Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
This chart bootstraps all istio components deployment on a Kubernetes cluster using the Helm package manager.
This chart can install multiple istio components as subcharts:
- ingress
- ingressgateway
- egressgateway
- sidecarInjectorWebhook
- galley
- mixer
- pilot
- security(citadel)
- grafana
- prometheus
- servicegraph
- tracing(jaeger)
- kiali
To enable or disable each component, change the corresponding enabled flag.
- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required
- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required
- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with
admissionregistrationAPI is required, andkube-apiserverprocess must have theadmission-controlflag set with theMutatingAdmissionWebhookandValidatingAdmissionWebhookadmission controllers added and listed in the correct order.
The chart deploys pods that consume minimum resources as specified in the resources configuration parameter.
- If a service account has not already been installed for Tiller, install one:
$ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml
- Install Tiller on your cluster with the service account:
$ helm init --service-account tiller
-
To install the chart with the release name
istioin namespaceistio-system:- With automatic sidecar injection (requires Kubernetes >=1.9.0):
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system- Without the sidecar injection webhook:
$ helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=false
The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides.
To override Helm values, use --set key=value argument during the helm install command. Multiple --set operations may be used in the same Helm operation.
Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the following table:
| Parameter | Description | Values | Default |
|---|---|---|---|
global.hub |
Specifies the HUB for most images used by Istio | registry/namespace | docker.io/istio |
global.tag |
Specifies the TAG for most images used by Istio | valid image tag | 0.8.latest |
global.proxy.image |
Specifies the proxy image name | valid proxy name | proxyv2 |
global.imagePullPolicy |
Specifies the image pull policy | valid image pull policy | IfNotPresent |
global.controlPlaneSecurityEnabled |
Specifies whether control plane mTLS is enabled | true/false | false |
global.mtls.enabled |
Specifies whether mTLS is enabled by default between services | true/false | false |
global.rbacEnabled |
Specifies whether to create Istio RBAC rules or not | true/false | true |
global.refreshInterval |
Specifies the mesh discovery refresh interval | integer followed by s | 10s |
global.arch.amd64 |
Specifies the scheduling policy for amd64 architectures |
0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | 2 |
global.arch.s390x |
Specifies the scheduling policy for s390x architectures |
0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | 2 |
global.arch.ppc64le |
Specifies the scheduling policy for ppc64le architectures |
0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | 2 |
ingress.enabled |
Specifies whether Ingress should be installed | true/false | true |
gateways.istio-ingressgateway.enabled |
Specifies whether Ingress gateway should be installed | true/false | true |
gateways.istio-egressgateway.enabled |
Specifies whether Egress gateway should be installed | true/false | true |
sidecarInjectorWebhook.enabled |
Specifies whether automatic sidecar-injector should be installed | true |
|
galley.enabled |
Specifies whether Galley should be installed for server-side config validation | true/false | true |
mixer.enabled |
Specifies whether Mixer should be installed | true/false | true |
pilot.enabled |
Specifies whether Pilot should be installed | true/false | true |
grafana.enabled |
Specifies whether Grafana addon should be installed | true/false | false |
prometheus.enabled |
Specifies whether Prometheus addon should be installed | true/false | true |
servicegraph.enabled |
Specifies whether Servicegraph addon should be installed | true/false | false |
tracing.enabled |
Specifies whether Tracing(jaeger) addon should be installed | true/false | false |
kiali.enabled |
Specifies whether Kiali addon should be installed | true/false | false |
To uninstall/delete the istio release:
$ helm delete istio
The command removes all the Kubernetes components associated with the chart and deletes the release.
To uninstall/delete the istio release completely and make its name free for later use:
$ helm delete istio --purge