Istio API Resources #
kubectl api-resources
25 个 Istio CRD:
- adapter
- attributemanifest
- describes a set of Attributes produced by some component of an Istio deployment.
- handler
- HTTPAPISpecBinding
- HTTPAPISpec
- instance
- QuotaSpecBinding
- QuotaSpec
- rule
- template
- IstioOperator
- defines the desired installed state of Istio components
- DestinationRule
- defines policies that apply to traffic intended for a service after routing has occurred.
- EnvoyFilter
- provides a mechanism to customize the Envoy configuration generated by Istio Pilot.
- Gateway
- describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.
- ServiceEntry
- Sidecar
- VirtualService
- Configuration affecting traffic routing.
- WorkloadEntry
- enables operators to describe the properties of a single non-Kubernetes workload such as a VM or a bare metal server as it is onboarded into the mesh.
- ClusterRbacConfig
- RbacConfig
- ServiceRoleBinding
- ServiceRole
- AuthorizationPolicy
- PeerAuthentication
- RequestAuthentication
相比于 1.4.6
- 多了
- IstioOperator
- WorkloadEntry
- 少了
- MeshPolicy
- Policy
| NAME | SHORTNAMES | APIGROUP | NAMESPACED | KIND | 定义代码 | 备注 |
|---|---|---|---|---|---|---|
| bindings | true | Binding | ||||
| componentstatuses | cs | false | ComponentStatus | |||
| configmaps | cm | true | ConfigMap | |||
| endpoints | ep | true | Endpoints | |||
| events | ev | true | Event | |||
| limitranges | limits | true | LimitRange | |||
| namespaces | ns | false | Namespace | |||
| nodes | no | false | Node | |||
| persistentvolumeclaims | pvc | true | PersistentVolumeClaim | |||
| persistentvolumes | pv | false | PersistentVolume | |||
| pods | po | true | Pod | |||
| podtemplates | true | PodTemplate | ||||
| replicationcontrollers | rc | true | ReplicationController | |||
| resourcequotas | quota | true | ResourceQuota | |||
| secrets | true | Secret | ||||
| serviceaccounts | sa | true | ServiceAccount | |||
| services | svc | true | Service | |||
| mutatingwebhookconfigurations | admissionregistration.k8s.io | false | MutatingWebhookConfiguration | |||
| validatingwebhookconfigurations | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration | |||
| customresourcedefinitions | crd,crds | apiextensions.k8s.io | false | CustomResourceDefinition | ||
| apiservices | apiregistration.k8s.io | false | APIService | |||
| controllerrevisions | apps | true | ControllerRevision | |||
| daemonsets | ds | apps | true | DaemonSet | ||
| deployments | deploy | apps | true | Deployment | ||
| replicasets | rs | apps | true | ReplicaSet | ||
| statefulsets | sts | apps | true | StatefulSet | ||
| tokenreviews | authentication.k8s.io | false | TokenReview | |||
| localsubjectaccessreviews | authorization.k8s.io | true | LocalSubjectAccessReview | |||
| selfsubjectaccessreviews | authorization.k8s.io | false | SelfSubjectAccessReview | |||
| selfsubjectrulesreviews | authorization.k8s.io | false | SelfSubjectRulesReview | |||
| subjectaccessreviews | authorization.k8s.io | false | SubjectAccessReview | |||
| horizontalpodautoscalers | hpa | autoscaling | true | HorizontalPodAutoscaler | ||
| cronjobs | cj | batch | true | CronJob | ||
| jobs | batch | true | Job | |||
| certificatesigningrequests | csr | certificates.k8s.io | false | CertificateSigningRequest | ||
| adapters | config.istio.io | true | adapter | |||
| attributemanifests | config.istio.io | true | attributemanifest | |||
| handlers | config.istio.io | true | handler | |||
| httpapispecbindings | config.istio.io | true | HTTPAPISpecBinding | |||
| httpapispecs | config.istio.io | true | HTTPAPISpec | |||
| instances | config.istio.io | true | instance | |||
| quotaspecbindings | config.istio.io | true | QuotaSpecBinding | |||
| quotaspecs | config.istio.io | true | QuotaSpec | |||
| rules | config.istio.io | true | rule | |||
| templates | config.istio.io | true | template | |||
| leases | coordination.k8s.io | true | Lease | |||
| endpointslices | discovery.k8s.io | true | EndpointSlice | |||
| events | ev | events.k8s.io | true | Event | ||
| ingresses | ing | extensions | true | Ingress | ||
| istiooperators | iop | install.istio.io | true | IstioOperator | ||
| destinationrules | dr | networking.istio.io | true | DestinationRule | ||
| envoyfilters | networking.istio.io | true | EnvoyFilter | |||
| gateways | gw | networking.istio.io | true | Gateway | ||
| serviceentries | se | networking.istio.io | true | ServiceEntry | ||
