安装选项

可以通过在使用 Helm 命令时,增加 —set <key>=<value> 参数来覆写默认值的方式,来定制化安装 Istio。

下面列出所有可用键名。

certmanager 选项

默认值描述
certmanager.enabledtrue
certmanager.hubquay.io/jetstack
certmanager.tagv0.3.1
certmanager.resources{}

galley 选项

默认值描述
galley.enabledtrue
galley.replicaCount1
galley.imagegalley

gateways 选项

默认值描述
gateways.enabledtrue
gateways.istio-ingressgateway.enabledtrue
gateways.istio-ingressgateway.labels.appistio-ingressgateway
gateways.istio-ingressgateway.labels.istioingressgateway
gateways.istio-ingressgateway.replicaCount1
gateways.istio-ingressgateway.autoscaleMin1
gateways.istio-ingressgateway.autoscaleMax5
gateways.istio-ingressgateway.resources{}
gateways.istio-ingressgateway.loadBalancerIP""
gateways.istio-ingressgateway.externalIPs[]
gateways.istio-ingressgateway.serviceAnnotations{}
gateways.istio-ingressgateway.typeLoadBalancer如果需要,请更改为 NodePort,ClusterIP 或 LoadBalancer
gateways.istio-ingressgateway.ports.targetPort80
gateways.istio-ingressgateway.ports.namehttp2
gateways.istio-ingressgateway.ports.nodePort31380
gateways.istio-ingressgateway.ports.namehttps
gateways.istio-ingressgateway.ports.nodePort31390
gateways.istio-ingressgateway.ports.nametcp
gateways.istio-ingressgateway.ports.nodePort31400
gateways.istio-ingressgateway.ports.targetPort15011
gateways.istio-ingressgateway.ports.nametcp-pilot-grpc-tls
gateways.istio-ingressgateway.ports.targetPort8060
gateways.istio-ingressgateway.ports.nametcp-citadel-grpc-tls
gateways.istio-ingressgateway.ports.targetPort15030
gateways.istio-ingressgateway.ports.namehttp2-prometheus
gateways.istio-ingressgateway.ports.targetPort15031
gateways.istio-ingressgateway.ports.namehttp2-grafana
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-ca-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-ca-certs
gateways.istio-egressgateway.enabledtrue
gateways.istio-egressgateway.labels.appistio-egressgateway
gateways.istio-egressgateway.labels.istioegressgateway
gateways.istio-egressgateway.replicaCount1
gateways.istio-egressgateway.autoscaleMin1
gateways.istio-egressgateway.autoscaleMax5
gateways.istio-egressgateway.serviceAnnotations{}
gateways.istio-egressgateway.typeClusterIP如果需要,请更改为 NodePort 或 LoadBalancer
gateways.istio-egressgateway.ports.namehttp2
gateways.istio-egressgateway.ports.name.namehttps
gateways.istio-egressgateway.secretVolumes.secretNameistio-egressgateway-certs
gateways.istio-egressgateway.secretVolumes.secretName.mountPath/etc/istio/egressgateway-certs
gateways.istio-egressgateway.secretVolumes.secretName.secretNameistio-egressgateway-ca-certs
gateways.istio-egressgateway.secretVolumes.secretName.mountPath/etc/istio/egressgateway-ca-certs
gateways.istio-ilbgateway.enabledfalse
gateways.istio-ilbgateway.enabled.labels.appistio-ilbgateway
gateways.istio-ilbgateway.enabled.labels.istioilbgateway
gateways.istio-ilbgateway.enabled.replicaCount1
gateways.istio-ilbgateway.enabled.autoscaleMin1
gateways.istio-ilbgateway.enabled.autoscaleMax5
gateways.istio-ilbgateway.enabled.resources.requests.cpu800m
gateways.istio-ilbgateway.enabled.resources.requests.memory512Mi
gateways.istio-ilbgateway.enabled.loadBalancerIP""
gateways.istio-ilbgateway.enabled.serviceAnnotations.cloud.google.com/load-balancer-type"internal"
gateways.istio-ilbgateway.enabled.typeLoadBalancer
gateways.istio-ilbgateway.enabled.ports.namegrpc-pilot-mtls
gateways.istio-ilbgateway.enabled.ports.namegrpc-pilot
gateways.istio-ilbgateway.enabled.ports.targetPort8060
gateways.istio-ilbgateway.enabled.ports.nametcp-citadel-grpc-tls
gateways.istio-ilbgateway.enabled.ports.nametcp-dns
gateways.istio-ilbgateway.enabled.secretVolumes.secretNameistio-ilbgateway-certs
gateways.istio-ilbgateway.enabled.secretVolumes.mountPath/etc/istio/ilbgateway-certs
gateways.istio-ilbgateway.enabled.secretVolumes.secretNameistio-ilbgateway-ca-certs
gateways.istio-ilbgateway.enabled.secretVolumes.mountPath/etc/istio/ilbgateway-ca-certs

