github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/README.md

github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/README.md (about)

     1  # Istio
     2  
     3  [Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
     4  
     5  ## Introduction
     6  
     7  This chart bootstraps all istio [components](https://istio.io/docs/concepts/what-is-istio/overview.html) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
     8  
     9  ## Chart Details
    10  
    11  This chart can install multiple istio components as subcharts:
    12  - ingress
    13  - ingressgateway
    14  - egressgateway
    15  - sidecarInjectorWebhook
    16  - galley
    17  - mixer
    18  - pilot
    19  - security(citadel)
    20  - grafana
    21  - prometheus
    22  - servicegraph
    23  - tracing(jaeger)
    24  - kiali
    25  
    26  To enable or disable each component, change the corresponding `enabled` flag.
    27  
    28  ## Prerequisites
    29  
    30  - Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required
    31  - Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required
    32  - If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order.
    33  
    34  ## Resources Required
    35  
    36  The chart deploys pods that consume minimum resources as specified in the resources configuration parameter.
    37  
    38  ## Installing the Chart
    39  
    40  1. If a service account has not already been installed for Tiller, install one:
    41  ```
    42  $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml
    43  ```
    44  
    45  2. Install Tiller on your cluster with the service account:
    46  ```
    47  $ helm init --service-account tiller
    48  ```
    49  
    50  3. Install Istio’s [Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) via `kubectl apply`, and wait a few seconds for the CRDs to be committed in the kube-apiserver:
    51     ```
    52     $ kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml
    53     ```
    54     **Note**: If you are enabling `certmanager`, you also need to install its CRDs and wait a few seconds for the CRDs to be committed in the kube-apiserver:
    55     ```
    56     $ kubectl apply -f install/kubernetes/helm/istio/charts/certmanager/templates/crds.yaml
    57     ```
    58  
    59  4. To install the chart with the release name `istio` in namespace `istio-system`:
    60      - With [automatic sidecar injection](https://istio.io/docs/setup/kubernetes/sidecar-injection/#automatic-sidecar-injection) (requires Kubernetes >=1.9.0):
    61      ```
    62      $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system
    63      ```
    64  
    65      - Without the sidecar injection webhook:
    66      ```
    67      $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=false
    68      ```
    69  
    70  ## Configuration
    71  
    72  The Helm chart ships with reasonable defaults.  There may be circumstances in which defaults require overrides.
    73  To override Helm values, use `--set key=value` argument during the `helm install` command.  Multiple `--set` operations may be used in the same Helm operation.
    74  
    75  Helm charts expose configuration options which are currently in alpha.  The currently exposed options are explained in the following table:
    76  
    77  | Parameter | Description | Values | Default |
    78  | --- | --- | --- | --- |
    79  | `global.hub` | Specifies the HUB for most images used by Istio | registry/namespace | `docker.io/istio` |
    80  | `global.tag` | Specifies the TAG for most images used by Istio | valid image tag | `0.8.latest` |
    81  | `global.proxy.image` | Specifies the proxy image name | valid proxy name | `proxyv2` |
    82  | `global.proxy.concurrency` | Specifies the number of proxy worker threads | number, 0 = auto | `0` |
    83  | `global.imagePullPolicy` | Specifies the image pull policy | valid image pull policy | `IfNotPresent` |
    84  | `global.controlPlaneSecurityEnabled` | Specifies whether control plane mTLS is enabled | true/false | `false` |
    85  | `global.mtls.enabled` | Specifies whether mTLS is enabled by default between services | true/false | `false` |
    86  | `global.rbacEnabled` | Specifies whether to create Istio RBAC rules or not | true/false | `true` |
    87  | `global.refreshInterval` | Specifies the mesh discovery refresh interval | integer followed by s | `10s` |
    88  | `global.arch.amd64` | Specifies the scheduling policy for `amd64` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
    89  | `global.arch.s390x` | Specifies the scheduling policy for `s390x` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
    90  | `global.arch.ppc64le` | Specifies the scheduling policy for `ppc64le` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
    91  | `ingress.enabled` | Specifies whether Ingress should be installed | true/false | `true` |
    92  | `gateways.istio-ingressgateway.enabled` | Specifies whether Ingress gateway should be installed | true/false | `true` |
    93  | `gateways.istio-egressgateway.enabled` | Specifies whether Egress gateway should be installed | true/false | `true` |
    94  | `sidecarInjectorWebhook.enabled` | Specifies whether automatic sidecar-injector should be installed | `true` |
    95  | `galley.enabled` | Specifies whether Galley should be installed for server-side config validation | true/false | `true` |
    96  | `mixer.enabled` | Specifies whether Mixer should be installed | true/false | `true` |
    97  | `pilot.enabled` | Specifies whether Pilot should be installed | true/false | `true` |
    98  | `grafana.enabled` | Specifies whether Grafana addon should be installed | true/false | `false` |
    99  | `grafana.persist` | Specifies whether Grafana addon should persist config data | true/false | `false` |
   100  | `grafana.storageClassName` | If `grafana.persist` is true, specifies the [`StorageClass`](https://kubernetes.io/docs/concepts/storage/storage-classes/) to use for the `PersistentVolumeClaim` | `StorageClass` | "" |
   101  | `prometheus.enabled` | Specifies whether Prometheus addon should be installed | true/false | `true` |
   102  | `servicegraph.enabled` | Specifies whether Servicegraph addon should be installed | true/false | `false` |
   103  | `tracing.enabled` | Specifies whether Tracing(jaeger) addon should be installed | true/false | `false` |
   104  | `kiali.enabled` | Specifies whether Kiali addon should be installed | true/false | `false` |
   105  
   106  ## Uninstalling the Chart
   107  
   108  To uninstall/delete the `istio` release:
   109  ```
   110  $ helm delete istio
   111  ```
   112  The command removes all the Kubernetes components associated with the chart and deletes the release.
   113  
   114  To uninstall/delete the `istio` release completely and make its name free for later use:
   115  ```
   116  $ helm delete istio --purge
   117  ```