Skip to content
Branch: master
Find file History
ozevren and istio-testing Cherry-pick Galley/MCP changes from 1.1 => master (#12604)
* Add dynamic discovery and listener initialization for supported k8s resource types (#11871)

* wip: dynamically discover supported crd types

* fix linter errors

* improve logs when resource type not found

* increase code coverage

* address review comments

* add a comment

* fix linter error

* extract Galley root command to server. (#12073)

* Replace root command of Galley with server mode.

* Fix linter issue.

* Wire-up excluded resource types list to the CRD check and update logging (#12143)

* - Wire-up excluded resource types list to the CRD check.
- Update logging.

* Revert copyright.

* Revert copyright.

* Do not reject entire batch of updates, if items get past validation. (#12476)

* Do not drop the whole batch, if validatin of a single resource fails.

* minor comment cleanup.

* Adding unit tests.

* Make linter happy happy happy.
Latest commit f7feb0f Mar 19, 2019
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
charts Cherry-pick Galley/MCP changes from 1.1 => master (#12604) Mar 19, 2019
templates
.helmignore fix helmignore issues. (#10334) Dec 8, 2018
Chart.yaml Revise version to 1.1.0 (#8241) Aug 27, 2018
LICENSE
README.md
requirements.yaml
values-e2e.yaml Performance oriented helm defaults for release 1.1 (#11476) Feb 15, 2019
values-istio-auth-mcp.yaml
values-istio-auth-multicluster.yaml
values-istio-auth.yaml Merge remote-tracking branch 'upstream/master' into MergeMasterInto11 Feb 20, 2019
values-istio-demo-auth.yaml Performance oriented helm defaults for release 1.1 (#11476) Feb 15, 2019
values-istio-demo.yaml
values-istio-example-sds-vault.yaml Merge release-1.1 to master (#11722) Feb 13, 2019
values-istio-gateways.yaml Merge remote-tracking branch 'upstream/master' into MergeMasterInto11 Feb 20, 2019
values-istio-googleca.yaml Merge release-1.1 into master (#11096) Jan 19, 2019
values-istio-mcp.yaml Merge remote-tracking branch 'upstream/master' into MergeMasterInto11 Feb 20, 2019
values-istio-minimal.yaml Update statsd host address in template (#11138) Jan 27, 2019
values-istio-multicluster-gateways.yaml
values-istio-multicluster.yaml Merge remote-tracking branch 'upstream/master' into MergeMasterInto11 Feb 20, 2019
values-istio-one-namespace-auth.yaml Merge remote-tracking branch 'upstream/master' into MergeMasterInto11 Feb 20, 2019
values-istio-one-namespace-trust-domain.yaml
values-istio-one-namespace.yaml
values-istio-remote.yaml Merge release-1.1 to master (#11722) Feb 13, 2019
values-istio-sds-auth.yaml Merge release-1.1 to master (#11722) Feb 13, 2019
values-istio.yaml remove deprecated 'refreshInterval' option in chart. (#11412) Feb 7, 2019
values.yaml

README.md

Istio

Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.

Introduction

This chart bootstraps all istio components deployment on a Kubernetes cluster using the Helm package manager.

Chart Details

This chart can install multiple istio components as subcharts:

  • ingress
  • ingressgateway
  • egressgateway
  • sidecarInjectorWebhook
  • galley
  • mixer
  • pilot
  • security(citadel)
  • grafana
  • prometheus
  • servicegraph
  • tracing(jaeger)
  • kiali

To enable or disable each component, change the corresponding enabled flag.

Prerequisites

  • Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required
  • Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required
  • If you want to enable automatic sidecar injection, Kubernetes 1.9+ with admissionregistration API is required, and kube-apiserver process must have the admission-control flag set with the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers added and listed in the correct order.
  • The istio-init chart must be run to completion prior to install the istio chart.

Resources Required

The chart deploys pods that consume minimum resources as specified in the resources configuration parameter.

