安装选项

可以通过在使用 Helm 命令时,增加 —set <key>=<value> 参数来覆写默认值的方式,来定制化安装 Istio。

下面列出所有可用键名。

certmanager 选项

默认值描述
certmanager.enabledtrue
certmanager.hubquay.io/jetstack
certmanager.tagv0.3.1
certmanager.resources{}

galley 选项

默认值描述
galley.enabledtrue
galley.replicaCount1
galley.imagegalley

gateways 选项

默认值描述
gateways.enabledtrue
gateways.istio-ingressgateway.enabledtrue
gateways.istio-ingressgateway.labels.appistio-ingressgateway
gateways.istio-ingressgateway.labels.istioingressgateway
gateways.istio-ingressgateway.replicaCount1
gateways.istio-ingressgateway.autoscaleMin1
gateways.istio-ingressgateway.autoscaleMax5
gateways.istio-ingressgateway.resources{}
gateways.istio-ingressgateway.loadBalancerIP""
gateways.istio-ingressgateway.externalIPs[]
gateways.istio-ingressgateway.serviceAnnotations{}
gateways.istio-ingressgateway.typeLoadBalancer如果需要,请更改为 NodePort,ClusterIP 或 LoadBalancer
gateways.istio-ingressgateway.ports.targetPort80
gateways.istio-ingressgateway.ports.namehttp2
gateways.istio-ingressgateway.ports.nodePort31380
gateways.istio-ingressgateway.ports.namehttps
gateways.istio-ingressgateway.ports.nodePort31390
gateways.istio-ingressgateway.ports.nametcp
gateways.istio-ingressgateway.ports.nodePort31400
gateways.istio-ingressgateway.ports.targetPort15011
gateways.istio-ingressgateway.ports.nametcp-pilot-grpc-tls
gateways.istio-ingressgateway.ports.targetPort8060
gateways.istio-ingressgateway.ports.nametcp-citadel-grpc-tls
gateways.istio-ingressgateway.ports.targetPort15030
gateways.istio-ingressgateway.ports.namehttp2-prometheus
gateways.istio-ingressgateway.ports.targetPort15031
gateways.istio-ingressgateway.ports.namehttp2-grafana
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-ca-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-ca-certs
gateways.istio-egressgateway.enabledtrue
gateways.istio-egressgateway.labels.appistio-egressgateway
gateways.istio-egressgateway.labels.istioegressgateway
gateways.istio-egressgateway.replicaCount1
gateways.istio-egressgateway.autoscaleMin1
gateways.istio-egressgateway.autoscaleMax5
gateways.istio-egressgateway.serviceAnnotations{}
gateways.istio-egressgateway.typeClusterIP如果需要,请更改为 NodePort 或 LoadBalancer
gateways.istio-egressgateway.ports.namehttp2
gateways.istio-egressgateway.ports.name.namehttps
gateways.istio-egressgateway.secretVolumes.secretNameistio-egressgateway-certs
gateways.istio-egressgateway.secretVolumes.secretName.mountPath/etc/istio/egressgateway-certs
gateways.istio-egressgateway.secretVolumes.secretName.secretNameistio-egressgateway-ca-certs
gateways.istio-egressgateway.secretVolumes.secretName.mountPath/etc/istio/egressgateway-ca-certs
gateways.istio-ilbgateway.enabledfalse
gateways.istio-ilbgateway.enabled.labels.appistio-ilbgateway
gateways.istio-ilbgateway.enabled.labels.istioilbgateway
gateways.istio-ilbgateway.enabled.replicaCount1
gateways.istio-ilbgateway.enabled.autoscaleMin1
gateways.istio-ilbgateway.enabled.autoscaleMax5
gateways.istio-ilbgateway.enabled.resources.requests.cpu800m
gateways.istio-ilbgateway.enabled.resources.requests.memory512Mi
gateways.istio-ilbgateway.enabled.loadBalancerIP""
gateways.istio-ilbgateway.enabled.serviceAnnotations.cloud.google.com/load-balancer-type"internal"
gateways.istio-ilbgateway.enabled.typeLoadBalancer
gateways.istio-ilbgateway.enabled.ports.namegrpc-pilot-mtls
gateways.istio-ilbgateway.enabled.ports.namegrpc-pilot
gateways.istio-ilbgateway.enabled.ports.targetPort8060
gateways.istio-ilbgateway.enabled.ports.nametcp-citadel-grpc-tls
gateways.istio-ilbgateway.enabled.ports.nametcp-dns
gateways.istio-ilbgateway.enabled.secretVolumes.secretNameistio-ilbgateway-certs
gateways.istio-ilbgateway.enabled.secretVolumes.mountPath/etc/istio/ilbgateway-certs
gateways.istio-ilbgateway.enabled.secretVolumes.secretNameistio-ilbgateway-ca-certs
gateways.istio-ilbgateway.enabled.secretVolumes.mountPath/etc/istio/ilbgateway-ca-certs

