Istio 1.2 Helm Changes

Details the Helm chart installation options differences between Istio 1.1 and Istio 1.2.

Jun 18, 2019

The tables below show changes made to the installation options used to customize Istio install using Helm between Istio 1.1 and Istio 1.2. The tables are grouped in to three different categories:

Modified configuration options

Modified kiali key/value pairs

KeyOld Default ValueNew Default ValueOld DescriptionNew Description
kiali.hubdocker.io/kialiquay.io/kiali
kiali.tagv0.14v0.20

Modified prometheus key/value pairs

KeyOld Default ValueNew Default ValueOld DescriptionNew Description
prometheus.tagv2.3.1v2.8.0

Modified global key/value pairs

KeyOld Default ValueNew Default ValueOld DescriptionNew Description
global.tagrelease-1.1-latest-daily1.2.0-rc.3Default tag for Istio images.Default tag for Istio images.
global.proxy.resources.limits.memory128Mi1024Mi
global.proxy.dnsRefreshRate5s300sConfigure the DNS refresh rate for Envoy cluster of type STRICT_DNS 5 seconds is the default refresh rate used by EnvoyConfigure the DNS refresh rate for Envoy cluster of type STRICT_DNS This must be given it terms of seconds. For example, 300s is valid but 5m is invalid.

Modified mixer key/value pairs

KeyOld Default ValueNew Default ValueOld DescriptionNew Description
mixer.adapters.useAdapterCRDstruefalseSetting this to false sets the useAdapterCRDs mixer startup argument to falseSetting this to false sets the useAdapterCRDs mixer startup argument to false

Modified grafana key/value pairs

KeyOld Default ValueNew Default ValueOld DescriptionNew Description
grafana.image.tag5.4.06.1.6

New configuration options

New tracing key/value pairs

KeyDefault ValueDescription
tracing.podAntiAffinityLabelSelector[]
tracing.podAntiAffinityTermLabelSelector[]

New sidecarInjectorWebhook key/value pairs

KeyDefault ValueDescription
sidecarInjectorWebhook.podAntiAffinityLabelSelector[]
sidecarInjectorWebhook.podAntiAffinityTermLabelSelector[]
sidecarInjectorWebhook.neverInjectSelector[]You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or always skip the injection on pods that match that label selector, regardless of the global policy. See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/more-control-adding-exceptions
sidecarInjectorWebhook.alwaysInjectSelector[]

New global key/value pairs

KeyDefault ValueDescription
global.logging.level"default:info"
global.proxy.logLevel""Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. Expected values are: trace\|debug\|info\|warning\|error\|critical\|off
global.proxy.componentLogLevel""Per Component log level for proxy, applies to gateways and sidecars. If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used.
global.proxy.excludeOutboundPorts""
global.tracer.datadog.address"$(HOST_IP):8126"
global.imagePullSecrets[]Lists the secrets you need to use to pull Istio images from a secure registry.
global.localityLbSetting{}

New galley key/value pairs

KeyDefault ValueDescription
galley.nodeSelector{}
galley.tolerations[]
galley.podAntiAffinityLabelSelector[]
galley.podAntiAffinityTermLabelSelector[]

New mixer key/value pairs

KeyDefault ValueDescription
mixer.tolerations[]
mixer.podAntiAffinityLabelSelector[]
mixer.podAntiAffinityTermLabelSelector[]
mixer.templates.useTemplateCRDsfalse

New grafana key/value pairs

KeyDefault ValueDescription
grafana.tolerations[]
grafana.podAntiAffinityLabelSelector[]
grafana.podAntiAffinityTermLabelSelector[]

New prometheus key/value pairs

KeyDefault ValueDescription
prometheus.tolerations[]
prometheus.podAntiAffinityLabelSelector[]
prometheus.podAntiAffinityTermLabelSelector[]