Installing the Chart

  1. If a service account has not already been installed for Tiller, install one:

    $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml
    
  2. Install Tiller on your cluster with the service account:

    $ helm init --service-account tiller
    
  3. Set and create the namespace where Istio was installed:

    $ NAMESPACE=istio-system
    $ kubectl create ns $NAMESPACE
    
  4. If you are enabling kiali, you need to create the secret that contains the username and passphrase for kiali dashboard:

    $ echo -n 'admin' | base64
    YWRtaW4=
    $ echo -n '1f2d1e2e67df' | base64
    MWYyZDFlMmU2N2Rm
    $ cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: Secret
    metadata:
      name: kiali
      namespace: $NAMESPACE
      labels:
        app: kiali
    type: Opaque
    data:
      username: YWRtaW4=
      passphrase: MWYyZDFlMmU2N2Rm
    EOF
    
  5. If you are using security mode for Grafana, create the secret first as follows:

    • Encode username, you can change the username to the name as you want:
    $ echo -n 'admin' | base64
    YWRtaW4=
    
    • Encode passphrase, you can change the passphrase to the passphrase as you want:
    $ echo -n '1f2d1e2e67df' | base64
    MWYyZDFlMmU2N2Rm
    
    • Create secret for Grafana:
    $ cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: Secret
    metadata:
      name: grafana
      namespace: $NAMESPACE
      labels:
        app: grafana
    type: Opaque
    data:
      username: YWRtaW4=
      passphrase: MWYyZDFlMmU2N2Rm
    EOF
    
  6. Add istio.io chart repository and point to the daily release:

    $ helm repo add istio.io https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
    
  7. To install the chart with the release name istio in namespace $NAMESPACE you defined above:

    $ helm install istio --name istio --namespace $NAMESPACE
    
    • Without the sidecar injection webhook:
    $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false
    

Configuration

The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. To override Helm values, use --set key=value argument during the helm install command. Multiple --set operations may be used in the same Helm operation.

Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the following table:

Parameter Description Values Default
global.hub Specifies the HUB for most images used by Istio registry/namespace docker.io/istio
global.tag Specifies the TAG for most images used by Istio valid image tag 0.8.latest
global.proxy.image Specifies the proxy image name valid proxy name proxyv2
global.proxy.concurrency Specifies the number of proxy worker threads number, 0 = auto 0
global.imagePullPolicy Specifies the image pull policy valid image pull policy IfNotPresent
global.controlPlaneSecurityEnabled Specifies whether control plane mTLS is enabled true/false false
global.mtls.enabled Specifies whether mTLS is enabled by default between services true/false false
global.rbacEnabled Specifies whether to create Istio RBAC rules or not true/false true
global.arch.amd64 Specifies the scheduling policy for amd64 architectures 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred 2
global.arch.s390x Specifies the scheduling policy for s390x architectures 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred 2
global.arch.ppc64le Specifies the scheduling policy for ppc64le architectures 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred 2
ingress.enabled Specifies whether Ingress should be installed true/false true
gateways.enabled Specifies whether gateway(both Ingres and Egress) should be installed true/false true
gateways.istio-ingressgateway.enabled Specifies whether Ingress gateway should be installed true/false true
gateways.istio-egressgateway.enabled Specifies whether Egress gateway should be installed true/false true
sidecarInjectorWebhook.enabled Specifies whether automatic sidecar-injector should be installed true/false true
galley.enabled Specifies whether Galley should be installed for server-side config validation true/false true
security.enabled Specifies whether Citadel should be installed true/false true
mixer.policy.enabled Specifies whether Mixer Policy should be installed true/false true
mixer.telemetry.enabled Specifies whether Mixer Telemetry should be installed true/false true
pilot.enabled Specifies whether Pilot should be installed true/false true
grafana.enabled Specifies whether Grafana addon should be installed true/false false
grafana.persist Specifies whether Grafana addon should persist config data true/false false
grafana.storageClassName If grafana.persist is true, specifies the StorageClass to use for the PersistentVolumeClaim StorageClass ""
grafana.accessMode If grafana.persist is true, specifies the Access Mode to use for the PersistentVolumeClaim RWO/ROX/RWX ReadWriteMany
prometheus.enabled Specifies whether Prometheus addon should be installed true/false true
servicegraph.enabled Specifies whether Servicegraph addon should be installed true/false false
tracing.enabled Specifies whether Tracing(jaeger) addon should be installed true/false false
kiali.enabled Specifies whether Kiali addon should be installed true/false false

Uninstalling the Chart

To uninstall/delete the istio release but continue to track the release: $ helm delete istio

To uninstall/delete the istio release completely and make its name free for later use: $ helm delete istio --purge

You can’t perform that action at this time.