istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Helm] move warning before installing base helm chart (#8591) 

* move warning before installing base helm chart

* move warning to the top
This commit is contained in:
Shamsher Ansari 2020-11-27 21:20:39 +05:30 committed by GitHub
parent fa3f2d9790
commit 0352401f97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
content/en/docs/setup/install/helm/index.md
View File

@ -38,6 +38,19 @@ The commands in this guide use the Helm charts that are included in the Istio re
Change directory to the root of the release package and then
follow the instructions below.
{{< warning >}}
The default chart configuration uses the secure third party tokens for the service
account token projections used by Istio proxies to authenticate with the Istio
control plane. Before proceeding to install any of the charts below, you should
verify if third party tokens are enabled in your cluster by following the steps
describe [here](/docs/ops/best-practices/security/#configure-third-party-service-account-tokens).
If third party tokens are not enabled, you should add the option
`--set global.jwtPolicy=first-party-jwt` to the Helm install commands.
If the `jwtPolicy` is not set correctly, pods associated with `istiod`,
gateways or workloads with injected Envoy proxies will not get deployed due
to the missing `istio-token` volume.
{{< /warning >}}
1. Create a namespace `istio-system` for Istio components:
{{< text bash >}}
@ -48,22 +61,9 @@ follow the instructions below.
the Istio control plane:
{{< text bash >}}
$ helm install --namespace istio-system istio-base manifests/charts/base
$ helm install -n istio-system istio-base manifests/charts/base
{{< /text >}}
{{< warning >}}
The default chart configuration uses the secure third party tokens for service
account token projections used by Istio proxies to authenticate with the Istio
control plane. Before proceeding to install any of the charts below, you should
verify if third party tokens are enabled in your cluster by following the steps
describe [here](/docs/ops/best-practices/security/#configure-third-party-service-account-tokens).
If third party tokens are not enabled, you should add the option
`--set global.jwtPolicy=first-party-jwt` to the Helm install commands.
If the `jwtPolicy` is not set correctly, pods associated with `istiod`,
gateways or workloads with injected Envoy proxies will not get deployed due
to the missing `istio-token` volume.
{{< /warning >}}
1. Install the Istio discovery chart which deploys the `istiod` service:
{{< text bash >}}