galley

Galley provides configuration management services for Istio.

FlagsShorthandDescription
--config <string>-cConfig file containing args (default ``)
--log_as_jsonWhether to format output as JSON or in plain console-friendly format
--log_caller <string>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] (default ``)
--log_output_level <string>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)
--log_rotate <string>The path for the optional rotating log file (default ``)
--log_rotate_max_age <int>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)
--log_rotate_max_backups <int>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)
--log_rotate_max_size <int>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)
--log_stacktrace_level <string>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)
--log_target <stringArray>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)

galley probe

Check the liveness or readiness of a locally-running server

galley probe [flags]
FlagsShorthandDescription
--config <string>-cConfig file containing args (default ``)
--interval <duration>Duration used for checking the target file's last modified time. (default `0s`)
--log_as_jsonWhether to format output as JSON or in plain console-friendly format
--log_caller <string>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] (default ``)
--log_output_level <string>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)
--log_rotate <string>The path for the optional rotating log file (default ``)
--log_rotate_max_age <int>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)
--log_rotate_max_backups <int>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)
--log_rotate_max_size <int>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)
--log_stacktrace_level <string>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)
--log_target <stringArray>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)
--probe-path <string>Path of the file for checking the availability. (default ``)

galley server

Starts Galley as a server

galley server [flags]
FlagsShorthandDescription
--accessListFile <string>The access list yaml file that contains the allowd mTLS peer ids. (default `/etc/config/accesslist.yaml`)
--caCertFile <string>File containing the caBundle that signed the cert/key specified by --tlsCertFile and --tlsKeyFile. (default `/etc/certs/root-cert.pem`)
--config <string>-cConfig file containing args (default ``)
--configPath <string>Istio config file path (default ``)
--ctrlz_address <string>The IP Address to listen on for the ControlZ introspection facility. Use '*' to indicate all addresses. (default `localhost`)
--ctrlz_port <uint16>The IP port to use for the ControlZ introspection facility (default `9876`)
--deployment-name <string>Name of the deployment for the validation pod (default `istio-galley`)
--deployment-namespace <string>Namespace of the deployment for the validation pod (default `istio-system`)
--disableResourceReadyCheckDisable resource readiness checks. This allows Galley to start if not all resource types are supported
--domain <string>DNS domain suffix (default `cluster.local`)
--enable-reconcileWebhookConfigurationEnable reconciliation for webhook configuration.
--enable-serverRun galley server mode
--enable-validationRun galley validation mode
--enableProfilingEnable profiling for Galley
--enableServiceDiscoveryEnable service discovery processing in Galley
--excludedResourceKinds <stringSlice>Comma-separated list of resource kinds that should not generate source events (default `[Endpoints,Namespace,Node,Pod,Service]`)
--insecureUse insecure gRPC communication
--kubeconfig <string>Use a Kubernetes configuration file instead of in-cluster configuration (default ``)
--livenessProbeInterval <duration>Interval of updating file for the Galley liveness probe. (default `2s`)
--livenessProbePath <string>Path to the file for the Galley liveness probe. (default `/healthLiveness`)
--log_as_jsonWhether to format output as JSON or in plain console-friendly format
--log_caller <string>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] (default ``)
--log_output_level <string>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)
--log_rotate <string>The path for the optional rotating log file (default ``)
--log_rotate_max_age <int>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)
--log_rotate_max_backups <int>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)
--log_rotate_max_size <int>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)
--log_stacktrace_level <string>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)
--log_target <stringArray>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)
--meshConfigFile <string>Path to the mesh config file (default `/etc/mesh-config/mesh`)
--monitoringPort <uint>Port to use for exposing self-monitoring information (default `15014`)
--pprofPort <uint>Port to use for exposing profiling (default `9094`)
--readinessProbeInterval <duration>Interval of updating file for the Galley readiness probe. (default `2s`)
--readinessProbePath <string>Path to the file for the Galley readiness probe. (default `/healthReadiness`)
--resyncPeriod <duration>Resync period for rescanning Kubernetes resources (default `0s`)
--server-address <string>Address to use for Galley's gRPC API, e.g. tcp://localhost:9092 or unix:///path/to/file (default `tcp://0.0.0.0:9901`)
--server-maxConcurrentStreams <uint>Maximum number of outstanding RPCs per connection (default `1024`)
--server-maxReceivedMessageSize <uint>Maximum size of individual gRPC messages (default `1048576`)
--service-name <string>Name of the validation service running in the same namespace as the deployment (default `istio-galley`)
--sinkAddress <string>Address of MCP Resource Sink server for Galley to connect to. Ex: 'foo.com:1234' (default ``)
--sinkAuthMode <string>Name of authentication plugin to use for connection to sink server. (default ``)
--sinkMeta <stringSlice>Comma-separated list of key=values to attach as metadata to outgoing sink connections. Ex: 'key=value,key2=value2' (default `[]`)
--tlsCertFile <string>File containing the x509 Certificate for HTTPS. (default `/etc/certs/cert-chain.pem`)
--tlsKeyFile <string>File containing the x509 private key matching --tlsCertFile. (default `/etc/certs/key.pem`)
--useOldProcessorUse the old processing pipeline for config processing
--validation-port <uint>HTTPS port of the validation service. Must be 443 if service has more than one port (default `443`)
--validation-webhook-config-file <string>File that contains k8s validatingwebhookconfiguration yaml. Required if enable-validation is true. (default ``)
--webhook-name <string>Name of the k8s validatingwebhookconfiguration (default `istio-galley`)

