Installation Options

To customize Istio install using Helm, use the --set <key>=<value> option in Helm command to override one or more values. The set of supported keys is shown in the table below.

KeyDefault ValueDescription
global.hubgcr.io/istio-release
global.tagrelease-1.0-latest-daily
global.k8sIngressSelectoringress
global.k8sIngressHttpsfalse
global.proxy.imageproxyv2
global.proxy.resources.requests.cpu10m
global.proxy.accessLogFile"/dev/stdout"
global.proxy.enableCoreDumpfalse
global.proxy.includeIPRanges"*"
global.proxy.excludeIPRanges""
global.proxy.includeInboundPorts"*"
global.proxy.excludeInboundPorts""
global.proxy.autoInjectenabled
global.proxy.envoyStatsd.enabledtrue
global.proxy.envoyStatsd.hostistio-statsd-prom-bridge
global.proxy.envoyStatsd.port9125
global.proxy_init.imageproxy_init
global.imagePullPolicyIfNotPresent
global.controlPlaneSecurityEnabledfalse
global.disablePolicyChecksfalse
global.enableTracingtrue
global.mtls.enabledfalse
global.arch.amd642
global.arch.s390x2
global.arch.ppc64le2
global.oneNamespacefalse
global.configValidationtrue
global.meshExpansionfalse
global.meshExpansionILBfalse
global.defaultResources.requests.cpu10m
global.hyperkube.hubquay.io/coreos
global.hyperkube.tagv1.7.6_coreos.0
global.priorityClassName""
global.crdstrue
ingress.enabledfalse
ingress.replicaCount1
ingress.autoscaleMin1
ingress.autoscaleMax5
ingress.service.annotations{}
ingress.service.loadBalancerIP""
ingress.service.typeLoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
ingress.service.ports.namehttp
ingress.service.ports.nodePort32000
ingress.service.ports.namehttps
ingress.service.selector.istioingress
gateways.enabledtrue
gateways.istio-ingressgateway.enabledtrue
gateways.istio-ingressgateway.labels.appistio-ingressgateway
gateways.istio-ingressgateway.labels.istioingressgateway
gateways.istio-ingressgateway.replicaCount1
gateways.istio-ingressgateway.autoscaleMin1
gateways.istio-ingressgateway.autoscaleMax5
gateways.istio-ingressgateway.resources{}
gateways.istio-ingressgateway.loadBalancerIP""
gateways.istio-ingressgateway.serviceAnnotations{}
gateways.istio-ingressgateway.typeLoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
gateways.istio-ingressgateway.ports.targetPort80
gateways.istio-ingressgateway.ports.namehttp2
gateways.istio-ingressgateway.ports.nodePort31380
gateways.istio-ingressgateway.ports.namehttps
gateways.istio-ingressgateway.ports.nodePort31390
gateways.istio-ingressgateway.ports.nametcp
gateways.istio-ingressgateway.ports.nodePort31400
gateways.istio-ingressgateway.ports.targetPort15011
gateways.istio-ingressgateway.ports.nametcp-pilot-grpc-tls
gateways.istio-ingressgateway.ports.targetPort8060
gateways.istio-ingressgateway.ports.nametcp-citadel-grpc-tls
gateways.istio-ingressgateway.ports.targetPort15030
gateways.istio-ingressgateway.ports.namehttp2-prometheus
gateways.istio-ingressgateway.ports.targetPort15031
gateways.istio-ingressgateway.ports.namehttp2-grafana
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-ca-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-ca-certs
gateways.istio-egressgateway.enabledtrue
gateways.istio-egressgateway.labels.appistio-egressgateway
gateways.istio-egressgateway.labels.istioegressgateway
gateways.istio-egressgateway.replicaCount1
gateways.istio-egressgateway.autoscaleMin1
gateways.istio-egressgateway.autoscaleMax5
gateways.istio-egressgateway.serviceAnnotations{}
gateways.istio-egressgateway.typeClusterIP #change to NodePort or LoadBalancer if need be
gateways.istio-egressgateway.ports.namehttp2
gateways.istio-egressgateway.ports.namehttps
gateways.istio-egressgateway.secretVolumes.secretNameistio-egressgateway-certs
gateways.istio-egressgateway.secretVolumes.mountPath/etc/istio/egressgateway-certs
gateways.istio-egressgateway.secretVolumes.secretNameistio-egressgateway-ca-certs
gateways.istio-egressgateway.secretVolumes.mountPath/etc/istio/egressgateway-ca-certs
gateways.istio-ilbgateway.enabledfalse
gateways.istio-ilbgateway.labels.appistio-ilbgateway
gateways.istio-ilbgateway.labels.istioilbgateway
gateways.istio-ilbgateway.replicaCount1
gateways.istio-ilbgateway.autoscaleMin1
gateways.istio-ilbgateway.autoscaleMax5
gateways.istio-ilbgateway.resources.requests.cpu800m
