ProxyConfig

ProxyConfig exposes proxy level configuration options. ProxyConfig can be configured on a per-workload basis, a per-namespace basis, or mesh-wide. ProxyConfig is not a required resource; there are default values in place, which are documented inline with each field.

NOTE: fields in ProxyConfig are not dynamically configured - changes will require restart of workloads to take effect.

For any namespace, including the root configuration namespace, it is only valid to have a single workload selector-less ProxyConfig resource.

For resources with a workload selector, it is only valid to have one resource selecting any given workload.

For mesh level configuration, put the resource in the root configuration namespace for your Istio installation without a workload selector:

  1. apiVersion: networking.istio.io/v1beta1
  2. kind: ProxyConfig
  3. metadata:
  4. name: my-proxyconfig
  5. namespace: istio-system
  6. spec:
  7. concurrency: 0
  8. image:
  9. imageType: distroless

For namespace level configuration, put the resource in the desired namespace without a workload selector:

  1. apiVersion: networking.istio.io/v1beta1
  2. kind: ProxyConfig
  3. metadata:
  4. name: my-ns-proxyconfig
  5. namespace: user-namespace
  6. spec:
  7. concurrency: 0

For workload level configuration, set the selector field on the ProxyConfig resource:

  1. apiVersion: networking.istio.io/v1beta1
  2. kind: ProxyConfig
  3. metadata:
  4. name: per-workload-proxyconfig
  5. namespace: example
  6. spec:
  7. selector:
  8. matchLabels:
  9. app: ratings
  10. concurrency: 0
  11. image:
  12. imageType: debug

If a ProxyConfig CR is defined that matches a workload it will merge with its proxy.istio.io/config annotation if present, with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide ProxyConfig CR is defined and meshConfig.DefaultConfig is set, the two resources will be merged with the CR taking precedence for overlapping fields.

ProxyConfig

ProxyConfig exposes proxy level configuration options.

FieldTypeDescriptionRequired
selectorWorkloadSelector

Optional. Selectors specify the set of pods/VMs on which this ProxyConfig resource should be applied. If not set, the ProxyConfig resource will be applied to all workloads in the namespace where this resource is defined.

No
concurrencyInt32Value

The number of worker threads to run. If unset, defaults to 2. If set to 0, this will be configured to use all cores on the machine using CPU requests and limits to choose a value, with limits taking precedence over requests.

No
environmentVariablesmap<string, string>

Additional environment variables for the proxy. Names starting with ISTIOMETA will be included in the generated bootstrap configuration and sent to the XDS server.

No
imageProxyImage

Specifies the details of the proxy image.

No

ProxyImage

The following values are used to construct proxy image url. format: ${hub}/${image_name}/${tag}-${image_type}, example: docker.io/istio/proxyv2:1.11.1 or docker.io/istio/proxyv2:1.11.1-distroless. This information was previously part of the Values API.

FieldTypeDescriptionRequired
imageTypestring

The image type of the image. Istio publishes default, debug, and distroless images. Other values are allowed if those image types (example: centos) are published to the specified hub. supported values: default, debug, distroless.

No