Accepts deep config files, like:

general:
  introspection:
    address: --ctrlz_address
    port: --ctrlz_port
  kubeconfig: --kubeconfig
processing:
  domainsuffix: --domain
  server:
    address: --server-address
    auth:
      insecure: --insecure
    enable: --enable-server
validation:
  deploymentname: --deployment-name
  deploymentnamespace: --deployment-namespace
  enable: --enable-validation
  servicename: --service-name
  tls:
    caCertificates: --validation.tls.caCertificates
    clientCertificate: --validation.tls.clientCertificate
    privateKey: --validation.tls.privateKey
  webhookconfigfile: --validation-webhook-config-file
  webhookname: --webhook-name
  webhookport: --validation-port

galley version

Prints out build version information

galley version [flags]
FlagsShorthandDescription
--config <string>-cConfig file containing args (default ``)
--log_as_jsonWhether to format output as JSON or in plain console-friendly format
--log_caller <string>Comma-separated list of scopes for which to include caller information, scopes can be any of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] (default ``)
--log_output_level <string>Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:info`)
--log_rotate <string>The path for the optional rotating log file (default ``)
--log_rotate_max_age <int>The maximum age in days of a log file beyond which the file is rotated (0 indicates no limit) (default `30`)
--log_rotate_max_backups <int>The maximum number of log file backups to keep before older files are deleted (0 indicates no limit) (default `1000`)
--log_rotate_max_size <int>The maximum size in megabytes of a log file beyond which the file is rotated (default `104857600`)
--log_stacktrace_level <string>Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [all, analysis, attributes, conversions, default, grpcAdapter, kube, kube-converter, mcp, meshconfig, model, processing, rbac, resource, runtime, server, source, validation] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`)
--log_target <stringArray>The set of paths where to output the log. This can be any path as well as the special values stdout and stderr (default `[stdout]`)
--output <string>-oOne of 'yaml' or 'json'. (default ``)
--short-sUse --short=false to generate full version information

