use ‘*’ to indicate all addresses. (default localhost ) |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876 ) |
—log_as_json | Whether to format output as JSON or in plain console-friendly format |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td>The path for the optional rotating log file (default ) |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) |
—no-descriptions | disable completion descriptions |
install-cni completion zsh
Generate the autocompletion script for the zsh shell.
If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:
$ echo “autoload -U compinit; compinit” >> ~/.zshrc
To load completions for every new session, execute once: # Linux: $ install-cni completion zsh > “${fpath[1]}/_install-cni” # macOS: $ install-cni completion zsh > /usr/local/share/zsh/site-functions/_install-cni
You will need to start a new shell for this setup to take effect.
install-cni completion zsh [flags]
Flags | Description |
---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use ‘*’ to indicate all addresses. (default localhost ) |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876 ) |
—log_as_json | Whether to format output as JSON or in plain console-friendly format |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td>The path for the optional rotating log file (default ) |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) |
—no-descriptions | disable completion descriptions |
install-cni version
Prints out build version information
install-cni version [flags]
Flags | Shorthand | Description |
---|---|---|
—ctrlz_address <string> | The IP Address to listen on for the ControlZ introspection facility. Use ‘*’ to indicate all addresses. (default localhost ) | |
—ctrlz_port <uint16> | The IP port to use for the ControlZ introspection facility (default 9876 ) | |
—log_as_json | Whether to format output as JSON or in plain console-friendly format | |
—log_caller <string> | Comma-separated list of scopes for which to include caller information, scopes can be any of [all, cni, default, install, klog, repair] (default )</td></tr><tr><td><code>--log_output_level <string></code></td><td></td><td>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)</td></tr><tr><td><code>--log_rotate <string></code></td><td></td><td>The path for the optional rotating log file (default ) | |
—log_rotate_max_age <int> | The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default 30 ) | |
—log_rotate_max_backups <int> | The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default 1000 ) | |
—log_rotate_max_size <int> | The maximum size in megabytes of a log file beyond which the file is rotated (default 104857600 ) | |
—log_stacktrace_level <string> | Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,… where scope can be one of [all, cni, default, install, klog, repair] and level can be one of [debug, info, warn, error, fatal, none] (default default:none ) | |
—log_target <stringArray> | The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default [stdout] ) | |
—output <string> | -o | One of ‘yaml’ or ‘json’. (default ``) |
—short | -s | Use —short=false to generate full version information |
Environment variables
These environment variables affect the behavior of the install-cni
command. Please use with caution as these environment variables are experimental and can change anytime.
Variable Name | Type | Default Value | Description |
---|---|---|---|
CHAINED_CNI_PLUGIN | Boolean | true | Whether to install CNI plugin as a chained or standalone |
CNI_CONF_NAME | String |
| Name of the CNI configuration file |
CNI_NETWORK_CONFIG | String |
| CNI configuration template as a string |
CNI_NETWORK_CONFIG_FILE | String |
| CNI config template as a file |
CNI_NET_DIR | String | /etc/cni/net.d | Directory on the host where CNI network plugins are installed |
KUBECFG_FILE_NAME | String | ZZZ-istio-cni-kubeconfig | Name of the kubeconfig file which CNI plugin will use when interacting with API server |
KUBECONFIG_MODE | Integer | 384 | File mode of the kubeconfig file |
KUBE_CA_FILE | String |
| CA file for kubeconfig. Defaults to the same as install-cni pod |
LOG_LEVEL | String | warn | Fallback value for log level in CNI config file, if not specified in helm template |
LOG_UDS_ADDRESS | String | /var/run/istio-cni/log.sock | The UDS server address which CNI plugin will copy log ouptut to |
MONITORING_PORT | Integer | 15014 | HTTP port to serve prometheus metrics |
MOUNTED_CNI_NET_DIR | String | /host/etc/cni/net.d | Directory on the container where CNI networks are installed |
REPAIR_BROKEN_POD_LABEL_KEY | String | cni.istio.io/uninitialized | The key portion of the label which will be set by the ace repair if label pods is true |
REPAIR_BROKEN_POD_LABEL_VALUE | String | true | The value portion of the label which will be set by the race repair if label pods is true |
REPAIR_DELETE_PODS | Boolean | false | Controller will delete pods when detecting pod broken by race condition |
REPAIR_ENABLED | Boolean | true | Whether to enable race condition repair or not |
REPAIR_FIELD_SELECTORS | String |
| A set of field selectors in label=value format that will be added to the pod list filters |
REPAIR_INIT_CONTAINER_EXIT_CODE | Integer | 126 | Expected exit code for the init container when crash-looping because of CNI misconfiguration |
REPAIR_INIT_CONTAINER_NAME | String | istio-validation | The name of the istio init container (will crash-loop if CNI is not configured for the pod) |
REPAIR_INIT_CONTAINER_TERMINATION_MESSAGE | String |
| The expected termination message for the init container when crash-looping because of CNI misconfiguration |
REPAIR_LABEL_PODS | Boolean | false | Controller will label pods when detecting pod broken by race condition |
REPAIR_LABEL_SELECTORS | String |
| A set of label selectors in label=value format that will be added to the pod list filters |
REPAIR_NODE_NAME | String |
| The name of the managed node (will manage all nodes if unset) |
REPAIR_RUN_AS_DAEMON | Boolean | false | Controller will run in a loop |
REPAIR_SIDECAR_ANNOTATION | String | sidecar.istio.io/status | An annotation key that indicates this pod contains an istio sidecar. All pods without this annotation will be ignored.The value of the annotation is ignored. |
SKIP_CNI_BINARIES | String |
| Binaries that should not be installed. Currently Istio only installs one binary istio-cni |
SKIP_TLS_VERIFY | Boolean | false | Whether to use insecure TLS in kubeconfig file |
UPDATE_CNI_BINARIES | Boolean | true | Whether to refresh existing binaries when installing CNI |
Exported metrics
Metric Name | Type | Description |
---|---|---|
istio_build | LastValue | Istio component build info |
istio_cni_install_ready | LastValue | Whether the CNI plugin installation is ready or not |
istio_cni_installs_total | Sum | Total number of CNI plugins installed by the Istio CNI installer |
istio_cni_repair_pods_repaired_total | Sum | Total number of pods repaired by repair controller |