- Configuration Analysis Messages
- IST0001: InternalError
- IST0002: Deprecated
- IST0101: ReferencedResourceNotFound
- IST0102: NamespaceNotInjected
- IST0103: PodMissingProxy
- IST0104: GatewayPortNotOnWorkload
- IST0105: IstioProxyImageMismatch
- IST0106: SchemaValidationError
- IST0107: MisplacedAnnotation
- IST0108: UnknownAnnotation
- IST0109: ConflictingMeshGatewayVirtualServiceHosts
- IST0110: ConflictingSidecarWorkloadSelectors
- IST0111: MultipleSidecarsWithoutWorkloadSelectors
- IST0112: VirtualServiceDestinationPortSelectorRequired
- IST0113: MTLSPolicyConflict
- IST0114: PolicySpecifiesPortNameThatDoesntExist
- IST0115: DestinationRuleUsesMTLSForWorkloadWithoutSidecar
- IST0116: DeploymentAssociatedToMultipleServices
- IST0117: DeploymentRequiresServiceAssociated
- IST0118: PortNameIsNotUnderNamingConvention
- IST0119: JwtFailureDueToInvalidServicePortPrefix
- IST0120: PolicyResourceIsDeprecated
- IST0121: MeshPolicyResourceIsDeprecated
- IST0122: InvalidRegexp
- IST0123: NamespaceMultipleInjectionLabels
- IST0125: InvalidAnnotation
- IST0126: UnknownMeshNetworksServiceRegistry
- IST0127: NoMatchingWorkloadsFound
- IST0128: NoServerCertificateVerificationDestinationLevel
- IST0129: NoServerCertificateVerificationPortLevel
Configuration Analysis Messages
istioctl
provides rich analysis of Istio configuration state in order to identity invalid or suboptimal configurations. Here’s is a list of the distinct possible error or warning messages produced by this analysis.
IST0001: InternalError
There was an internal error in the toolchain. This is almost always a bug in the implementation.
IST0002: Deprecated
A feature that the configuration is depending on is now deprecated.
IST0101: ReferencedResourceNotFound
A resource being referenced does not exist.
IST0102: NamespaceNotInjected
A namespace is not enabled for Istio injection.
IST0103: PodMissingProxy
A pod is missing the Istio proxy.
IST0104: GatewayPortNotOnWorkload
Unhandled gateway port
IST0105: IstioProxyImageMismatch
The image of the Istio proxy running on the pod does not match the image defined in the injection configuration.
IST0106: SchemaValidationError
The resource has a schema validation error.
IST0107: MisplacedAnnotation
An Istio annotation is applied to the wrong kind of resource.
IST0108: UnknownAnnotation
An Istio annotation is not recognized for any kind of resource
IST0109: ConflictingMeshGatewayVirtualServiceHosts
Conflicting hosts on VirtualServices associated with mesh gateway
IST0110: ConflictingSidecarWorkloadSelectors
A Sidecar resource selects the same workloads as another Sidecar resource
IST0111: MultipleSidecarsWithoutWorkloadSelectors
More than one sidecar resource in a namespace has no workload selector
IST0112: VirtualServiceDestinationPortSelectorRequired
A VirtualService routes to a service with more than one port exposed, but does not specify which to use.
IST0113: MTLSPolicyConflict
A DestinationRule and Policy are in conflict with regards to mTLS.
IST0114: PolicySpecifiesPortNameThatDoesntExist
A Policy targets a port name that cannot be found.
IST0115: DestinationRuleUsesMTLSForWorkloadWithoutSidecar
A DestinationRule uses mTLS for a workload that has no sidecar.
IST0116: DeploymentAssociatedToMultipleServices
The resulting pods of a service mesh deployment can’t be associated with multiple services using the same port but different protocols.
IST0117: DeploymentRequiresServiceAssociated
The resulting pods of a service mesh deployment must be associated with at least one service.
IST0118: PortNameIsNotUnderNamingConvention
Port name is not under naming convention. Protocol detection is applied to the port.
IST0119: JwtFailureDueToInvalidServicePortPrefix
Authentication policy with JWT targets Service with invalid port specification.
IST0120: PolicyResourceIsDeprecated
The Policy resource is deprecated and will be removed in a future Istio release. Migrate to the PeerAuthentication resource.
IST0121: MeshPolicyResourceIsDeprecated
The MeshPolicy resource is deprecated and will be removed in a future Istio release. Migrate to the PeerAuthentication resource.
IST0122: InvalidRegexp
Invalid Regex
IST0123: NamespaceMultipleInjectionLabels
A namespace has both new and legacy injection labels
IST0125: InvalidAnnotation
An Istio annotation that is not valid
IST0126: UnknownMeshNetworksServiceRegistry
A service registry in Mesh Networks is unknown
IST0127: NoMatchingWorkloadsFound
There aren’t workloads matching the resource labels
IST0128: NoServerCertificateVerificationDestinationLevel
No caCertificates are set in DestinationRule, this results in no verification of presented server certificate.
IST0129: NoServerCertificateVerificationPortLevel
No caCertificates are set in DestinationRule, this results in no verification of presented server certificate for traffic to a given port.