github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/README.md (about) 1 # Istio 2 3 [Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. 4 5 ## Introduction 6 7 This chart bootstraps all istio [components](https://istio.io/docs/concepts/what-is-istio/overview.html) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. 8 9 ## Chart Details 10 11 This chart can install multiple istio components as subcharts: 12 - ingress 13 - ingressgateway 14 - egressgateway 15 - sidecarInjectorWebhook 16 - galley 17 - mixer 18 - pilot 19 - security(citadel) 20 - grafana 21 - prometheus 22 - servicegraph 23 - tracing(jaeger) 24 - kiali 25 26 To enable or disable each component, change the corresponding `enabled` flag. 27 28 ## Prerequisites 29 30 - Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required 31 - Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required 32 - If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. 33 34 ## Resources Required 35 36 The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. 37 38 ## Installing the Chart 39 40 1. If a service account has not already been installed for Tiller, install one: 41 ``` 42 $ kubectl apply -f install/kubernetes/helm/helm-service-account.yaml 43 ``` 44 45 2. Install Tiller on your cluster with the service account: 46 ``` 47 $ helm init --service-account tiller 48 ``` 49 50 3. Install Istio’s [Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) via `kubectl apply`, and wait a few seconds for the CRDs to be committed in the kube-apiserver: 51 ``` 52 $ kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml 53 ``` 54 **Note**: If you are enabling `certmanager`, you also need to install its CRDs and wait a few seconds for the CRDs to be committed in the kube-apiserver: 55 ``` 56 $ kubectl apply -f install/kubernetes/helm/istio/charts/certmanager/templates/crds.yaml 57 ``` 58 59 4. To install the chart with the release name `istio` in namespace `istio-system`: 60 - With [automatic sidecar injection](https://istio.io/docs/setup/kubernetes/sidecar-injection/#automatic-sidecar-injection) (requires Kubernetes >=1.9.0): 61 ``` 62 $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system 63 ``` 64 65 - Without the sidecar injection webhook: 66 ``` 67 $ helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=false 68 ``` 69 70 ## Configuration 71 72 The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. 73 To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations may be used in the same Helm operation. 74 75 Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the following table: 76 77 | Parameter | Description | Values | Default | 78 | --- | --- | --- | --- | 79 | `global.hub` | Specifies the HUB for most images used by Istio | registry/namespace | `docker.io/istio` | 80 | `global.tag` | Specifies the TAG for most images used by Istio | valid image tag | `0.8.latest` | 81 | `global.proxy.image` | Specifies the proxy image name | valid proxy name | `proxyv2` | 82 | `global.proxy.concurrency` | Specifies the number of proxy worker threads | number, 0 = auto | `0` | 83 | `global.imagePullPolicy` | Specifies the image pull policy | valid image pull policy | `IfNotPresent` | 84 | `global.controlPlaneSecurityEnabled` | Specifies whether control plane mTLS is enabled | true/false | `false` | 85 | `global.mtls.enabled` | Specifies whether mTLS is enabled by default between services | true/false | `false` | 86 | `global.rbacEnabled` | Specifies whether to create Istio RBAC rules or not | true/false | `true` | 87 | `global.refreshInterval` | Specifies the mesh discovery refresh interval | integer followed by s | `10s` | 88 | `global.arch.amd64` | Specifies the scheduling policy for `amd64` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` | 89 | `global.arch.s390x` | Specifies the scheduling policy for `s390x` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` | 90 | `global.arch.ppc64le` | Specifies the scheduling policy for `ppc64le` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` | 91 | `ingress.enabled` | Specifies whether Ingress should be installed | true/false | `true` | 92 | `gateways.istio-ingressgateway.enabled` | Specifies whether Ingress gateway should be installed | true/false | `true` | 93 | `gateways.istio-egressgateway.enabled` | Specifies whether Egress gateway should be installed | true/false | `true` | 94 | `sidecarInjectorWebhook.enabled` | Specifies whether automatic sidecar-injector should be installed | `true` | 95 | `galley.enabled` | Specifies whether Galley should be installed for server-side config validation | true/false | `true` | 96 | `mixer.enabled` | Specifies whether Mixer should be installed | true/false | `true` | 97 | `pilot.enabled` | Specifies whether Pilot should be installed | true/false | `true` | 98 | `grafana.enabled` | Specifies whether Grafana addon should be installed | true/false | `false` | 99 | `grafana.persist` | Specifies whether Grafana addon should persist config data | true/false | `false` | 100 | `grafana.storageClassName` | If `grafana.persist` is true, specifies the [`StorageClass`](https://kubernetes.io/docs/concepts/storage/storage-classes/) to use for the `PersistentVolumeClaim` | `StorageClass` | "" | 101 | `prometheus.enabled` | Specifies whether Prometheus addon should be installed | true/false | `true` | 102 | `servicegraph.enabled` | Specifies whether Servicegraph addon should be installed | true/false | `false` | 103 | `tracing.enabled` | Specifies whether Tracing(jaeger) addon should be installed | true/false | `false` | 104 | `kiali.enabled` | Specifies whether Kiali addon should be installed | true/false | `false` | 105 106 ## Uninstalling the Chart 107 108 To uninstall/delete the `istio` release: 109 ``` 110 $ helm delete istio 111 ``` 112 The command removes all the Kubernetes components associated with the chart and deletes the release. 113 114 To uninstall/delete the `istio` release completely and make its name free for later use: 115 ``` 116 $ helm delete istio --purge 117 ```