content/en/docs/reference/config/networking/workload-group/index.html
--- WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL SOURCE IN THE 'https://github.com/istio/api' REPO source_repo: https://github.com/istio/api title: Workload Group description: Describes a collection of workload instances. location: https://istio.io/docs/reference/config/networking/workload-group.html layout: protoc-gen-docs generator: protoc-gen-docs schema: istio.networking.v1alpha3.WorkloadGroup aliases: [/docs/reference/config/networking/v1alpha3/workload-group] number_of_entries: 8 ---
WorkloadGroup describes a collection of workload instances. It provides a specification that the workload instances can use to bootstrap their proxies, including the metadata and identity. It is only intended to be used with non-k8s workloads like Virtual Machines, and is meant to mimic the existing sidecar injection and deployment specification model used for Kubernetes workloads to bootstrap Istio proxies.
The following example declares a workload group representing a collection of workloads that will be registered under reviews in namespace bookinfo. The set of labels will be associated with each workload instance during the bootstrap process, and the ports 3550 and 8080 will be associated with the workload group and use service account default. app.kubernetes.io/version is just an arbitrary example of a label.
apiVersion: networking.istio.io/v1
kind: WorkloadGroup
metadata:
name: reviews
namespace: bookinfo
spec:
metadata:
labels:
app.kubernetes.io/name: reviews
app.kubernetes.io/version: "1.3.4"
template:
ports:
grpc: 3550
http: 8080
serviceAccount: default
probe:
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 4
successThreshold: 3
failureThreshold: 3
httpGet:
path: /foo/bar
host: 127.0.0.1
port: 3100
scheme: HTTPS
httpHeaders:
- name: Lit-Header
value: Im-The-Best
WorkloadGroup enables specifying the properties of a single workload for bootstrap and provides a template for WorkloadEntry, similar to how Deployment specifies properties of workloads via Pod templates. A WorkloadGroup can have more than one WorkloadEntry. WorkloadGroup has no relationship to resources which control service registry like ServiceEntry and as such doesn’t configure host name for these workloads.
| Field | Description |
|---|---|
metadata
|
Metadata that will be used for all corresponding WorkloadEntries. User labels for a workload group should be set here in metadata rather than in template.
| |
template
Required
|
Template to be used for the generation of WorkloadEntry resources that belong to this WorkloadGroup. Please note that address and labels fields should not be set in the template, and an empty serviceAccount should default to default. The workload identities (mTLS certificates) will be bootstrapped using the specified service account’s token. Workload entries in this group will be in the same namespace as the workload group, and inherit the labels and annotations from the above metadata field.
| |
probe
|
ReadinessProbe describes the configuration the user must provide for healthchecking on their workload. This configuration mirrors K8S in both syntax and logic for the most part.
|
ObjectMeta describes metadata that will be attached to a WorkloadEntry. It is a subset of the supported Kubernetes metadata.
| Field | Description |
|---|---|
labels
map<string, string>
|
Labels to attach
| |
annotations
map<string, string>
|
Annotations to attach
|
| Field | Description |
|---|---|
initialDelaySeconds
int32
|
Number of seconds after the container has started before readiness probes are initiated.
| |
timeoutSeconds
int32
|
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 second.
| |
periodSeconds
int32
|
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1 second.
| |
successThreshold
int32
|
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1 second.
| |
failureThreshold
int32
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3 seconds.
| |
httpGet
|
httpGet is performed to a given endpoint and the status/able to connect determines health.
| |
tcpSocket
|
Health is determined by if the proxy is able to connect.
| |
exec
|
Health is determined by how the command that is executed exited.
| |
grpc
|
GRPC call is made and response/error is used to determine health.
|
| Field | Description |
|---|---|
path
string
|
Path to access on the HTTP server.
| |
port
uint32
Required
|
Port on which the endpoint lives.
| |
host
string
|
Host name to connect to, defaults to the pod IP. You probably want to set “Host” in httpHeaders instead.
| |
scheme
string
|
HTTP or HTTPS, defaults to HTTP
| |
httpHeaders
|
Headers the proxy will pass on to make the request. Allows repeated headers.
|
| Field | Description |
|---|---|
port
uint32
|
Port on which the endpoint lives.
| |
service
string
|
Service is the fully qualified name of the service to send the grpc health check request
|
| Field | Description |
|---|---|
name
string
|
The header field name
| |
value
string
|
The header field value
|
| Field | Description |
|---|---|
host
string
|
Host to connect to, defaults to localhost
| |
port
uint32
Required
|
Port of host
|
| Field | Description |
|---|---|
command
string[]
Required
|
Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
|