Environment variables

These environment variables affect the behavior of the galley command.
Variable NameTypeDefault ValueDescription
AUTHZ_FAILURE_LOG_BURST_SIZEInteger1
AUTHZ_FAILURE_LOG_FREQTime Duration1m0s
BYPASS_OOP_MTLS_SAN_VERIFICATIONBooleanfalseWhether or not to validate SANs for out-of-process adapters auth.
ISTIO_GPRC_MAXSTREAMSInteger100000Sets the maximum number of concurrent grpc streams.
ISTIO_LANGStringSelects the attribute expression langauge runtime for Mixer.
PILOT_CERT_DIRString
PILOT_DEBOUNCE_AFTERTime Duration100msThe delay added to config/registry events for debouncing. This will delay the push by at least this internal. If no change is detected within this period, the push will happen, otherwise we'll keep delaying until things settle, up to a max of PILOT_DEBOUNCE_MAX.
PILOT_DEBOUNCE_MAXTime Duration10sThe maximum amount of time to wait for events while debouncing. If events keep showing up with no breaks for this time, we'll trigger a push.
PILOT_DEBUG_ADSZ_CONFIGBooleanfalse
PILOT_DISABLE_XDS_MARSHALING_TO_ANYBooleanfalse
PILOT_ENABLE_EDS_DEBOUNCEBooleantrueIf enabled, Pilot will include EDS pushes in the push debouncing, configured by PILOT_DEBOUNCE_AFTER and PILOT_DEBOUNCE_MAX. EDS pushes may be delayed, but there will be fewer pushes. By default this is enabled
PILOT_ENABLE_FALLTHROUGH_ROUTEBooleantrueEnableFallthroughRoute provides an option to add a final wildcard match for routes. When ALLOW_ANY traffic policy is used, a Passthrough cluster is used. When REGISTRY_ONLY traffic policy is used, a 502 error is returned.
PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERSBooleanfalseIf enabled, for a headless service/stateful set in Kubernetes, pilot will generate an outbound listener for each pod in a headless service. This feature should be disabled if headless services have a large number of pods.
PILOT_ENABLE_MYSQL_FILTERBooleanfalseEnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.
PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUNDBooleanfalseIf enabled, protocol sniffing will be used for inbound listeners whose port protocol is not specified or unsupported
PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUNDBooleantrueIf enabled, protocol sniffing will be used for outbound listeners whose port protocol is not specified or unsupported
PILOT_ENABLE_REDIS_FILTERBooleanfalseEnableRedisFilter enables injection of `envoy.filters.network.redis_proxy` in the filter chain.
PILOT_HTTP10BooleanfalseEnables the use of HTTP 1.0 in the outbound HTTP listeners, to support legacy applications.
PILOT_INBOUND_PROTOCOL_DETECTION_TIMEOUTTime Duration1sProtocol detection timeout for inbound listener
PILOT_INITIAL_FETCH_TIMEOUTTime Duration0sSpecifies the initial_fetch_timeout for config. If this time is reached without a response to the config requested by Envoy, the Envoy will move on with the init phase. This prevents envoy from getting stuck waiting on config during startup.
PILOT_PUSH_THROTTLEInteger100Limits the number of concurrent pushes allowed. On larger machines this can be increased for faster pushes
PILOT_RESPECT_DNS_TTLBooleantrueIf enabled, DNS based clusters will respect the TTL of the DNS, rather than polling at a fixed rate. This option is only provided for backward compatibility purposes and will be removed in the near future.
PILOT_RESTRICT_POD_UP_TRAFFIC_LOOPBooleantrueIf enabled, this will block inbound traffic from matching outbound listeners, which could result in an infinite loop of traffic. This option is only provided for backward compatibility purposes and will be removed in the near future.
PILOT_SCOPE_GATEWAY_TO_NAMESPACEBooleanfalseIf enabled, a gateway workload can only select gateway resources in the same namespace. Gateways with same selectors in different namespaces will not be applicable.
PILOT_SCOPE_PUSHESBooleantrueIf enabled, pilot will attempt to limit unnecessary pushes by determining what proxies a config or endpoint update will impact.
PILOT_SIDECAR_USE_REMOTE_ADDRESSBooleanfalseUseRemoteAddress sets useRemoteAddress to true for side car outbound listeners.
PILOT_SKIP_VALIDATE_TRUST_DOMAINBooleanfalseSkip validating the peer is from the same trust domain when mTLS is enabled in authentication policy
PILOT_TRACE_SAMPLINGFloating-Point100Sets the mesh-wide trace sampling percentage. Should be 0.0 - 100.0. Precision to 0.01. Default is 100, not recommended for production use.
TERMINATION_DRAIN_DURATION_SECONDSInteger5The amount of time allowed for connections to complete on pilot-agent shutdown. On receiving SIGTERM or SIGINT, pilot-agent tells the active Envoy to start draining, preventing any new connections and allowing existing connections to complete. It then sleeps for the TerminationDrainDuration and then kills any remaining active Envoy processes.
USE_ISTIO_JWT_FILTERBooleanfalseUse the Istio JWT filter for JWT token verification.
V2_REFRESHTime Duration0s

