Istio 1.2 Helm Changes
Details the Helm chart installation options differences between Istio 1.1 and Istio 1.2.
The tables below show changes made to the installation options used to customize Istio install using Helm between Istio 1.1 and Istio 1.2. The tables are grouped in to three different categories:
- The installation options already in the previous release but whose values have been modified in the new release.
- The new installation options added in the new release.
- The installation options removed from the new release.
Modified configuration options
Modified kiali
key/value pairs
Key | Old Default Value | New Default Value | Old Description | New Description |
---|---|---|---|---|
kiali.hub | docker.io/kiali | quay.io/kiali | ||
kiali.tag | v0.14 | v0.20 |
Modified prometheus
key/value pairs
Key | Old Default Value | New Default Value | Old Description | New Description |
---|---|---|---|---|
prometheus.tag | v2.3.1 | v2.8.0 |
Modified global
key/value pairs
Key | Old Default Value | New Default Value | Old Description | New Description |
---|---|---|---|---|
global.tag | release-1.1-latest-daily | 1.2.0-rc.3 | Default tag for Istio images. | Default tag for Istio images. |
global.proxy.resources.limits.memory | 128Mi | 1024Mi | ||
global.proxy.dnsRefreshRate | 5s | 300s | Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS 5 seconds is the default refresh rate used by Envoy | Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. |
Modified mixer
key/value pairs
Key | Old Default Value | New Default Value | Old Description | New Description |
---|---|---|---|---|
mixer.adapters.useAdapterCRDs | true | false | Setting this to false sets the useAdapterCRDs mixer startup argument to false | Setting this to false sets the useAdapterCRDs mixer startup argument to false |
Modified grafana
key/value pairs
Key | Old Default Value | New Default Value | Old Description | New Description |
---|---|---|---|---|
grafana.image.tag | 5.4.0 | 6.1.6 |
New configuration options
New tracing
key/value pairs
Key | Default Value | Description |
---|---|---|
tracing.podAntiAffinityLabelSelector | [] | |
tracing.podAntiAffinityTermLabelSelector | [] |
New sidecarInjectorWebhook
key/value pairs
Key | Default Value | Description |
---|---|---|
sidecarInjectorWebhook.podAntiAffinityLabelSelector | [] | |
sidecarInjectorWebhook.podAntiAffinityTermLabelSelector | [] | |
sidecarInjectorWebhook.neverInjectSelector | [] | You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or always skip the injection on pods that match that label selector, regardless of the global policy. See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/more-control-adding-exceptions |
sidecarInjectorWebhook.alwaysInjectSelector | [] |
New global
key/value pairs
Key | Default Value | Description |
---|---|---|
global.logging.level | "default:info" | |
global.proxy.logLevel | "" | Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. Expected values are: trace\|debug\|info\|warning\|error\|critical\|off |
global.proxy.componentLogLevel | "" | Per Component log level for proxy, applies to gateways and sidecars. If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. |
global.proxy.excludeOutboundPorts | "" | |
global.tracer.datadog.address | "$(HOST_IP):8126" | |
global.imagePullSecrets | [] | Lists the secrets you need to use to pull Istio images from a secure registry. |
global.localityLbSetting | {} |
New galley
key/value pairs
Key | Default Value | Description |
---|---|---|
galley.nodeSelector | {} | |
galley.tolerations | [] | |
galley.podAntiAffinityLabelSelector | [] | |
galley.podAntiAffinityTermLabelSelector | [] |
New mixer
key/value pairs
Key | Default Value | Description |
---|---|---|
mixer.tolerations | [] | |
mixer.podAntiAffinityLabelSelector | [] | |
mixer.podAntiAffinityTermLabelSelector | [] | |
mixer.templates.useTemplateCRDs | false |
New grafana
key/value pairs
Key | Default Value | Description |
---|---|---|
grafana.tolerations | [] | |
grafana.podAntiAffinityLabelSelector | [] | |
grafana.podAntiAffinityTermLabelSelector | [] |
New prometheus
key/value pairs
Key | Default Value | Description |
---|---|---|
