Installation Options

To customize Istio install using Helm, use the --set <key>=<value> option in Helm command to override one or more values. The set of supported keys is shown in the table below.

KeyDefault ValueDescription
global.hubgcr.io/istio-release
global.tagrelease-1.0-latest-daily
global.k8sIngressSelectoringress
global.k8sIngressHttpsfalse
global.proxy.imageproxyv2
global.proxy.resources.requests.cpu10m
global.proxy.accessLogFile"/dev/stdout"
global.proxy.enableCoreDumpfalse
global.proxy.includeIPRanges"*"
global.proxy.excludeIPRanges""
global.proxy.includeInboundPorts"*"
global.proxy.excludeInboundPorts""
global.proxy.autoInjectenabled
global.proxy.envoyStatsd.enabledtrue
global.proxy.envoyStatsd.hostistio-statsd-prom-bridge
global.proxy.envoyStatsd.port9125
global.proxy_init.imageproxy_init
global.imagePullPolicyIfNotPresent
global.controlPlaneSecurityEnabledfalse
global.disablePolicyChecksfalse
global.enableTracingtrue
global.mtls.enabledfalse
global.arch.amd642
global.arch.s390x2
global.arch.ppc64le2
global.oneNamespacefalse
global.configValidationtrue
global.meshExpansionfalse
global.meshExpansionILBfalse
global.defaultResources.requests.cpu10m
global.hyperkube.hubquay.io/coreos
global.hyperkube.tagv1.7.6_coreos.0
global.priorityClassName""
global.crdstrue
ingress.enabledfalse
ingress.replicaCount1
ingress.autoscaleMin1
ingress.autoscaleMax5
ingress.service.annotations{}
ingress.service.loadBalancerIP""
ingress.service.typeLoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
ingress.service.ports.namehttp
ingress.service.ports.nodePort32000
ingress.service.ports.namehttps
ingress.service.selector.istioingress
gateways.enabledtrue
gateways.istio-ingressgateway.enabledtrue
gateways.istio-ingressgateway.labels.appistio-ingressgateway
gateways.istio-ingressgateway.labels.istioingressgateway
gateways.istio-ingressgateway.replicaCount1
gateways.istio-ingressgateway.autoscaleMin1
gateways.istio-ingressgateway.autoscaleMax5
gateways.istio-ingressgateway.resources{}
gateways.istio-ingressgateway.loadBalancerIP""
gateways.istio-ingressgateway.serviceAnnotations{}
gateways.istio-ingressgateway.typeLoadBalancer #change to NodePort, ClusterIP or LoadBalancer if need be
gateways.istio-ingressgateway.ports.targetPort80
gateways.istio-ingressgateway.ports.namehttp2
gateways.istio-ingressgateway.ports.nodePort31380
gateways.istio-ingressgateway.ports.namehttps
gateways.istio-ingressgateway.ports.nodePort31390
gateways.istio-ingressgateway.ports.nametcp
gateways.istio-ingressgateway.ports.nodePort31400
gateways.istio-ingressgateway.ports.targetPort15011
gateways.istio-ingressgateway.ports.nametcp-pilot-grpc-tls
gateways.istio-ingressgateway.ports.targetPort8060
gateways.istio-ingressgateway.ports.nametcp-citadel-grpc-tls
gateways.istio-ingressgateway.ports.targetPort15030
gateways.istio-ingressgateway.ports.namehttp2-prometheus
gateways.istio-ingressgateway.ports.targetPort15031
gateways.istio-ingressgateway.ports.namehttp2-grafana
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-certs
gateways.istio-ingressgateway.secretVolumes.secretNameistio-ingressgateway-ca-certs
gateways.istio-ingressgateway.secretVolumes.mountPath/etc/istio/ingressgateway-ca-certs
gateways.istio-egressgateway.enabledtrue
gateways.istio-egressgateway.labels.appistio-egressgateway
gateways.istio-egressgateway.labels.istioegressgateway
gateways.istio-egressgateway.replicaCount1
gateways.istio-egressgateway.autoscaleMin1
gateways.istio-egressgateway.autoscaleMax5
gateways.istio-egressgateway.serviceAnnotations{}
gateways.istio-egressgateway.typeClusterIP #change to NodePort or LoadBalancer if need be
gateways.istio-egressgateway.ports.namehttp2
gateways.istio-egressgateway.ports.namehttps
gateways.istio-egressgateway.secretVolumes.secretNameistio-egressgateway-certs
gateways.istio-egressgateway.secretVolumes.mountPath/etc/istio/egressgateway-certs
gateways.istio-egressgateway.secretVolumes.secretNameistio-egressgateway-ca-certs
gateways.istio-egressgateway.secretVolumes.mountPath/etc/istio/egressgateway-ca-certs
gateways.istio-ilbgateway.enabledfalse
gateways.istio-ilbgateway.labels.appistio-ilbgateway
gateways.istio-ilbgateway.labels.istioilbgateway
gateways.istio-ilbgateway.replicaCount1
gateways.istio-ilbgateway.autoscaleMin1
