From a798a2bcae698e58002463e9df3fd259619a073f Mon Sep 17 00:00:00 2001 From: Eric Van Norman Date: Mon, 11 Mar 2019 16:48:34 -0500 Subject: [PATCH] Provide documentation on configuration profiles/components/add ons. (#3620) * Provide documentation on configuration profiles/componets/add ons. * Update component table to include Policy (under Mixer) * Code review comments * More code review comments * Put Add-on into dictionary * Code review comments - Change add-on to addon * Code review - Rename to config-profiles --- .spelling | 1 + .../additional-setup/config-profiles/index.md | 53 +++++++++++++++++++ .../setup/kubernetes/install/helm/index.md | 19 +------ 3 files changed, 56 insertions(+), 17 deletions(-) create mode 100644 content/docs/setup/kubernetes/additional-setup/config-profiles/index.md diff --git a/.spelling b/.spelling index d15dec68c0..39828cc46e 100644 --- a/.spelling +++ b/.spelling @@ -397,6 +397,7 @@ sa sayin schemas SDKs +sds secretName Secura selinux diff --git a/content/docs/setup/kubernetes/additional-setup/config-profiles/index.md b/content/docs/setup/kubernetes/additional-setup/config-profiles/index.md new file mode 100644 index 0000000000..c664296829 --- /dev/null +++ b/content/docs/setup/kubernetes/additional-setup/config-profiles/index.md @@ -0,0 +1,53 @@ +--- +title: Installation Configuration Profiles +description: Describes the built-in Istio installation configuration profiles. +weight: 35 +keywords: [profiles,install,helm] +--- + +This page describes the built-in configuration profiles that can be used when +[installing Istio using helm](/docs/setup/kubernetes/install/helm/). +The profiles provide customization of the Istio control plane and of the sidecars for the Istio data plane. +You can start with one of Istio’s built-in configuration profiles and then further customize the configuration for +your specific needs. The following built-in configuration profiles are currently available: + +1. **default**: enables components according to the default [Installation Options](/docs/reference/config/installation-options/) + (recommend for production deployments). + +1. **demo**: configuration suitable to run the [Bookinfo](/docs/examples/bookinfo/) application and associated tasks. + This is the same configuration that is installed with the [Quick Start](/docs/setup/kubernetes/install/kubernetes/) instructions, only using helm has the advantage + that you can more easily enable additional features if you wish to explore more advanced tasks. This profile comes in two flavors, either with or without authentication enabled. + +1. **minimal**: the minimal set of components necessary to use Istio's [traffic management](/docs/tasks/traffic-management/) features. + +1. **remote**: creates a service account with minimal access for use by Istio Pilot discovery used in [configuring a multicluster mesh](/docs/examples/multicluster/split-horizon-eds/). + +1. **sds**: used to enable [SDS (secret discovery service) for Istio](/docs/tasks/security/auth-sds). This profile comes only with authentication enabled. + +The components marked as **X** are installed within each profile: + +| | default | demo | minimal | remote | sds | +| --- | :---: | :---: | :---: | :---: | :---: | +|Profile filename | `values.yaml` | `values-istio-demo.yaml` | `values-istio-minimal.yaml` | `values-istio-remote.yaml` | `values-istio-sds-auth.yaml` | +| Core components | | | | | | +|       `istio-citadel` | X | X | | X | X | +|       `istio-egressgateway` | | X | | | | +|       `istio-galley` | X | X | | | X | +|       `istio-ingressgateway` | X | X | | | X | +|       `istio-nodeagent` | | | | | X | +|       `istio-pilot` | X | X | X | | X | +|       `istio-policy` | X | X | | | X | +|       `istio-sidecar-injector` | X | X | | X | X | +|       `istio-telemetry` | X | X | | | X | +| Addons | | | | | | +|       `grafana` | | X | | | | +|       `istio-tracing` | | X | | | | +|       `kiali` | | X | | | | +|       `prometheus` | X | X | | | X | +| | | | | | | +| The authentication version, adding `-auth`, adds | | | | | | +|       Control Plane Security | | X | | | | +|       Strict mTLS | | X | | | X | +|       SDS | | | | | X | + +To further customize Istio and install addons, you can add one or more `--set =` options in the `helm template` or `helm install` command that you use when installing Istio. The [Installation Options](/docs/reference/config/installation-options/) lists the complete set of supported installation key and value pairs. diff --git a/content/docs/setup/kubernetes/install/helm/index.md b/content/docs/setup/kubernetes/install/helm/index.md index b7bee246e8..f6d7279ab2 100644 --- a/content/docs/setup/kubernetes/install/helm/index.md +++ b/content/docs/setup/kubernetes/install/helm/index.md @@ -14,23 +14,8 @@ Follow this flow to install and configure an Istio mesh for in-depth evaluation This installation flow uses [Helm](https://github.com/helm/helm) charts that provide rich customization of the Istio control plane and of the sidecars for the Istio data plane. -You can start with one of Istio's built-in configuration profiles and then further customize -the configuration for your specific needs. -The following built-in configuration profiles are currently available: - -1. **minimal**: the minimal set of components necessary to use Istio's [traffic management](/docs/tasks/traffic-management/) features. - -1. **demo**: configuration suitable to run the [Bookinfo](/docs/examples/bookinfo/) application and associated tasks. - This is the same configuration that is installed with the [Quick Start](/docs/setup/kubernetes/install/kubernetes/) instructions, only using helm has the advantage - that you can more easily enable additional features if you wish to explore more advanced tasks. - -1. **default**: enables components according to the default [Installation Options](/docs/reference/config/installation-options/) - (recommend for production deployments). - -To further customize Istio and install addons, you can add one or more `--set =` options in the -`helm template` or `helm install` command in the instructions, below. -The [Installation Options](/docs/reference/config/installation-options/) lists the complete set of supported -installation key and value pairs. +You can start with one of Istio's built-in [configuration profiles](/docs/setup/kubernetes/additional-setup/config-profiles/) +and then further customize the configuration for your specific needs. ## Prerequisites