Installation Configuration Profiles

This page describes the built-in configuration profiles that can be used when installing Istio using helm. The profiles provide customization of the Istio control plane and of the sidecars for the Istio data plane. You can start with one of Istio’s built-in configuration profiles and then further customize the configuration for your specific needs. The following built-in configuration profiles are currently available:

  1. default: enables components according to the default Installation Options (recommend for production deployments).

  2. demo: configuration designed to showcase Istio functionality with modest resource requirements. It is suitable to run the Bookinfo application and associated tasks. This is the same configuration that is installed with the Quick Start instructions, only using helm has the advantage that you can more easily enable additional features if you later wish to explore more advanced tasks. This profile comes in two variants, either with or without authentication enabled.

  3. minimal: the minimal set of components necessary to use Istio’s traffic management features.

  4. sds-auth: similar to the default profile, but also enables Istio’s SDS (secret discovery service). This profile comes with additional authentication features enabled by default.

The components marked as X are installed within each profile:

defaultdemominimalsds
Profile filenamevalues.yamlvalues-istio-demo.yamlvalues-istio-minimal.yamlvalues-istio-sds-auth.yaml
Core components
      istio-citadelXXX
      istio-egressgatewayX
      istio-galleyXXX
      istio-ingressgatewayXXX
      istio-nodeagentX
      istio-pilotXXXX
      istio-policyXXX
      istio-sidecar-injectorXXX
      istio-telemetryXXX
Addons
      grafanaX
      istio-tracingX
      kialiX
      prometheusXXX

Some profiles have an authentication variant, with -auth appended to the name, which adds the following security features to the profile:

Security featuredemo-authsds-auth
Control Plane SecurityX
Strict Mutual TLSXX
SDSX

To further customize Istio and install addons, you can add one or more --set <key>=<value> options in the helm template or helm install command that you use when installing Istio. The Installation Options lists the complete set of supported installation key and value pairs.

Multicluster profiles

Istio provides two additional built-in configuration profiles that are used exclusively for configuring a multicluster service mesh:

  1. remote: used for configuring remote clusters of a multicluster mesh with a shared control plane topology.

  2. multicluster-gateways: used for configuring all of the clusters of a multicluster mesh with a multiple control plane topology.

The remote profile is configured using the values file values-istio-remote.yaml. This profile installs only two Istio core components:

  1. istio-citadel

  2. istio-sidecar-injector

The multicluster-gateways profile is configured using the values file values-istio-multicluster-gateways.yaml. This profile installs the same components as the Istio default configuration profile plus two additional components:

  1. The istio-egressgateway core component.

  2. The coredns addon.

Refer to the multicluster installation instructions for more details.