An Istio starter template for Helm.
Stop fiddling with Istio and Kubernetes YAML and start building. This starter sets up everything you need to get a container running in Istio correctly the first time.
- Fastest way to get a new service into the Istio mesh
- Simplified Istio ingress configuration
- Simplified Istio port configuration
- ConfigMap driven by
values.yaml
, to facilitate easy Helm value overriding - Creates the following Kubernetes and Istio objects
- Service
- Deployment
- ConfigMap (optional)
- VirtualService
- DestinationRule
- PodDisruptionBudget
- HorizontalPodAutoscaler (optional)
- ServiceAccount (optional)
- Clone into
$helm-home/starters
or, - Install with the
helm-starter
plugin.helm plugin install https://github.com/salesforce/helm-starter.git
helm starter fetch https://github.com/salesforce/helm-starter-istio.git
Pick the starter you want to use:
mesh-service
- creates a Helm chart for a mesh internal service (no ingress).ingress-service
- creates a Helm chart for sevice exposed through an Istio ingress gateway.mesh-egress
- creates a Helm chart for configuring mesh egress policies for external systems.auth-policy
- creates a Helm chart for managing authorization policy within the mesh.
# Create a helm chart from the starter
> helm create NAME --starter helm-starter-istio/[starter-name]
# Deploy the helm chart to kubernetes
> helm template NAME | kubectl -apply -f -
The samples
directory contains example values.yaml
files for installing the
Istio Bookinfo sample application.
The samples assume you are running Kubernetes and Istio locally using Docker Desktop using the default profile.
> istioctl install --set profile=default --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY -y
> kubectl label namespace default istio-injection=enabled
> kubectl apply -f samples/gateway.yaml
To install the Bookinfo services:
> helm template --namespace default -f samples/bookinfo-product/values.yaml ingress-service | kubectl apply -f -
> helm template --namespace default -f samples/bookinfo-details/values.yaml mesh-service | kubectl apply -f -
> helm template --namespace default -f samples/bookinfo-reviews/values.yaml mesh-service | kubectl apply -f -
Then navigate to http://lvh.me/productpage.
Enable mTLS authorization policies between the services:
> helm template --namespace default -f samples/bookinfo-auth-policy/values.yaml auth-policy | kubectl apply -f -
Install mesh egress configuration:
> helm template --namespace default -f samples/egress/values.yaml mesh-egress | kubectl apply -f -
Install a curl
pod in Kubernetes so you have a shell to log into to try curl testing
different egress routes.
> kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/sleep/sleep.yaml