Skip to main content
logoTetrate Istio SubscriptionVersion: Next

CLI Usage

Basic Usage

tca [command]

Available Commands

  • analyze: Analyze Istio configuration
  • completion: Generate the autocompletion script for the specified shell
  • help: Help about any command
  • version: Print the version of TIS Analyzer

Analyze Command

The primary command for TCA is analyze. Here's how to use it:

tca analyze [flags]

Analyze Flags

I'll help update the documentation for Tetrate's products, specifically focusing on the analyze command flags. Let me create an updated version that incorporates the new flags while maintaining a clear and organized structure.

Analyze Flags

  • -h, --help: Help for analyze command
  • --enable-fips: Enable analyzers for the FIPS mode (default "false")
  • --enable-fips-workload: Enable analyzers for the FIPS binary/image. Note: This may take significant time; consider scoping to specific namespaces (default "false")
  • --ignore-code stringArray: List of validation codes to ignore
  • --istio-namespace string: The namespace to treat as the administrative root namespace for Istio configuration (default "istio-system")
  • -c, --kubeconfig string: Path to the kubeconfig file to use for CLI requests
  • --local-only: Only analyze local configuration, do not fetch remote configuration (default "false")
  • -f, --mesh-config-file stringArray: Overrides the mesh config values to use for analysis
  • -n, --namespace string: Namespace to analyze, default is all namespaces
  • -o, --output string: Output format: one of json|yaml|table|pdf (default "table")
  • --output-disabled-hyperlink: Disable rendering OSC 8 styled hyperlink (default "false")
  • --output-file string: Output file name, only applicable for pdf output (default "tca.pdf")
  • --table-style string: Table style: one of simple|light, only applicable for table output (default "light")

Examples

  1. Analyze all namespaces using default settings:

    tca analyze

  2. Analyze a specific namespace:

    tca analyze -n my-namespace

  3. Analyze using a specific kubeconfig file:

    tca analyze -c /path/to/kubeconfig

  4. Analyze in hybrid mode on both input file and cluster:

    tca analyze -f /path/to/mesh-config.yaml
    tca analyze -f /path/to/mesh-config.yaml -c /path/to/kubeconfig

  5. Analyze multiple istio config files:

    tca analyze -f /path/to/mesh-config.yaml -f /path/to/mesh-config2.yaml

  6. Analyze local configuration only without connecting to the cluster:

    Complete Istio system resources

    Since TCA analyze Istio runtime configuration, it needs following resources to be available as part of mesh-config file: Istio mesh-config configmap, Istiod deployment resource and Istio secrets. You can pass this as another mesh-config file.

    tca analyze --local-only -f /path/to/mesh-config.yaml - f /path/to/istio-system-resources.yaml

  7. Output analysis results in table without borders:

    tca analyze --table-style simple

  8. Output analysis results in JSON format:

    tca analyze -o json

  9. Output analysis results in PDF format:

    tca analyze -o pdf

  10. Analyze with a custom Istio namespace:

    tca analyze --istio-namespace custom-istio-system

  11. Ignore specific checks:

    tca analyze --ignore-code TIS0701 --ignore-code TIS0001

  12. Enable FIPS mode for analysis:

    tca analyze --enable-fips
    Time Consideration

    Enabling FIPS mode may increase the analysis time. Consider scoping to specific namespaces for faster results.

    tca analyze  --enable-fips --enable-fips-workload

Best Practices

  • Run TCA regularly, especially before applying changes to Istio configurations
  • Use the --local-only flag with -f option to analyze configuration files before applying them to a cluster
  • Utilize different output formats (-o flag) for integration with other tools or scripts
  • When troubleshooting, analyze specific namespaces to focus on problem areas