New gateways key/value pairs

KeyDefault ValueDescription
gateways.istio-ingressgateway.sds.resources.requests.cpu100m
gateways.istio-ingressgateway.sds.resources.requests.memory128Mi
gateways.istio-ingressgateway.sds.resources.limits.cpu2000m
gateways.istio-ingressgateway.sds.resources.limits.memory1024Mi
gateways.istio-ingressgateway.resources.requests.cpu100m
gateways.istio-ingressgateway.resources.requests.memory128Mi
gateways.istio-ingressgateway.resources.limits.cpu2000m
gateways.istio-ingressgateway.resources.limits.memory1024Mi
gateways.istio-ingressgateway.applicationPorts""
gateways.istio-ingressgateway.tolerations[]
gateways.istio-ingressgateway.podAntiAffinityLabelSelector[]
gateways.istio-ingressgateway.podAntiAffinityTermLabelSelector[]
gateways.istio-egressgateway.resources.requests.cpu100m
gateways.istio-egressgateway.resources.requests.memory128Mi
gateways.istio-egressgateway.resources.limits.cpu2000m
gateways.istio-egressgateway.resources.limits.memory256Mi
gateways.istio-egressgateway.tolerations[]
gateways.istio-egressgateway.podAntiAffinityLabelSelector[]
gateways.istio-egressgateway.podAntiAffinityTermLabelSelector[]
gateways.istio-ilbgateway.tolerations[]

New certmanager key/value pairs

KeyDefault ValueDescription
certmanager.replicaCount1
certmanager.nodeSelector{}
certmanager.tolerations[]
certmanager.podAntiAffinityLabelSelector[]
certmanager.podAntiAffinityTermLabelSelector[]

New kiali key/value pairs

KeyDefault ValueDescription
kiali.podAntiAffinityLabelSelector[]
kiali.podAntiAffinityTermLabelSelector[]
kiali.dashboard.viewOnlyModefalseBind the service account to a role with only read access

New istiocoredns key/value pairs

KeyDefault ValueDescription
istiocoredns.tolerations[]
istiocoredns.podAntiAffinityLabelSelector[]
istiocoredns.podAntiAffinityTermLabelSelector[]

New security key/value pairs

KeyDefault ValueDescription
security.tolerations[]
security.citadelHealthCheckfalse
security.podAntiAffinityLabelSelector[]
security.podAntiAffinityTermLabelSelector[]

New nodeagent key/value pairs

KeyDefault ValueDescription
nodeagent.tolerations[]
nodeagent.podAntiAffinityLabelSelector[]
nodeagent.podAntiAffinityTermLabelSelector[]

New pilot key/value pairs

KeyDefault ValueDescription
pilot.tolerations[]
pilot.podAntiAffinityLabelSelector[]
pilot.podAntiAffinityTermLabelSelector[]

Removed configuration options

Removed kiali key/value pairs

KeyDefault ValueDescription
kiali.dashboard.usernameKeyusernameThis is the key name within the secret whose value is the actual username.
kiali.dashboard.passphraseKeypassphraseThis is the key name within the secret whose value is the actual passphrase.

Removed security key/value pairs

KeyDefault ValueDescription
security.replicaCount1

Removed gateways key/value pairs

KeyDefault ValueDescription
gateways.istio-ingressgateway.resources{}

Removed mixer key/value pairs

KeyDefault ValueDescription
mixer.enabledtrue

Removed servicegraph key/value pairs

KeyDefault ValueDescription
servicegraph.ingress.enabledfalse
servicegraph.service.namehttp
servicegraph.replicaCount1
servicegraph.service.typeClusterIP
servicegraph.service.annotations{}
servicegraph.enabledfalse
servicegraph.imageservicegraph
servicegraph.service.externalPort8088
servicegraph.ingress.hostsservicegraph.localUsed to create an Ingress record.
servicegraph.nodeSelector{}
servicegraph.prometheusAddrhttp://prometheus:9090