global 选项

默认值描述
global.hubdocker.io/istio
global.tag1.0.0
global.k8sIngressSelectoringress
global.k8sIngressHttpsfalse
global.proxy.imageproxyv2
global.proxy.resources.requests.cpu10m
global.proxy.accessLogFile"/dev/stdout"
global.proxy.enableCoreDumpfalse
global.proxy.includeIPRanges""
global.proxy.excludeIPRanges""
global.proxy.includeInboundPorts""
global.proxy.excludeInboundPorts""
global.proxy.autoInjectenabled
global.proxy_init.imageproxy_init
global.imagePullPolicyIfNotPresent
global.controlPlaneSecurityEnabledtrue
global.disablePolicyChecksfalse
global.enableTracingtrue
global.mtls.enabledtrue
global.arch.amd642
global.arch.s390x2
global.arch.ppc64le2
global.oneNamespacefalse
global.configValidationtrue
global.meshExpansionfalse
global.meshExpansionILBfalse
global.defaultResources.requests.cpu10m
global.hyperkube.hubquay.io/coreos
global.hyperkube.tagv1.7.6_coreos.0
global.priorityClassName""
global.crdstrue

grafana 选项

默认值描述
grafana.enabledtrue
grafana.replicaCount1
grafana.imagegrafana
grafana.security.enabledtrue
grafana.security.adminUseradmin
grafana.security.adminPasswordadmin
grafana.service.annotations{}
grafana.service.namehttp
grafana.service.typeClusterIP
grafana.service.externalPort3000
grafana.service.internalPort3000

ingress 选项

默认值描述
ingress.enabledtrue
ingress.replicaCount1
ingress.autoscaleMin1
ingress.autoscaleMax5
ingress.service.annotations{}
ingress.service.loadBalancerIP""
ingress.service.typeLoadBalancer如果需要,请更改为 NodePort,ClusterIP 或 LoadBalancer
ingress.service.ports.namehttp
ingress.service.ports.nodePort32000
ingress.service.ports.namehttps
ingress.service.selector.istioingress

kiali 选项

默认值描述
kiali.enabledtrue
kiali.replicaCount1
kiali.hubdocker.io/kiali
kiali.tagistio-release-1.0
kiali.ingress.enabledtrue
kiali.dashboard.usernameadmin
kiali.dashboard.passphraseadmin

mixer 选项

默认值描述
mixer.enabledtrue
mixer.replicaCount1
mixer.autoscaleMin1
mixer.autoscaleMax5
mixer.imagemixer
mixer.istio-policy.autoscaleEnabledtrue
mixer.istio-policy.autoscaleMin1
mixer.istio-policy.autoscaleMax5
mixer.istio-policy.cpu.targetAverageUtilization80
mixer.istio-telemetry.autoscaleEnabledtrue
mixer.istio-telemetry.autoscaleMin1
mixer.istio-telemetry.autoscaleMax5
mixer.istio-telemetry.cpu.targetAverageUtilization80
mixer.prometheusStatsdExporter.hubdocker.io/prom
mixer.prometheusStatsdExporter.tagv0.6.0

pilot 选项

默认值描述
pilot.enabledtrue
pilot.replicaCount1
pilot.autoscaleMin1
pilot.autoscaleMax1
pilot.imagepilot
pilot.sidecartrue
pilot.traceSampling100.0
pilot.resources.requests.cpu500m
pilot.resources.requests.memory2048Mi

prometheus 选项

默认值描述
prometheus.enabledtrue
prometheus.replicaCount1
prometheus.hubdocker.io/prom
prometheus.tagv2.3.1
prometheus.service.annotations{}
prometheus.service.nodePort.enabledfalse
prometheus.service.nodePort.port32090

security 选项

默认值描述
security.replicaCount1
security.imagecitadel
security.selfSignedtrue指示是否使用自签名 CA.

sidecarInjectorWebhook 选项

默认值描述
sidecarInjectorWebhook.enabledtrue
sidecarInjectorWebhook.replicaCount1
sidecarInjectorWebhook.imagesidecar_injector
sidecarInjectorWebhook.enableNamespacesByDefaultfalse

telemetry-gateway 选项

默认值描述
telemetry-gateway.gatewayNameingressgateway
telemetry-gateway.grafanaEnabledtrue
telemetry-gateway.prometheusEnabledtrue

tracing 选项

默认值描述
tracing.enabledtrue
tracing.providerjaeger
tracing.jaeger.hubdocker.io/jaegertracing
tracing.jaeger.tag1.5
tracing.jaeger.memory.max_traces50000
tracing.jaeger.ui.port16686
tracing.replicaCount1
tracing.service.annotations{}
tracing.service.namehttp
tracing.service.typeClusterIP
tracing.service.externalPort9411
tracing.service.internalPort9411
tracing.ingress.enabledfalse