istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify sds install profile (#4489) 

* Clarify auth variant

This makes it clear that sds-auth is already the 'auth' variant. It
also tries to be more specific about what it does, rather than just
saying 'auth by default'

* Add incompatibility between SDS and control plane auth

* Remove unneeded aside

* Clarify status of control plane security with SDS

No technical issues apparently, just timeline. Also moved to before the
table for clarity.

* Simplify additional security feature table

This improves the clarity of this table by:
* Removing default and minimal , since -auth doesn't add any security
features
* Labeling the first column as security feature
* Changing the names of the profiles to reflect the final profile name
including the -auth, instead of without
This commit is contained in:
Nik Skoufis 2019-06-26 23:39:47 +10:00 committed by mergify[bot]
parent e7ff6de331
commit fe33c33740
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/docs/setup/kubernetes/additional-setup/config-profiles/index.md
View File

@ -26,8 +26,8 @@ your specific needs. The following built-in configuration profiles are currently
1. **minimal**: the minimal set of components necessary to use Istio's [traffic management](/docs/tasks/traffic-management/) features. 1. **minimal**: the minimal set of components necessary to use Istio's [traffic management](/docs/tasks/traffic-management/) features.
1. **sds**: similar to the **default** profile, but also enables Istio's [SDS (secret discovery service)](/docs/tasks/security/auth-sds). 1. **sds-auth**: similar to the **default** profile, but also enables Istio's [SDS (secret discovery service)](/docs/tasks/security/auth-sds).
This profile comes only with authentication enabled. This profile comes with additional authentication features enabled by default.
The components marked as **X** are installed within each profile: The components marked as **X** are installed within each profile:
@ -53,11 +53,15 @@ The components marked as **X** are installed within each profile:
Some profiles have an authentication variant, with `-auth` appended to the name, which adds the following Some profiles have an authentication variant, with `-auth` appended to the name, which adds the following
security features to the profile: security features to the profile:
| | default | demo | minimal | sds | {{< tip >}}
| --- | --- | --- | --- | --- | Control plane security with SDS is planned for an upcoming release.
| Control Plane Security | | X | | | {{< /tip >}}
| Strict Mutual TLS | | X | | X |
| SDS | | | | X | | Security feature | demo-auth | sds-auth |
| --- | --- | --- |
| Control Plane Security | X | |
| Strict Mutual TLS | X | X |
| SDS | | X |
To further customize Istio and install addons, you can add one or more `--set <key>=<value>` options in the `helm template` or `helm install` command that you use when installing Istio. The [Installation Options](/docs/reference/config/installation-options/) lists the complete set of supported installation key and value pairs. To further customize Istio and install addons, you can add one or more `--set <key>=<value>` options in the `helm template` or `helm install` command that you use when installing Istio. The [Installation Options](/docs/reference/config/installation-options/) lists the complete set of supported installation key and value pairs.