content/en/docs/reference/config/labels/index.html
--- WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/api' REPO source_repo: https://github.com/istio/api title: Resource Labels description: Resource labels used by Istio. location: https://istio.io/docs/reference/config/labels/ weight: 60 ---
This page presents the various resource labels that Istio supports to control its behavior.
| Name | gateway.istio.io/managed |
| Feature Status | Stable |
| Resource Types | [ServiceAccount Deployment Service] |
| Description |
Automatically added to all resources automatically created by Istio Gateway controller, to indicate which controller created the resource. Users should not set this label themselves.
|
| Name | gateway.networking.k8s.io/gateway-class-name |
| Feature Status | Stable |
| Resource Types | [ServiceAccount Deployment Service PodDisruptionBudget HorizontalPodAutoscaler] |
| Description |
Automatically added to all resources automatically created by Istio Gateway controller to indicate which GatewayClass resulted in the object creation. Users should not set this label themselves.
|
| Name | gateway.networking.k8s.io/gateway-name |
| Feature Status | Stable |
| Resource Types | [ServiceAccount Deployment Service PodDisruptionBudget HorizontalPodAutoscaler] |
| Description |
Automatically added to all resources automatically created by Istio Gateway controller to indicate which Gateway resulted in the object creation. Users should not set this label themselves.
|
| Name | istio.io/dataplane-mode |
| Feature Status | Stable |
| Resource Types | [Pod Namespace] |
| Description |
When set on a resource, indicates the data plane mode to use. Possible values: ambient, none. Note: users wishing to use sidecar mode should see the istio-injection label; there is no value on this label to configure sidecars.
|
| Name | istio.io/ingress-use-waypoint |
| Feature Status | Beta |
| Resource Types | [Service ServiceEntry Namespace] |
| Description | |
| Name | istio.io/rev |
| Feature Status | Beta |
| Resource Types | [Namespace Gateway Pod] |
| Description |
Istio control plane revision or tag associated with the resource; e.g. canary
|
| Name | istio.io/tag |
| Feature Status | Alpha |
| Resource Types | [MutatingWebhookConfiguration] |
| Description |
Istio control plane tag name associated with the resource - for internal use only
|
| Name | istio.io/use-waypoint |
| Feature Status | Stable |
| Resource Types | [Pod WorkloadEntry Service ServiceEntry Namespace] |
| Description |
When set on a resource, indicates the resource has an associated waypoint with the given name. The waypoint is assumed to be in the same namespace; for cross-namespace, see istio.io/use-waypoint-namespace.
When set or a Pod or a Service, this binds that specific resource to the waypoint. When set on a Namespace, this applies to all Pod/Service in the namespace.
Note: the waypoint must allow the type, see istio.io/waypoint-for.
|
| Name | istio.io/use-waypoint-namespace |
| Feature Status | Beta |
| Resource Types | [Pod WorkloadEntry Service ServiceEntry Namespace] |
| Description |
When set on a resource, indicates the resource has an associated waypoint in the provided namespace. This must be set in addition to istio.io/use-waypoint, when a cross-namespace reference is desired.
|
| Name | istio.io/waypoint-for |
| Feature Status | Stable |
| Resource Types | [GatewayClass Gateway] |
| Description |
When set on a waypoint (either by its specific Gateway, or for the entire collection on the GatewayClass), indicates the type of traffic this waypoint can handle.
Valid options: service, workload, all, and none.
|
| Name | networking.istio.io/enable-autoallocate-ip |
| Feature Status | Beta |
| Resource Types | [ServiceEntry] |
| Description |
Configures whether a ServiceEntry without any spec.addresses set should get an IP address automatically allocated for it.
Valid options: true, false
|
| Name | networking.istio.io/gatewayPort |
| Feature Status | Alpha |
| Resource Types | [Service] |
| Description |
IstioGatewayPortLabel overrides the default 15443 value to use for a multi-network gateway’s port
|
| Name | service.istio.io/canonical-name |
| Feature Status | Alpha |
| Resource Types | [Pod] |
| Description |
The name of the canonical service a workload belongs to
|
| Name | service.istio.io/canonical-revision |
| Feature Status | Alpha |
| Resource Types | [Pod] |
| Description |
The name of a revision within a canonical service that the workload belongs to
|
| Name | service.istio.io/workload-name |
| Feature Status | Alpha |
| Resource Types | [Pod WorkloadEntry] |
| Description |
The workload name of the application a workload belongs to. If unset, defaults to the detect parent resource. For example, a Pod resource may default to the Deployment name.
|
| Name | sidecar.istio.io/inject |
| Feature Status | Beta |
| Resource Types | [Pod] |
| Description |
Specifies whether or not an Envoy sidecar should be automatically injected into the workload.
|
| Name | topology.istio.io/cluster |
| Feature Status | Alpha |
| Resource Types | [Pod] |
| Description |
This label is applied to a workload internally that identifies the Kubernetes cluster containing the workload. The cluster ID is specified during Istio installation for each cluster via values.global.multiCluster.clusterName. It should be noted that this is only used internally within Istio and is not an actual label on workload pods. If a pod contains this label, it will be overridden by Istio internally with the cluster ID specified during Istio installation. This label provides a way to select workloads by cluster when using DestinationRules. For example, a service owner could create a DestinationRule containing a subset per cluster and then use these subsets to control traffic flow to each cluster independently.
|
| Name | topology.istio.io/locality |
| Feature Status | Alpha |
| Resource Types | [Pod] |
| Description |
This label is applied to a workload internally that indicates the region/zone/subzone of an instance. It is used to override the native registry’s value. Kubernetes labels does not support /, use . instead in kubernetes. e.g. regionA.zoneB.subZoneC
|
| Name | topology.istio.io/network |
| Feature Status | Beta |
| Resource Types | [Namespace Pod Service] |
| Description |
A label used to identify the network for one or more pods. This is used internally by Istio to group pods resident in the same L3 domain/network. Istio assumes that pods in the same network are directly reachable from one another. When pods are in different networks, an Istio Gateway (e.g. east-west gateway) is typically used to establish connectivity (with AUTO_PASSTHROUGH mode). This label can be applied to the following resources to help automate Istio’s multi-network configuration.
Istio System Namespace: Applying this label to the system namespace establishes a default network for pods managed by the control plane. This is typically configured during control plane installation using an admin-specified value.
Pod: Applying this label to a pod allows overriding the default network on a per-pod basis. This is typically applied to the pod via webhook injection, but can also be manually specified on the pod by the service owner. The Istio installation in each cluster configures webhook injection using an admin-specified value.
Gateway Service: Applying this label to the Service for an Istio Gateway, indicates that Istio should use this service as the gateway for the network, when configuring cross-network traffic. Istio will configure pods residing outside of the network to access the Gateway service via spec.externalIPs, status.loadBalancer.ingress[].ip, or in the case of a NodePort service, the Node’s address. The label is configured when installing the gateway (e.g. east-west gateway) and should match either the default network for the control plane (as specified by the Istio System Namespace label) or the network of the targeted pods.
|
| Name | topology.istio.io/subzone |
| Feature Status | Beta |
| Resource Types | [Node] |
| Description |
User-provided node label for identifying the locality subzone of a workload. This allows admins to specify a more granular level of locality than what is offered by default with Kubernetes regions and zones.
|