istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/docs/setup/kubernetes/additional-setup/config-profiles/index.md

5.0 KiB
Raw Blame History

title description weight keywords
Installation Configuration Profiles Describes the built-in Istio installation configuration profiles. 35
profiles
install
helm

This page describes the built-in configuration profiles that can be used when installing Istio using helm. The profiles provide customization of the Istio control plane and of the sidecars for the Istio data plane. You can start with one of Istios built-in configuration profiles and then further customize the configuration for your specific needs. The following built-in configuration profiles are currently available:

  1. default: enables components according to the default Installation Options (recommend for production deployments).

  2. demo: configuration designed to showcase Istio functionality with modest resource requirements. It is suitable to run the Bookinfo application and associated tasks. This is the same configuration that is installed with the Quick Start instructions, only using helm has the advantage that you can more easily enable additional features if you later wish to explore more advanced tasks. This profile comes in two variants, either with or without authentication enabled.

    {{< warning >}} This profile enables high levels of tracing and access logging so it is not suitable for performance tests. {{< /warning >}}

  3. minimal: the minimal set of components necessary to use Istio's traffic management features.

  4. sds-auth: similar to the default profile, but also enables Istio's SDS (secret discovery service). This profile comes with additional authentication features enabled by default.

The components marked as X are installed within each profile:

default demo minimal sds
Profile filename values.yaml values-istio-demo.yaml values-istio-minimal.yaml values-istio-sds-auth.yaml
Core components
      istio-citadel X X X
      istio-egressgateway X
      istio-galley X X X
      istio-ingressgateway X X X
      istio-nodeagent X
      istio-pilot X X X X
      istio-policy X X X
      istio-sidecar-injector X X X
      istio-telemetry X X X
Addons
      grafana X
      istio-tracing X
      kiali X
      prometheus X X X

Some profiles have an authentication variant, with -auth appended to the name, which adds the following security features to the profile:

{{< tip >}} Control plane security with SDS is planned for an upcoming release. {{< /tip >}}

Security feature demo-auth sds-auth
Control Plane Security X
Strict Mutual TLS X X
SDS X

To further customize Istio and install addons, you can add one or more --set <key>=<value> options in the helm template or helm install command that you use when installing Istio. The Installation Options lists the complete set of supported installation key and value pairs.

Multicluster profiles

Istio provides two additional built-in configuration profiles that are used exclusively for configuring a multicluster service mesh:

  1. remote: used for configuring remote clusters of a multicluster mesh with a single control plane topology.

  2. multicluster-gateways: used for configuring all of the clusters of a multicluster mesh with a multiple control plane topology.

The remote profile is configured using the values file values-istio-remote.yaml. This profile installs only two Istio core components:

  1. istio-citadel

  2. istio-sidecar-injector

The multicluster-gateways profile is configured using the values file values-istio-multicluster-gateways.yaml. This profile installs the same components as the Istio default configuration profile plus two additional components:

  1. The istio-egressgateway core component.

  2. The coredns addon.

Refer to the multicluster installation instructions for more details.