gateways.istio-ilbgateway.autoscaleMax5
gateways.istio-ilbgateway.resources.requests.cpu800m
gateways.istio-ilbgateway.resources.requests.memory512Mi
gateways.istio-ilbgateway.loadBalancerIP""
gateways.istio-ilbgateway.serviceAnnotations.cloud.google.com/load-balancer-type"internal"
gateways.istio-ilbgateway.typeLoadBalancer
gateways.istio-ilbgateway.ports.namegrpc-pilot-mtls
gateways.istio-ilbgateway.ports.namegrpc-pilot
gateways.istio-ilbgateway.ports.targetPort8060
gateways.istio-ilbgateway.ports.nametcp-citadel-grpc-tls
gateways.istio-ilbgateway.ports.nametcp-dns
gateways.istio-ilbgateway.secretVolumes.secretNameistio-ilbgateway-certs
gateways.istio-ilbgateway.secretVolumes.mountPath/etc/istio/ilbgateway-certs
gateways.istio-ilbgateway.secretVolumes.secretNameistio-ilbgateway-ca-certs
gateways.istio-ilbgateway.secretVolumes.mountPath/etc/istio/ilbgateway-ca-certs
sidecarInjectorWebhook.enabledtrue
sidecarInjectorWebhook.replicaCount1
sidecarInjectorWebhook.imagesidecar_injector
sidecarInjectorWebhook.enableNamespacesByDefaultfalse
galley.enabledtrue
galley.replicaCount1
galley.imagegalley
mixer.enabledtrue
mixer.replicaCount1
mixer.autoscaleMin1
mixer.autoscaleMax5
mixer.imagemixer
mixer.istio-policy.autoscaleEnabledtrue
mixer.istio-policy.autoscaleMin1
mixer.istio-policy.autoscaleMax5
mixer.istio-policy.cpu.targetAverageUtilization80
mixer.istio-telemetry.autoscaleEnabledtrue
mixer.istio-telemetry.autoscaleMin1
mixer.istio-telemetry.autoscaleMax5
mixer.istio-telemetry.cpu.targetAverageUtilization80
mixer.prometheusStatsdExporter.hubdocker.io/prom
mixer.prometheusStatsdExporter.tagv0.6.0
pilot.enabledtrue
pilot.replicaCount1
pilot.autoscaleMin1
pilot.autoscaleMax1
pilot.imagepilot
pilot.sidecartrue
pilot.traceSampling100.0
pilot.resources.requests.cpu500m
pilot.resources.requests.memory2048Mi
security.replicaCount1
security.imagecitadel
security.selfSignedtrue # indicate if self-signed CA is used.
telemetry-gateway.gatewayNameingressgateway
telemetry-gateway.grafanaEnabledfalse
telemetry-gateway.prometheusEnabledfalse
grafana.enabledfalse
grafana.replicaCount1
grafana.imagegrafana
grafana.security.enabledfalse
grafana.security.adminUseradmin
grafana.security.adminPasswordadmin
grafana.service.annotations{}
grafana.service.namehttp
grafana.service.typeClusterIP
grafana.service.externalPort3000
grafana.service.internalPort3000
prometheus.enabledtrue
prometheus.replicaCount1
prometheus.hubdocker.io/prom
prometheus.tagv2.3.1
prometheus.service.annotations{}
prometheus.service.nodePort.enabledfalse
prometheus.service.nodePort.port32090
servicegraphservicegraph.local
servicegraph.enabledfalse
servicegraph.replicaCount1
servicegraph.imageservicegraph
servicegraph.service.annotations{}
servicegraph.service.namehttp
servicegraph.service.typeClusterIP
servicegraph.service.externalPort8088
servicegraph.service.internalPort8088
servicegraph.ingressservicegraph.local
servicegraph.ingress.enabledfalse
servicegraph.ingress.hostsservicegraph.local
servicegraph.prometheusAddrhttp://prometheus:9090
tracingjaeger.local tracing.local
tracing.enabledfalse
tracing.providerjaeger
tracing.jaegerjaeger.local
tracing.jaeger.hubdocker.io/jaegertracing
tracing.jaeger.tag1.5
tracing.jaeger.memory.max_traces50000
tracing.jaeger.ui.port16686
tracing.jaeger.ingressjaeger.local
tracing.jaeger.ingress.enabledfalse
tracing.jaeger.ingress.hostsjaeger.local
tracing.replicaCount1
tracing.service.annotations{}
tracing.service.namehttp
tracing.service.typeClusterIP
tracing.service.externalPort9411
tracing.service.internalPort9411
tracing.ingresstracing.local
tracing.ingress.enabledfalse
tracing.ingress.hoststracing.local
kiali.enabledfalse
kiali.replicaCount1
kiali.hubdocker.io/kiali
kiali.tagistio-release-1.0
kiali.ingress.enabledfalse
kiali.dashboard.usernameadmin
kiali.dashboard.passphraseadmin
certmanager.enabledfalse
certmanager.hubquay.io/jetstack
certmanager.tagv0.3.1
certmanager.resources{}

See also

Install Istio with the included Helm chart.

Install minimal Istio using Helm.

Instructions to download the Istio release.

Instructions to setup a Google Kubernetes Engine cluster for Istio.

Example multicluster GKE install of Istio.

Example multicluster between IBM Cloud Kubernetes Service & IBM Cloud Private.