gateways.istio-ilbgateway.resources.requests.memory512Mi
gateways.istio-ilbgateway.loadBalancerIP""
gateways.istio-ilbgateway.serviceAnnotations.cloud.google.com/load-balancer-type"internal"
gateways.istio-ilbgateway.typeLoadBalancer
gateways.istio-ilbgateway.ports.namegrpc-pilot-mtls
gateways.istio-ilbgateway.ports.namegrpc-pilot
gateways.istio-ilbgateway.ports.targetPort8060
gateways.istio-ilbgateway.ports.nametcp-citadel-grpc-tls
gateways.istio-ilbgateway.ports.nametcp-dns
gateways.istio-ilbgateway.secretVolumes.secretNameistio-ilbgateway-certs
gateways.istio-ilbgateway.secretVolumes.mountPath/etc/istio/ilbgateway-certs
gateways.istio-ilbgateway.secretVolumes.secretNameistio-ilbgateway-ca-certs
gateways.istio-ilbgateway.secretVolumes.mountPath/etc/istio/ilbgateway-ca-certs
sidecarInjectorWebhook.enabledtrue
sidecarInjectorWebhook.replicaCount1
sidecarInjectorWebhook.imagesidecar_injector
sidecarInjectorWebhook.enableNamespacesByDefaultfalse
galley.enabledtrue
galley.replicaCount1
galley.imagegalley
mixer.enabledtrue
mixer.replicaCount1
mixer.autoscaleMin1
mixer.autoscaleMax5
mixer.imagemixer
mixer.istio-policy.autoscaleEnabledtrue
mixer.istio-policy.autoscaleMin1
mixer.istio-policy.autoscaleMax5
mixer.istio-policy.cpu.targetAverageUtilization80
mixer.istio-telemetry.autoscaleEnabledtrue
mixer.istio-telemetry.autoscaleMin1
mixer.istio-telemetry.autoscaleMax5
mixer.istio-telemetry.cpu.targetAverageUtilization80
mixer.prometheusStatsdExporter.hubdocker.io/prom
mixer.prometheusStatsdExporter.tagv0.6.0
pilot.enabledtrue
pilot.replicaCount1
pilot.autoscaleMin1
pilot.autoscaleMax1
pilot.imagepilot
pilot.sidecartrue
pilot.traceSampling100.0
pilot.resources.requests.cpu500m
pilot.resources.requests.memory2048Mi
security.replicaCount1
security.imagecitadel
security.selfSignedtrue # indicate if self-signed CA is used.
telemetry-gateway.gatewayNameingressgateway
telemetry-gateway.grafanaEnabledfalse
telemetry-gateway.prometheusEnabledfalse
grafana.enabledfalse
grafana.replicaCount1
grafana.imagegrafana
grafana.security.enabledfalse
grafana.security.adminUseradmin
grafana.security.adminPasswordadmin
grafana.service.annotations{}
grafana.service.namehttp
grafana.service.typeClusterIP
grafana.service.externalPort3000
grafana.service.internalPort3000
prometheus.enabledtrue
prometheus.replicaCount1
prometheus.hubdocker.io/prom
prometheus.tagv2.3.1
prometheus.service.annotations{}
prometheus.service.nodePort.enabledfalse
prometheus.service.nodePort.port32090
servicegraphservicegraph.local
servicegraph.enabledfalse
servicegraph.replicaCount1
servicegraph.imageservicegraph
servicegraph.service.annotations{}
servicegraph.service.namehttp
servicegraph.service.typeClusterIP
servicegraph.service.externalPort8088
servicegraph.service.internalPort8088
servicegraph.ingressservicegraph.local
servicegraph.ingress.enabledfalse
servicegraph.ingress.hostsservicegraph.local
servicegraph.prometheusAddrhttp://prometheus:9090
tracingjaeger.local tracing.local
tracing.enabledfalse
tracing.providerjaeger
tracing.jaegerjaeger.local
tracing.jaeger.hubdocker.io/jaegertracing
tracing.jaeger.tag1.5
tracing.jaeger.memory.max_traces50000
tracing.jaeger.ui.port16686
tracing.jaeger.ingressjaeger.local
tracing.jaeger.ingress.enabledfalse
tracing.jaeger.ingress.hostsjaeger.local
tracing.replicaCount1
tracing.service.annotations{}
tracing.service.namehttp
tracing.service.typeClusterIP
tracing.service.externalPort9411
tracing.service.internalPort9411
tracing.ingresstracing.local
tracing.ingress.enabledfalse
tracing.ingress.hoststracing.local
kiali.enabledfalse
kiali.replicaCount1
kiali.hubdocker.io/kiali
kiali.tagistio-release-1.0
kiali.ingress.enabledfalse
kiali.dashboard.usernameadmin
kiali.dashboard.passphraseadmin
certmanager.enabledfalse
certmanager.hubquay.io/jetstack
certmanager.tagv0.3.1
certmanager.resources{}

See also

Install Istio with the included Helm chart.

Install minimal Istio using Helm.

Instructions to setup a Google Kubernetes Engine cluster for Istio.

Instructions for installing the Istio sidecar in application pods automatically using the sidecar injector webhook or manually using istioctl CLI.

Demonstrates how to upgrade the Istio control plane and data plane independently.

Instructions to download the Istio release.