| sidecars | networking.istio.io | true | Sidecar | |||
| virtualservices | vs | networking.istio.io | true | VirtualService | ||
| workloadentries | we | networking.istio.io | true | WorkloadEntry | ||
| ingressclasses | networking.k8s.io | false | IngressClass | |||
| ingresses | ing | networking.k8s.io | true | Ingress | ||
| networkpolicies | netpol | networking.k8s.io | true | NetworkPolicy | ||
| runtimeclasses | node.k8s.io | false | RuntimeClass | |||
| poddisruptionbudgets | pdb | policy | true | PodDisruptionBudget | ||
| podsecuritypolicies | psp | policy | false | PodSecurityPolicy | ||
| clusterrolebindings | rbac.authorization.k8s.io | false | ClusterRoleBinding | |||
| clusterroles | rbac.authorization.k8s.io | false | ClusterRole | |||
| rolebindings | rbac.authorization.k8s.io | true | RoleBinding | |||
| roles | rbac.authorization.k8s.io | true | Role | |||
| clusterrbacconfigs | rbac.istio.io | false | ClusterRbacConfig | |||
| rbacconfigs | rbac.istio.io | true | RbacConfig | |||
| servicerolebindings | rbac.istio.io | true | ServiceRoleBinding | |||
| serviceroles | rbac.istio.io | true | ServiceRole | |||
| priorityclasses | pc | scheduling.k8s.io | false | PriorityClass | ||
| authorizationpolicies | security.istio.io | true | AuthorizationPolicy | |||
| peerauthentications | pa | security.istio.io | true | PeerAuthentication | ||
| requestauthentications | ra | security.istio.io | true | RequestAuthentication | ||
| csidrivers | storage.k8s.io | false | CSIDriver | |||
| csinodes | storage.k8s.io | false | CSINode | |||
| storageclasses | sc | storage.k8s.io | false | StorageClass | ||
| volumeattachments | storage.k8s.io | false | VolumeAttachment |
25 个 Istio CRD:
- MeshPolicy
- Policy
- adapter
- attributemanifest
- handler
- HTTPAPISpecBinding
- HTTPAPISpec
- instance
- QuotaSpecBinding
- QuotaSpec
- rule
- template
- DestinationRule
- EnvoyFilter
- Gateway
- ServiceEntry
- Sidecar
- VirtualService
- ClusterRbacConfig
- RbacConfig
- ServiceRoleBinding
- ServiceRole
- AuthorizationPolicy
- PeerAuthentication
- RequestAuthentication
| NAME | SHORTNAMES | APIGROUP | NAMESPACED | KIND | 定义代码 | 备注 |
|---|---|---|---|---|---|---|
| bindings | true | Binding | ||||
| componentstatuses | cs | false | ComponentStatus | |||
| configmaps | cm | true | ConfigMap | |||
| endpoints | ep | true | Endpoints | |||
| events | ev | true | Event | |||
| limitranges | limits | true | LimitRange | |||
| namespaces | ns | false | Namespace | |||
| nodes | no | false | Node | |||
| persistentvolumeclaims | pvc | true | PersistentVolumeClaim | |||
| persistentvolumes | pv | false | PersistentVolume | |||
| pods | po | true | Pod | |||
| podtemplates | true | PodTemplate | ||||
| replicationcontrollers | rc | true | ReplicationController | |||
| resourcequotas | quota | true | ResourceQuota | |||
| secrets | true | Secret | ||||
| serviceaccounts | sa | true | ServiceAccount | |||
| services | svc | true | Service | |||
| mutatingwebhookconfigurations | admissionregistration.k8s.io | false | MutatingWebhookConfiguration | |||
| validatingwebhookconfigurations | admissionregistration.k8s.io | false | ValidatingWebhookConfiguration | |||
| customresourcedefinitions | crd, crds | apiextensions.k8s.io | false | CustomResourceDefinition | ||
| apiservices | apiregistration.k8s.io | false | APIService | |||
| controllerrevisions | apps | true | ControllerRevision | |||
| daemonsets | ds | apps | true | DaemonSet | ||
| deployments | deploy | apps | true | Deployment | ||
| replicasets | rs | apps | true | ReplicaSet | ||
| statefulsets | sts | apps | true | StatefulSet | ||
| meshpolicies | authentication.istio.io | false | MeshPolicy | |||
| policies | authentication.istio.io | true | Policy | |||
| tokenreviews | authentication.k8s.io | false | TokenReview | |||
| localsubjectaccessreviews | authorization.k8s.io | true | LocalSubjectAccessReview | |||
| selfsubjectaccessreviews | authorization.k8s.io | false | SelfSubjectAccessReview | |||
| selfsubjectrulesreviews | authorization.k8s.io | false | SelfSubjectRulesReview | |||
| subjectaccessreviews | authorization.k8s.io | false | SubjectAccessReview | |||
| horizontalpodautoscalers | hpa | autoscaling | true | HorizontalPodAutoscaler | ||
| cronjobs | cj | batch | true | CronJob | ||
| jobs | batch | true | Job | |||
| certificatesigningrequests | csr | certificates.k8s.io | false | CertificateSigningRequest | ||
