Resource Annotations
This page presents the various resource annotations that Istio supports to control its behavior.
galley.istio.io/analyze-suppress
Name | galley.istio.io/analyze-suppress |
---|
Feature Status | Alpha |
---|
Resource Types | [Any] |
---|
Description | A comma separated list of configuration analysis message codes to suppress when Istio analyzers are run. For example, to suppress reporting of IST0103 (PodMissingProxy) and IST0108 (UnknownAnnotation) on a resource, apply the annotation ‘galley.istio.io/analyze-suppress=IST0108,IST0103’. If the value is ‘*’, then all configuration analysis messages are suppressed. |
---|
inject.istio.io/templates
install.operator.istio.io/chart-owner
Name | install.operator.istio.io/chart-owner |
---|
Feature Status | Alpha |
---|
Resource Types | [Any] |
---|
Description | Represents the name of the chart used to create this resource. |
---|
install.operator.istio.io/owner-generation
Name | install.operator.istio.io/owner-generation |
---|
Feature Status | Alpha |
---|
Resource Types | [Any] |
---|
Description | Represents the generation to which the resource was last reconciled. |
---|
install.operator.istio.io/version
Name | install.operator.istio.io/version |
---|
Feature Status | Alpha |
---|
Resource Types | [Any] |
---|
Description | Represents the Istio version associated with the resource |
---|
istio.io/dry-run
istio.io/rev
Name | istio.io/rev |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies a control plane revision to which a given proxy is connected. This annotation is added automatically, not set by a user. In contrary to the label istio.io/rev, it represents the actual revision, not the requested revision. |
---|
kubernetes.io/ingress.class
Name | kubernetes.io/ingress.class |
---|
Feature Status | Stable |
---|
Resource Types | [Ingress] |
---|
Description | Annotation on an Ingress resources denoting the class of controllers responsible for it. |
---|
networking.istio.io/exportTo
Name | networking.istio.io/exportTo |
---|
Feature Status | Alpha |
---|
Resource Types | [Service] |
---|
Description | Specifies the namespaces to which this service should be exported to. A value of ‘*’ indicates it is reachable within the mesh ‘.’ indicates it is reachable within its namespace. |
---|
prometheus.istio.io/merge-metrics
Name | prometheus.istio.io/merge-metrics |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies if application Prometheus metric will be merged with Envoy metrics for this workload. |
---|
proxy.istio.io/config
readiness.status.sidecar.istio.io/applicationPorts
Name | readiness.status.sidecar.istio.io/applicationPorts |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the list of ports exposed by the application container. Used by the Envoy sidecar readiness probe to determine that Envoy is configured and ready to receive traffic. |
---|
readiness.status.sidecar.istio.io/failureThreshold
Name | readiness.status.sidecar.istio.io/failureThreshold |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the failure threshold for the Envoy sidecar readiness probe. |
---|
readiness.status.sidecar.istio.io/initialDelaySeconds
Name | readiness.status.sidecar.istio.io/initialDelaySeconds |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the initial delay (in seconds) for the Envoy sidecar readiness probe. |
---|
readiness.status.sidecar.istio.io/periodSeconds
Name | readiness.status.sidecar.istio.io/periodSeconds |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the period (in seconds) for the Envoy sidecar readiness probe. |
---|
sidecar.istio.io/agentLogLevel
Name | sidecar.istio.io/agentLogLevel |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the log output level for pilot-agent. |
---|
sidecar.istio.io/bootstrapOverride
Name | sidecar.istio.io/bootstrapOverride |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies an alternative Envoy bootstrap configuration file. |
---|
sidecar.istio.io/componentLogLevel
Name | sidecar.istio.io/componentLogLevel |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the component log level for Envoy. |
---|
sidecar.istio.io/controlPlaneAuthPolicy
Name | sidecar.istio.io/controlPlaneAuthPolicy |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | Specifies the auth policy used by the Istio control plane. If NONE, traffic will not be encrypted. If MUTUAL_TLS, traffic between Envoy sidecar will be wrapped into mutual TLS connections. |
---|
sidecar.istio.io/discoveryAddress
Name | sidecar.istio.io/discoveryAddress |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | Specifies the XDS discovery address to be used by the Envoy sidecar. |
---|
sidecar.istio.io/enableCoreDump
Name | sidecar.istio.io/enableCoreDump |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies whether or not an Envoy sidecar should enable core dump. |
---|
Name | sidecar.istio.io/extraStatTags |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | An additional list of tags to extract from the in-proxy Istio Wasm telemetry. Each additional tag needs to be present in this list. |
---|
sidecar.istio.io/inject
Name | sidecar.istio.io/inject |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | Specifies whether or not an Envoy sidecar should be automatically injected into the workload. Deprecated in favor of sidecar.istio.io/inject label. |
---|
sidecar.istio.io/interceptionMode
Name | sidecar.istio.io/interceptionMode |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the mode used to redirect inbound connections to Envoy (REDIRECT or TPROXY). |
---|
sidecar.istio.io/logLevel
Name | sidecar.istio.io/logLevel |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the log level for Envoy. |
---|
sidecar.istio.io/proxyCPU
Name | sidecar.istio.io/proxyCPU |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the requested CPU setting for the Envoy sidecar. |
---|
sidecar.istio.io/proxyCPULimit
Name | sidecar.istio.io/proxyCPULimit |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the CPU limit for the Envoy sidecar. |
---|
sidecar.istio.io/proxyImage
Name | sidecar.istio.io/proxyImage |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the Docker image to be used by the Envoy sidecar. |
