CLI Usage
Basic Usage
tca [command]
Available Commands
analyze
: Analyze Istio configurationcompletion
: Generate the autocompletion script for the specified shellhelp
: Help about any commandversion
: Print the version of TIS Analyzer
Analyze Command
The primary command for TCA is analyze
. Here's how to use it:
tca analyze [flags]
Analyze Flags
I'll help update the documentation for Tetrate's products, specifically focusing on the analyze
command flags. Let me create an updated version that incorporates the new flags while maintaining a clear and organized structure.
Analyze Flags
-h, --help
: Help for analyze command--enable-fips
: Enable analyzers for the FIPS mode (default "false")--enable-fips-workload
: Enable analyzers for the FIPS binary/image. Note: This may take significant time; consider scoping to specific namespaces (default "false")--ignore-code stringArray
: List of validation codes to ignore--istio-namespace string
: The namespace to treat as the administrative root namespace for Istio configuration (default "istio-system")-c, --kubeconfig string
: Path to the kubeconfig file to use for CLI requests--local-only
: Only analyze local configuration, do not fetch remote configuration (default "false")-f, --mesh-config-file stringArray
: Overrides the mesh config values to use for analysis-n, --namespace string
: Namespace to analyze, default is all namespaces-o, --output string
: Output format: one of json|yaml|table|pdf (default "table")--output-disabled-hyperlink
: Disable rendering OSC 8 styled hyperlink (default "false")--output-file string
: Output file name, only applicable for pdf output (default "tca.pdf")--table-style string
: Table style: one of simple|light, only applicable for table output (default "light")
Examples
-
Analyze all namespaces using default settings:
tca analyze
-
Analyze a specific namespace:
tca analyze -n my-namespace
-
Analyze using a specific kubeconfig file:
tca analyze -c /path/to/kubeconfig
-
Analyze in hybrid mode on both input file and cluster:
tca analyze -f /path/to/mesh-config.yaml
tca analyze -f /path/to/mesh-config.yaml -c /path/to/kubeconfig
-
Analyze multiple istio config files:
tca analyze -f /path/to/mesh-config.yaml -f /path/to/mesh-config2.yaml
-
Analyze local configuration only without connecting to the cluster:
Complete Istio system resourcesSince TCA analyze Istio runtime configuration, it needs following resources to be available as part of mesh-config file: Istio mesh-config configmap, Istiod deployment resource and Istio secrets. You can pass this as another mesh-config file.
tca analyze --local-only -f /path/to/mesh-config.yaml - f /path/to/istio-system-resources.yaml
-
Output analysis results in table without borders:
tca analyze --table-style simple
-
Output analysis results in JSON format:
tca analyze -o json
-
Output analysis results in PDF format:
tca analyze -o pdf
-
Analyze with a custom Istio namespace:
tca analyze --istio-namespace custom-istio-system
-
Ignore specific checks:
tca analyze --ignore-code TIS0701 --ignore-code TIS0001
-
Enable FIPS mode for analysis:
tca analyze --enable-fips
Time ConsiderationEnabling FIPS mode may increase the analysis time. Consider scoping to specific namespaces for faster results.
tca analyze --enable-fips --enable-fips-workload
Best Practices
- Run TCA regularly, especially before applying changes to Istio configurations
- Use the
--local-only
flag with-f
option to analyze configuration files before applying them to a cluster - Utilize different output formats (
-o
flag) for integration with other tools or scripts - When troubleshooting, analyze specific namespaces to focus on problem areas