| stacks | compose.docker.com | true | Stack | |||
| adapters | config.istio.io | true | adapter | |||
| attributemanifests | config.istio.io | true | attributemanifest | |||
| handlers | config.istio.io | true | handler | |||
| httpapispecbindings | config.istio.io | true | HTTPAPISpecBinding | |||
| httpapispecs | config.istio.io | true | HTTPAPISpec | |||
| instances | config.istio.io | true | instance | |||
| quotaspecbindings | config.istio.io | true | QuotaSpecBinding | |||
| quotaspecs | config.istio.io | true | QuotaSpec | |||
| rules | config.istio.io | true | rule | |||
| templates | config.istio.io | true | template | |||
| leases | coordination.k8s.io | true | Lease | |||
| events | ev | events.k8s.io | true | Event | ||
| daemonsets | ds | extensions | true | DaemonSet | ||
| deployments | deploy | extensions | true | Deployment | ||
| ingresses | ing | extensions | true | Ingress | ||
| networkpolicies | netpol | extensions | true | NetworkPolicy | ||
| podsecuritypolicies | psp | extensions | false | PodSecurityPolicy | ||
| replicasets | rs | extensions | true | ReplicaSet | ||
| destinationrules | dr | networking.istio.io | true | DestinationRule | ||
| envoyfilters | networking.istio.io | true | EnvoyFilter | |||
| gateways | gw | networking.istio.io | true | Gateway | ||
| serviceentries | se | networking.istio.io | true | ServiceEntry | ||
| sidecars | networking.istio.io | true | Sidecar | |||
| virtualservices | vs | networking.istio.io | true | VirtualService | ||
| ingresses | ing | networking.k8s.io | true | Ingress | ||
| networkpolicies | netpol | networking.k8s.io | true | NetworkPolicy | ||
| runtimeclasses | node.k8s.io | false | RuntimeClass | |||
| poddisruptionbudgets | pdb | policy | true | PodDisruptionBudget | ||
| podsecuritypolicies | psp | policy | false | PodSecurityPolicy | ||
| clusterrolebindings | rbac.authorization.k8s.io | false | ClusterRoleBinding | |||
| clusterroles | rbac.authorization.k8s.io | false | ClusterRole | |||
| rolebindings | rbac.authorization.k8s.io | true | RoleBinding | |||
| roles | rbac.authorization.k8s.io | true | Role | |||
| clusterrbacconfigs | rbac.istio.io | false | ClusterRbacConfig | |||
| rbacconfigs | rbac.istio.io | true | RbacConfig | |||
| servicerolebindings | rbac.istio.io | true | ServiceRoleBinding | |||
| serviceroles | rbac.istio.io | true | ServiceRole | |||
| priorityclasses | pc | scheduling.k8s.io | false | PriorityClass | ||
| authorizationpolicies | security.istio.io | true | AuthorizationPolicy | |||
| peerauthentications | security.istio.io | true | PeerAuthentication | |||
| requestauthentications | security.istio.io | true | RequestAuthentication | |||
| csidrivers | storage.k8s.io | false | CSIDriver | |||
| csinodes | storage.k8s.io | false | CSINode | |||
| storageclasses | sc | storage.k8s.io | false | StorageClass | ||
| volumeattachments | storage.k8s.io | false | VolumeAttachment |
VirtualService #
- metadata
- name
- spec
- hosts
- http
- match (Request Routing, 配置请求路由)
- headers
- end-user
- exact
- end-user
- port
- uri
- prefix
- headers
- fault (Fault Injection, 故障注入)
- delay (延迟故障)
- percentage
- fixedDelay
- abort (abort 故障)
- percentage
- httpStatus
- delay (延迟故障)
- route
- destination
- host
- subset
- port
- number
- weight (Traffic Shifting, 流量转移)
- destination
- timeout (Request Timeouts, 设置请求超时)
- retries
- attempts
- perTryTimeout
- match (Request Routing, 配置请求路由)
- tcp
- route
- destination
- weight (TCP Traffic Shifting, TCP 流量转移)
- route
DestinationRule #
- spec:
- host
- trafficPolicy
- connectionPool
- tcp
- maxConnections
- http
- http1MaxPendingRequests (HTTP 请求的最大排队数量)
- maxRequestsPerConnection (一个连接内最大请求数,如果为 1,表示禁用
keep alive)
- tcp
- outlierDetection
- consecutiveErrors
- interval
- baseEjectionTime
- maxEjectionPercent
- loadBalancer
- simple
- connectionPool
- subsets
- name
- labels
- version
- trafficPolicy (Circuit breakers, 熔断器)
- loadBalancer
- simple
- connectionPool
- tcp
- maxConnections
- tcp
- loadBalancer
Gateway #
- spec
- selector
- app
- servers
- port
- name
- number
- protocol
- hosts
- tls
- port
- selector
ServiceEntry #
- spec
- hosts
- ports
- location
- resolution
ServiceAccount #
- metadata
- name
- spec
handler #
- metadata
- name
- namespace
- spec
- compiledAdapter
- params
- quotas
- name
- maxAmount
- validDuration
- overrides
- dimensions
- destination
- maxAmount
- validDuration
- dimensions
- quotas
叶王 © 2013-2024 版权所有。如果本文档对你有所帮助,可以请作者喝饮料。