prometheus.tolerations | [] | |
prometheus.podAntiAffinityLabelSelector | [] | |
prometheus.podAntiAffinityTermLabelSelector | [] |
New gateways
key/value pairs
Key | Default Value | Description |
---|---|---|
gateways.istio-ingressgateway.sds.resources.requests.cpu | 100m | |
gateways.istio-ingressgateway.sds.resources.requests.memory | 128Mi | |
gateways.istio-ingressgateway.sds.resources.limits.cpu | 2000m | |
gateways.istio-ingressgateway.sds.resources.limits.memory | 1024Mi | |
gateways.istio-ingressgateway.resources.requests.cpu | 100m | |
gateways.istio-ingressgateway.resources.requests.memory | 128Mi | |
gateways.istio-ingressgateway.resources.limits.cpu | 2000m | |
gateways.istio-ingressgateway.resources.limits.memory | 1024Mi | |
gateways.istio-ingressgateway.applicationPorts | "" | |
gateways.istio-ingressgateway.tolerations | [] | |
gateways.istio-ingressgateway.podAntiAffinityLabelSelector | [] | |
gateways.istio-ingressgateway.podAntiAffinityTermLabelSelector | [] | |
gateways.istio-egressgateway.resources.requests.cpu | 100m | |
gateways.istio-egressgateway.resources.requests.memory | 128Mi | |
gateways.istio-egressgateway.resources.limits.cpu | 2000m | |
gateways.istio-egressgateway.resources.limits.memory | 256Mi | |
gateways.istio-egressgateway.tolerations | [] | |
gateways.istio-egressgateway.podAntiAffinityLabelSelector | [] | |
gateways.istio-egressgateway.podAntiAffinityTermLabelSelector | [] | |
gateways.istio-ilbgateway.tolerations | [] |
New certmanager
key/value pairs
Key | Default Value | Description |
---|---|---|
certmanager.replicaCount | 1 | |
certmanager.nodeSelector | {} | |
certmanager.tolerations | [] | |
certmanager.podAntiAffinityLabelSelector | [] | |
certmanager.podAntiAffinityTermLabelSelector | [] |
New kiali
key/value pairs
Key | Default Value | Description |
---|---|---|
kiali.podAntiAffinityLabelSelector | [] | |
kiali.podAntiAffinityTermLabelSelector | [] | |
kiali.dashboard.viewOnlyMode | false | Bind the service account to a role with only read access |
New istiocoredns
key/value pairs
Key | Default Value | Description |
---|---|---|
istiocoredns.tolerations | [] | |
istiocoredns.podAntiAffinityLabelSelector | [] | |
istiocoredns.podAntiAffinityTermLabelSelector | [] |
New security
key/value pairs
Key | Default Value | Description |
---|---|---|
security.tolerations | [] | |
security.citadelHealthCheck | false | |
security.podAntiAffinityLabelSelector | [] | |
security.podAntiAffinityTermLabelSelector | [] |
New nodeagent
key/value pairs
Key | Default Value | Description |
---|---|---|
nodeagent.tolerations | [] | |
nodeagent.podAntiAffinityLabelSelector | [] | |
nodeagent.podAntiAffinityTermLabelSelector | [] |
New pilot
key/value pairs
Key | Default Value | Description |
---|---|---|
pilot.tolerations | [] | |
pilot.podAntiAffinityLabelSelector | [] | |
pilot.podAntiAffinityTermLabelSelector | [] |
Removed configuration options
Removed kiali
key/value pairs
Key | Default Value | Description |
---|---|---|
kiali.dashboard.usernameKey | username | This is the key name within the secret whose value is the actual username. |
kiali.dashboard.passphraseKey | passphrase | This is the key name within the secret whose value is the actual passphrase. |
Removed security
key/value pairs
Key | Default Value | Description |
---|---|---|
security.replicaCount | 1 |
Removed gateways
key/value pairs
Key | Default Value | Description |
---|---|---|
gateways.istio-ingressgateway.resources | {} |
Removed mixer
key/value pairs
Key | Default Value | Description |
---|---|---|
mixer.enabled | true |
Removed servicegraph
key/value pairs
Key | Default Value | Description |
---|---|---|
servicegraph.ingress.enabled | false | |
servicegraph.service.name | http | |
servicegraph.replicaCount | 1 | |
servicegraph.service.type | ClusterIP | |
servicegraph.service.annotations | {} | |
servicegraph.enabled | false | |
servicegraph.image | servicegraph | |
servicegraph.service.externalPort | 8088 | |
servicegraph.ingress.hosts | servicegraph.local | Used to create an Ingress record. |
servicegraph.nodeSelector | {} | |
servicegraph.prometheusAddr | http://prometheus:9090 |