Exported metrics

Metric NameTypeDescription
endpoint_no_podLastValueEndpoints without an associated pod.
galley_runtime_processor_event_span_duration_millisecondsDistributionThe duration between each incoming event
galley_runtime_processor_events_processed_totalCountThe number of events that have been processed
galley_runtime_processor_snapshot_events_totalDistributionThe number of events per snapshot
galley_runtime_processor_snapshot_lifetime_duration_millisecondsDistributionThe duration of each snapshot
galley_runtime_processor_snapshots_published_totalCountThe number of snapshots that have been published
galley_runtime_state_type_instances_totalLastValueThe number of type instances per type URL
galley_runtime_strategy_on_change_totalCountThe number of times the strategy's onChange has been called
galley_runtime_strategy_timer_max_time_reached_totalCountThe number of times the max time has been reached
galley_runtime_strategy_timer_quiesce_reached_totalCountThe number of times a quiesce has been reached
galley_runtime_strategy_timer_resets_totalCountThe number of times the timer has been reset
galley_source_kube_dynamic_converter_failure_totalCountThe number of times a dynamnic kubernetes source failed converting a resources
galley_source_kube_dynamic_converter_success_totalCountThe number of times a dynamic kubernetes source successfully converted a resource
galley_source_kube_event_error_totalCountThe number of times a kubernetes source encountered errored while handling an event
galley_source_kube_event_success_totalCountThe number of times a kubernetes source successfully handled an event
galley_validation_cert_key_update_errorsCountGalley validation webhook certificate updates errors
galley_validation_cert_key_updatesCountGalley validation webhook certificate updates
galley_validation_config_loadCountk8s webhook configuration (re)loads
galley_validation_config_load_errorCountk8s webhook configuration (re)load error
galley_validation_config_update_errorCountk8s webhook configuration update error
galley_validation_config_updatesCountk8s webhook configuration updates
galley_validation_failedCountResource validation failed
galley_validation_http_errorCountResource validation http serve errors
galley_validation_passedCountResource is valid
istio_buildLastValueIstio component build info
istio_mcp_clients_totalLastValueThe number of streams currently connected.
istio_mcp_message_sizes_bytesDistributionSize of messages received from clients.
istio_mcp_reconnectionsSumThe number of times the sink has reconnected.
istio_mcp_recv_failures_totalSumThe number of recv failures in the source.
istio_mcp_request_acks_totalSumThe number of request acks received by the source.
istio_mcp_request_nacks_totalSumThe number of request nacks received by the source.
istio_mcp_send_failures_totalSumThe number of send failures in the source.
mixer_config_adapter_info_config_errors_totalLastValueThe number of errors encountered during processing of the adapter info configuration.
mixer_config_adapter_info_configs_totalLastValueThe number of known adapters in the current config.
mixer_config_attributes_totalLastValueThe number of known attributes in the current config.
mixer_config_handler_configs_totalLastValueThe number of known handlers in the current config.
mixer_config_handler_validation_error_totalLastValueThe number of errors encountered because handler validation returned error.
mixer_config_instance_config_errors_totalLastValueThe number of errors encountered during processing of the instance configuration.
mixer_config_instance_configs_totalLastValueThe number of known instances in the current config.
mixer_config_rule_config_errors_totalLastValueThe number of errors encountered during processing of the rule configuration.
mixer_config_rule_config_match_error_totalLastValueThe number of rule conditions that was not parseable.
mixer_config_rule_configs_totalLastValueThe number of known rules in the current config.
mixer_config_template_config_errors_totalLastValueThe number of errors encountered during processing of the template configuration.
mixer_config_template_configs_totalLastValueThe number of known templates in the current config.
mixer_config_unsatisfied_action_handler_totalLastValueThe number of actions that failed due to handlers being unavailable.
mixer_dispatcher_destinations_per_requestDistributionNumber of handlers dispatched per request by Mixer
mixer_dispatcher_destinations_per_variety_totalLastValueNumber of Mixer adapter destinations by template variety type
mixer_dispatcher_instances_per_requestDistributionNumber of instances created per request by Mixer
mixer_handler_closed_handlers_totalLastValueThe number of handlers that were closed during config transition.
mixer_handler_daemons_totalLastValueThe current number of active daemon routines in a given adapter environment.
mixer_handler_handler_build_failures_totalLastValueThe number of handlers that failed creation during config transition.
mixer_handler_handler_close_failures_totalLastValueThe number of errors encountered while closing handlers during config transition.
mixer_handler_new_handlers_totalLastValueThe number of handlers that were newly created during config transition.
mixer_handler_reused_handlers_totalLastValueThe number of handlers that were re-used during config transition.
mixer_handler_workers_totalLastValueThe current number of active worker routines in a given adapter environment.
mixer_runtime_dispatch_duration_secondsDistributionDuration in seconds for adapter dispatches handled by Mixer.
mixer_runtime_dispatches_totalCountTotal number of adapter dispatches handled by Mixer.
pilot_conflict_inbound_listenerLastValueNumber of conflicting inbound listeners.
pilot_conflict_outbound_listener_http_over_current_tcpLastValueNumber of conflicting wildcard http listeners with current wildcard tcp listener.
pilot_conflict_outbound_listener_tcp_over_current_httpLastValueNumber of conflicting wildcard tcp listeners with current wildcard http listener.
pilot_conflict_outbound_listener_tcp_over_current_tcpLastValueNumber of conflicting tcp listeners with current tcp listener.
pilot_destrule_subsetsLastValueDuplicate subsets across destination rules for same host
pilot_duplicate_envoy_clustersLastValueDuplicate envoy clusters caused by service entries with same hostname
pilot_eds_no_instancesLastValueNumber of clusters without instances.
pilot_endpoint_not_readyLastValueEndpoint found in unready state.
pilot_jwks_resolver_network_fetch_fail_totalSumTotal number of failed network fetch by pilot jwks resolver
pilot_jwks_resolver_network_fetch_success_totalSumTotal number of successfully network fetch by pilot jwks resolver
pilot_no_ipLastValuePods not found in the endpoint table, possibly invalid.
pilot_total_rejected_configsSumTotal number of configs that Pilot had to reject or ignore.
pilot_virt_servicesLastValueTotal virtual services known to pilot.
pilot_vservice_dup_domainLastValueVirtual services with dup domains.