Installation Configuration Profiles
This page describes the built-in configuration profiles that can be used when installing Istio using helm. The profiles provide customization of the Istio control plane and of the sidecars for the Istio data plane. You can start with one of Istio’s built-in configuration profiles and then further customize the configuration for your specific needs. The following built-in configuration profiles are currently available:
default: enables components according to the default Installation Options (recommend for production deployments).
demo: configuration designed to showcase Istio functionality with modest resource requirements. It is suitable to run the Bookinfo application and associated tasks. This is the same configuration that is installed with the Quick Start instructions, only using helm has the advantage that you can more easily enable additional features if you later wish to explore more advanced tasks. This profile comes in two variants, either with or without authentication enabled.
minimal: the minimal set of components necessary to use Istio’s traffic management features.
sds-auth: similar to the default profile, but also enables Istio’s SDS (secret discovery service). This profile comes with additional authentication features enabled by default.
The components marked as X are installed within each profile:
default | demo | minimal | sds | |
---|---|---|---|---|
Profile filename | values.yaml | values-istio-demo.yaml | values-istio-minimal.yaml | values-istio-sds-auth.yaml |
Core components | ||||
istio-citadel | X | X | X | |
istio-egressgateway | X | |||
istio-galley | X | X | X | |
istio-ingressgateway | X | X | X | |
istio-nodeagent | X | |||
istio-pilot | X | X | X | X |
istio-policy | X | X | X | |
istio-sidecar-injector | X | X | X | |
istio-telemetry | X | X | X | |
Addons | ||||
grafana | X | |||
istio-tracing | X | |||
kiali | X | |||
prometheus | X | X | X |
Some profiles have an authentication variant, with -auth
appended to the name, which adds the following
security features to the profile:
Security feature | demo-auth | sds-auth |
---|---|---|
Control Plane Security | X | |
Strict Mutual TLS | X | X |
SDS | X |
To further customize Istio and install addons, you can add one or more --set <key>=<value>
options in the helm template
or helm install
command that you use when installing Istio. The Installation Options lists the complete set of supported installation key and value pairs.
Multicluster profiles
Istio provides two additional built-in configuration profiles that are used exclusively for configuring a multicluster service mesh:
remote: used for configuring remote clusters of a multicluster mesh with a shared control plane topology.
multicluster-gateways: used for configuring all of the clusters of a multicluster mesh with a multiple control plane topology.
The remote profile is configured using the values file values-istio-remote.yaml
. This profile installs only two
Istio core components:
istio-citadel
istio-sidecar-injector
The multicluster-gateways profile is configured using the values file values-istio-multicluster-gateways.yaml
.
This profile installs the same components as the Istio default configuration profile plus two additional components:
The
istio-egressgateway
core component.The
coredns
addon.
Refer to the multicluster installation instructions for more details.