Shulou(Shulou.com)06/02 Report--

This article mainly explains "the principle and function of Istio Helm Chart". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "the principle and function of Istio Helm Chart".

Helm is currently the official recommended installation method of Istio. In addition to installation, you can also use some adjustments to the input value to complete part of the configuration of Istio. The official Helm deployment method for Istio is focused on quick startup, and this set of articles will be described in a top-to-bottom order based on Istio version 1.0.2 of Helm Chart.

Istio's Helm Chart is divided into two major branches: istio and istio-remote, the latter is a multi-cluster deployment, which is not covered here. The following content focuses on istio.

General structure

Istio Chart is a total score structure, and its hierarchical structure is consistent with the design structure. Here is a simple explanation.

Chart.yaml

For the basic information of Chart, you can see that in Release of 1.0.2, the value of version is still 1.0.1; the required Tiller version should be greater than or equal to 2.7.2-0.

Values-*.yaml

Here is a set of values files that provide key configuration templates for Istio in various scenarios. The customization of Istio can start with the rewriting of values.yaml, and when finished, you can use the helm template command to generate the final deployment file for kubectl to use. Some details of the values.yaml file can be found in the official documentation.

Values-istio-auth-galley.yaml: enable control plane mTLS; turn on mTLS; in the grid by default enable Galley.

Values-istio-auth-multicluster.yaml: multi-cluster configuration; enable control plane mTLS; to turn on mTLS; in the grid by default to disable self-signed certificates.

Values-istio-auth.yaml: enable the control plane mTLS; to turn on the mTLS in the grid by default.

Values-istio-demo-auth.yaml: enable control plane mTLS; by default turn on mTLS; in the grid to activate Grafana, Jaeger, ServiceGraph and Galley; to allow automatic injection.

Values-istio-demo.yaml: activate Grafana, Jaeger, ServiceGraph, and Galley; to allow automatic injection.

Values-istio-galley.yaml: enable Galley and Prometheus.

Values-istio-gateways.yaml: this is an example, and you can define a new Gateway in this form.

Values-istio-multicluster.yaml: multi-cluster configuration, disable self-issued certificates.

Values-istio-one-namespace-auth.yaml:

Values-istio-one-namespace.yaml: enable control plane mTLS; to turn on mTLS in the grid by default

Values-istio.yaml:oneNameSpace is set to True to let Pilot monitor only a single Namespace, and the current situation is to monitor only the deployment namespace of Istio. The istiotesting here seems to be an Issue.

Values.yaml: lists (possibly) all the variables, which is also the basis for our customization.

Requiremtens.yaml

This file is used to manage the dependencies of Chart, where the components of Istio are defined and can be controlled by variables.

Templates_affinity.tpl

This file generates a set of node affinity / mutex elements for each component to use when rendering the YAML.

NodeAffinityRequiredDuringScheduling: used only in this file. The requirements for nodes are specified here. A series of host architectures are listed in the global.arch variable in values.yaml. Only nodes that appear in this list and the corresponding value is greater than 0 will schedule Pod to this node.

NodeAffinityPreferredDuringScheduling: used only in this file. Scheduling priorities are specified here, and weights are assigned to nodes of various architectures.

Nodeaffinity: contains the two templates mentioned above, which are combined into a node affinity code segment for external files to use. The scope of influence includes: | File name | object involved | |-| | charts/galley/templates/deployment.yaml | Deployment:istio-galley. | | charts/gateways/templates/deployment.yaml | all Deployment generated by gateways Chart. | | charts/grafana/templates/deployment.yaml | Deployment:grafana. | | charts/ingress/templates/deployment.yaml | Deployment:istio-ingress. | | charts/mixer/templates/deployment.yaml | Deployment:istio-policy | | charts/pilot/templates/deployment.yaml | Deployment:istio-pilot | | charts/prometheus/templates/deployment.yaml | Deployment:prometheus | | charts/security/templates/deployment.yaml | Deployment:istio-citadel | | charts/servicegraph/templates/deployment.yaml | Deployment:servicegraph | | charts/sidecarInjectorWebhook/templates/deployment.yaml | Deployment:istio-sidecar-injector | | charts/tracing/templates/deployment.yaml | Deployment:istio-tracing |

_ helpers.tpl

This file is not special, creating four variables for Helm to use.

Sidecar-injector-configmap.yaml

The ConfigMap object istio-sidecar-injector is defined here to provide configuration support for sidecarInjectorWebhook to render when the global variable omitSidecarInjectorConfigMap is False. This parameter will be used to generate new Gateway and other adjustment functions to prevent the creation of redundant ConfigMap. Here you can see the injection templates made up of various variables to provide initialization and Sidecar container support for the injected Pod. The variables of the design will be explained later.

Configmap.yaml

This file defines the ConfigMap object istio, which is created with Pilot, that is, it is a dependency of Pilot. The variables involved will also be explained in other articles.

Charts

Certmanager: an ACME certificate client based on the Jetstack Cert-Manager project, which is used to automatically request, obtain and distribute certificates

Galley:Istio uses Galley for configuration management.

Gateways: multiple Gateway Controller can be implemented using the configuration in the Gateways section

Grafana: graphical Istio Dashboard.

Ingress: a legacy design that is turned off by default and is recommended to be deprecated after v1alpha3.

Kiali: Dashboard with distributed tracking, configuration verification and other functions.

Mixer:

Pilot:

Prometheus:

Security:

Servicegraph:

SidecarInjectorWebhook: configuration for automatic injection of Webhook

Distributed tracking related configuration of tracing:Jaeger.

Summary

This article is mainly about the overall structure and some of the top-level objects. The following articles will talk about the application of various variables and the configuration of each Chart.

Thank you for your reading, the above is the content of "the principle and function of Istio Helm Chart". After the study of this article, I believe you have a deeper understanding of the principle and function of Istio Helm Chart, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.