global 选项

默认值描述
global.hubdocker.io/istio
global.tag1.0.0
global.k8sIngressSelectoringress
global.k8sIngressHttpsfalse
global.proxy.imageproxyv2
global.proxy.resources.requests.cpu10m
global.proxy.accessLogFile"/dev/stdout"
global.proxy.enableCoreDumpfalse
global.proxy.includeIPRanges""
global.proxy.excludeIPRanges""
global.proxy.includeInboundPorts""
global.proxy.excludeInboundPorts""
global.proxy.autoInjectenabled
global.proxy_init.imageproxy_init
global.imagePullPolicyIfNotPresent
global.controlPlaneSecurityEnabledtrue
global.disablePolicyChecksfalse
global.enableTracingtrue
global.mtls.enabledtrue
global.arch.amd642
global.arch.s390x2
global.arch.ppc64le2
global.oneNamespacefalse
global.configValidationtrue
global.meshExpansionfalse
global.meshExpansionILBfalse
global.defaultResources.requests.cpu10m
global.hyperkube.hubquay.io/coreos
global.hyperkube.tagv1.7.6_coreos.0
global.priorityClassName""
global.crdstrue

grafana 选项

默认值描述
grafana.enabledtrue
grafana.replicaCount1
grafana.imagegrafana
grafana.security.enabledtrue
grafana.security.adminUseradmin
grafana.security.adminPasswordadmin
grafana.service.annotations{}
grafana.service.namehttp
grafana.service.typeClusterIP
grafana.service.externalPort3000
grafana.service.internalPort3000

ingress 选项

默认值描述
ingress.enabledtrue
ingress.replicaCount1
ingress.autoscaleMin1
ingress.autoscaleMax5
ingress.service.annotations{}
ingress.service.loadBalancerIP""
ingress.service.typeLoadBalancer如果需要,请更改为 NodePort,ClusterIP 或 LoadBalancer
ingress.service.ports.namehttp
ingress.service.ports.nodePort32000
ingress.service.ports.namehttps
ingress.service.selector.istioingress

kiali 选项

默认值描述
kiali.enabledtrue
kiali.replicaCount1
kiali.hubdocker.io/kiali
kiali.tagistio-release-1.0
kiali.ingress.enabledtrue
kiali.dashboard.usernameadmin
kiali.dashboard.passphraseadmin

mixer 选项

默认值描述
mixer.enabledtrue
mixer.replicaCount1
mixer.autoscaleMin1
mixer.autoscaleMax5
mixer.imagemixer
mixer.istio-policy.autoscaleEnabledtrue
mixer.istio-policy.autoscaleMin1
mixer.istio-policy.autoscaleMax5
mixer.istio-policy.cpu.targetAverageUtilization80
mixer.istio-telemetry.autoscaleEnabledtrue
mixer.istio-telemetry.autoscaleMin1
mixer.istio-telemetry.autoscaleMax5
mixer.istio-telemetry.cpu.targetAverageUtilization80
mixer.prometheusStatsdExporter.hubdocker.io/prom
mixer.prometheusStatsdExporter.tagv0.6.0

pilot 选项

默认值描述
pilot.enabledtrue
pilot.replicaCount1
pilot.autoscaleMin1
pilot.autoscaleMax1
pilot.imagepilot
pilot.sidecartrue
pilot.traceSampling100.0
pilot.resources.requests.cpu500m
pilot.resources.requests.memory2048Mi

prometheus 选项

默认值描述
prometheus.enabledtrue
prometheus.replicaCount1
prometheus.hubdocker.io/prom
prometheus.tagv2.3.1
prometheus.service.annotations{}
prometheus.service.nodePort.enabledfalse
prometheus.service.nodePort.port32090

security 选项

默认值描述
security.replicaCount1
security.imagecitadel
security.selfSignedtrue指示是否使用自签名 CA.

sidecarInjectorWebhook 选项

默认值描述
sidecarInjectorWebhook.enabledtrue
sidecarInjectorWebhook.replicaCount1
sidecarInjectorWebhook.imagesidecar_injector
sidecarInjectorWebhook.enableNamespacesByDefaultfalse

telemetry-gateway 选项

默认值描述
telemetry-gateway.gatewayNameingressgateway
telemetry-gateway.grafanaEnabledtrue
telemetry-gateway.prometheusEnabledtrue

tracing 选项

默认值描述
tracing.enabledtrue
tracing.providerjaeger
tracing.jaeger.hubdocker.io/jaegertracing
tracing.jaeger.tag1.5
tracing.jaeger.memory.max_traces50000
tracing.jaeger.ui.port16686
tracing.replicaCount1
tracing.service.annotations{}
tracing.service.namehttp
tracing.service.typeClusterIP
tracing.service.externalPort9411
tracing.service.internalPort9411
tracing.ingress.enabledfalse

相关内容

使用 Helm 进行安装

使用内含的 Helm chart 安装 Istio。

安装 Istio CNI

Istio CNI 插件的安装和使用,该插件让运维人员可以用较低的权限来完成网格服务的部署工作。

Istio Sidecar 注入过程解密

Istio 将数据面组件注入到现存部署之中的过程。

Gateway 连接

使用 Istio Gateway 跨越多个 Kubernetes 集群安装 Istio 网格以访问远程 pod。

Google Kubernetes Engine

基于 GKE 的 Istio 多集群安装。

Google Kubernetes Engine

对 Google Kubernetes Engine(GKE)集群进行配置以便安装运行 Istio。