istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/docs/setup/kubernetes/helm-install.md

136 lines
5.7 KiB
Markdown
Raw Blame History

---
title: Installation with Helm
description: Install Istio with the included Helm chart.
weight: 30
keywords: [kubernetes,helm]
aliases:
- /docs/setup/kubernetes/helm.html
- /docs/tasks/integrating-services-into-istio.html
---
Quick start instructions for the setup and configuration of Istio using Helm.
This is the recommended install method for installing Istio to your
production environment as it offers rich customization to the Istio control
plane and the sidecars for the Istio data plane.
{{< warning_icon >}}
Installation of Istio prior to version 0.8.0 with Helm is unstable and not
recommended.
## Prerequisites
1. [Download](/docs/setup/kubernetes/quick-start/#download-and-prepare-for-the-installation)
the latest Istio release.
1. [Install the Helm client](https://docs.helm.sh/using_helm/#installing-helm).
## Option 1: Install with Helm via `helm template`
1. Render Istio's core components to a Kubernetes manifest called `istio.yaml`:
* With [automatic sidecar injection](/docs/setup/kubernetes/sidecar-injection/#automatic-sidecar-injection)
(requires Kubernetes >=1.9.0):
```command
$ helm template @install/kubernetes/helm/istio@ --name istio --namespace istio-system > $HOME/istio.yaml
```
* Without the sidecar injection webhook:
```command
$ helm template @install/kubernetes/helm/istio@ --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=false > $HOME/istio.yaml
```
1. Install the components via the manifest:
```command
$ kubectl create namespace istio-system
$ kubectl create -f $HOME/istio.yaml
```
## Option 2: Install with Helm and Tiller via `helm install`
This option allows Helm and
[Tiller](https://github.com/kubernetes/helm/blob/master/docs/architecture.md#components)
to manage the lifecycle of Istio.
{{< warning_icon >}} Upgrading Istio using Helm has not been fully tested.
1. If a service account has not already been installed for Tiller, install one:
```command
$ kubectl create -f @install/kubernetes/helm/helm-service-account.yaml@
```
1. Install Tiller on your cluster with the service account:
```command
$ helm init --service-account tiller
```
1. Install Istio:
* With [automatic sidecar injection](/docs/setup/kubernetes/sidecar-injection/#automatic-sidecar-injection) (requires Kubernetes >=1.9.0):
```command
$ helm install @install/kubernetes/helm/istio@ --name istio --namespace istio-system
```
* Without the sidecar injection webhook:
```command
$ helm install @install/kubernetes/helm/istio@ --name istio --namespace istio-system --set sidecarInjectorWebhook.enabled=false
```
## Customization with Helm
The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides.
To override Helm values, use `--set key=value` argument during the `helm install` command. Multiple `--set` operations
may be used in the same Helm operation.
Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the
following table:
| Parameter | Description | Values | Default |
| --- | --- | --- | --- |
| `global.hub` | Specifies the HUB for most images used by Istio | registry/namespace | `docker.io/istionightly` |
| `global.tag` | Specifies the TAG for most images used by Istio | valid image tag | `circleci-nightly` |
| `global.proxy.image` | Specifies the proxy image name | valid proxy name | `proxyv2` |
| `global.proxy.includeIPRanges` | Specifies the IP ranges for which outbound traffic is redirected to Envoy | List of IP ranges in CIDR notation separated by the escaped comma `\,` . Use `*` to redirect all outbound traffic to Envoy | `*` |
| `global.imagePullPolicy` | Specifies the image pull policy | valid image pull policy | `IfNotPresent` |
| `global.controlPlaneSecurityEnabled` | Specifies whether control plane mTLS is enabled | true/false | `false` |
| `global.mtls.enabled` | Specifies whether mTLS is enabled by default between services | true/false | `false` |
| `global.rbacEnabled` | Specifies whether to create Istio RBAC rules or not | true/false | `true` |
| `global.refreshInterval` | Specifies the mesh discovery refresh interval | integer followed by s | `10s` |
| `global.arch.amd64` | Specifies the scheduling policy for `amd64` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
| `global.arch.s390x` | Specifies the scheduling policy for `s390x` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
| `global.arch.ppc64le` | Specifies the scheduling policy for `ppc64le` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
| `galley.enabled` | Specifies whether Galley should be installed for server-side config validation. Requires k8s >= 1.9 | true/false | `false` |
The Helm chart also offers significant customization options per individual
service. Customize these per-service options at your own risk. The per-service options are exposed via
the [`values.yaml`](https://raw.githubusercontent.com/istio/istio/{{<branch_name>}}/install/kubernetes/helm/istio/values.yaml) file.
## What's next
See the sample [Bookinfo](/docs/guides/bookinfo/) application.
## Uninstall
* For option 1, uninstall using kubectl:
```command
$ kubectl delete -f $HOME/istio.yaml
```
* For option 2, uninstall using Helm:
```command
$ helm delete --purge istio
```
If your helm version is less than 2.9.0, then you need to manually cleanup extra job resource before redeploy new version of Istio chart:
```command
$ kubectl -n istio-system delete job --all
```
Reference in New Issue View Git Blame Copy Permalink