---|
sidecar.istio.io/proxyImageType
Name | sidecar.istio.io/proxyImageType |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the Docker image type to be used by the Envoy sidecar. Istio publishes debug and distroless image types for every release tag. |
---|
sidecar.istio.io/proxyMemory
Name | sidecar.istio.io/proxyMemory |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the requested memory setting for the Envoy sidecar. |
---|
sidecar.istio.io/proxyMemoryLimit
Name | sidecar.istio.io/proxyMemoryLimit |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the memory limit for the Envoy sidecar. |
---|
sidecar.istio.io/rewriteAppHTTPProbers
Name | sidecar.istio.io/rewriteAppHTTPProbers |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Rewrite HTTP readiness and liveness probes to be redirected to the Envoy sidecar. |
---|
sidecar.istio.io/statsHistogramBuckets
Name | sidecar.istio.io/statsHistogramBuckets |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the custom histogram buckets with a prefix matcher to separate the Istio mesh metrics from the Envoy stats, e.g. {"istiocustom":[1,5,10,50,100,500,1000,5000,10000],"cluster.xds-grpc":[1,5,10,25,50,100,250,500,1000,2500,5000,10000]} . Default buckets are [0.5,1,5,10,25,50,100,250,500,1000,2500,5000,10000,30000,60000,300000,600000,1800000,3600000] . |
---|
sidecar.istio.io/statsInclusionPrefixes
Name | sidecar.istio.io/statsInclusionPrefixes |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | Specifies the comma separated list of prefixes of the stats to be emitted by Envoy. |
---|
sidecar.istio.io/statsInclusionRegexps
Name | sidecar.istio.io/statsInclusionRegexps |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | Specifies the comma separated list of regexes the stats should match to be emitted by Envoy. |
---|
sidecar.istio.io/statsInclusionSuffixes
Name | sidecar.istio.io/statsInclusionSuffixes |
---|
Feature Status | Deprecated |
---|
Resource Types | [Pod] |
---|
Description | Specifies the comma separated list of suffixes of the stats to be emitted by Envoy. |
---|
sidecar.istio.io/status
Name | sidecar.istio.io/status |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Generated by Envoy sidecar injection that indicates the status of the operation. Includes a version hash of the executed template, as well as names of injected resources. |
---|
sidecar.istio.io/userVolume
Name | sidecar.istio.io/userVolume |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies one or more user volumes (as a JSON array) to be added to the Envoy sidecar. |
---|
sidecar.istio.io/userVolumeMount
Name | sidecar.istio.io/userVolumeMount |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies one or more user volume mounts (as a JSON array) to be added to the Envoy sidecar. |
---|
status.sidecar.istio.io/port
Name | status.sidecar.istio.io/port |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | Specifies the HTTP status Port for the Envoy sidecar. If zero, the sidecar will not provide status. |
---|
topology.istio.io/controlPlaneClusters
Name | topology.istio.io/controlPlaneClusters |
---|
Feature Status | Alpha |
---|
Resource Types | [Namespace] |
---|
Description | A comma-separated list of clusters (or * for any) running istiod that should attempt leader election for a remote cluster thats system namespace includes this annotation. Istiod will not attempt to lead unannotated remote clusters. |
---|
traffic.istio.io/nodeSelector
Name | traffic.istio.io/nodeSelector |
---|
Feature Status | Stable |
---|
Resource Types | [Service] |
---|
Description | This annotation is a set of node-labels (key1=value,key2=value). If the annotated Service is of type NodePort and is a multi-network gateway (see topology.istio.io/network), the addresses for selected nodes will be used for cross-network communication. |
---|
traffic.sidecar.istio.io/excludeInboundPorts
Name | traffic.sidecar.istio.io/excludeInboundPorts |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of inbound ports to be excluded from redirection to Envoy. Only applies when all inbound traffic (i.e. ‘*’) is being redirected. |
---|
traffic.sidecar.istio.io/excludeInterfaces
Name | traffic.sidecar.istio.io/excludeInterfaces |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of interfaces to be excluded from Istio traffic capture |
---|
traffic.sidecar.istio.io/excludeOutboundIPRanges
Name | traffic.sidecar.istio.io/excludeOutboundIPRanges |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of IP ranges in CIDR form to be excluded from redirection. Only applies when all outbound traffic (i.e. ‘*’) is being redirected. |
---|
traffic.sidecar.istio.io/excludeOutboundPorts
Name | traffic.sidecar.istio.io/excludeOutboundPorts |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of outbound ports to be excluded from redirection to Envoy. |
---|
traffic.sidecar.istio.io/includeInboundPorts
Name | traffic.sidecar.istio.io/includeInboundPorts |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of inbound ports for which traffic is to be redirected to Envoy. The wildcard character ‘*’ can be used to configure redirection for all ports. An empty list will disable all inbound redirection. |
---|
traffic.sidecar.istio.io/includeOutboundIPRanges
Name | traffic.sidecar.istio.io/includeOutboundIPRanges |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of IP ranges in CIDR form to redirect to Envoy (optional). The wildcard character ‘*’ can be used to redirect all outbound traffic. An empty list will disable all outbound redirection. |
---|
traffic.sidecar.istio.io/includeOutboundPorts
Name | traffic.sidecar.istio.io/includeOutboundPorts |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of outbound ports for which traffic is to be redirected to Envoy, regardless of the destination IP. |
---|
traffic.sidecar.istio.io/kubevirtInterfaces
Name | traffic.sidecar.istio.io/kubevirtInterfaces |
---|
Feature Status | Alpha |
---|
Resource Types | [Pod] |
---|
Description | A comma separated list of virtual interfaces whose inbound traffic (from VM) will be treated as outbound. |
---|