An Istio starter template for Helm.
Stop fiddling with Istio and Kubernetes YAML and start building. This starter sets up everything you need to get a container running in Istio correctly the first time.
- Fastest way to get a new service into the Istio mesh
- Simplified Istio ingress configuration
- Simplified Istio port configuration
- ConfigMap driven by
values.yaml, to facilitate easy Helm value overriding - Creates the following Kubernetes and Istio objects
- Service
- Deployment
- ConfigMap (optional)
- VirtualService
- DestinationRule
- PodDisruptionBudget
- HorizontalPodAutoscaler (optional)
- ServiceAccount (optional)
- Clone into
$helm-home/startersor, - Install with the
helm-starterplugin.helm plugin install https://github.com/salesforce/helm-starter.githelm starter fetch https://github.com/salesforce/helm-starter-istio.git
Pick the starter you want to use:
mesh-service- creates a Helm chart for a mesh internal service (no ingress).ingress-service- creates a Helm chart for sevice exposed through an Istio ingress gateway.mesh-egress- creates a Helm chart for configuring mesh egress policies for external systems.auth-policy- creates a Helm chart for managing authorization policy within the mesh.
# Create a helm chart from the starter
> helm create NAME --starter helm-starter-istio/[starter-name]
# Deploy the helm chart to kubernetes
> helm template NAME | kubectl -apply -f -The samples directory contains example values.yaml files for installing the
Istio Bookinfo sample application.
The samples assume you are running Kubernetes and Istio locally using Docker Desktop using the default profile.
> istioctl install --set profile=default --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY -y
> kubectl label namespace default istio-injection=enabled
> kubectl apply -f samples/gateway.yamlTo install the Bookinfo services:
> helm template --namespace default -f samples/bookinfo-product/values.yaml ingress-service | kubectl apply -f -
> helm template --namespace default -f samples/bookinfo-details/values.yaml mesh-service | kubectl apply -f -
> helm template --namespace default -f samples/bookinfo-reviews/values.yaml mesh-service | kubectl apply -f -Then navigate to http://lvh.me/productpage.
Enable mTLS authorization policies between the services:
> helm template --namespace default -f samples/bookinfo-auth-policy/values.yaml auth-policy | kubectl apply -f -Install mesh egress configuration:
> helm template --namespace default -f samples/egress/values.yaml mesh-egress | kubectl apply -f -Install a curl pod in Kubernetes so you have a shell to log into to try curl testing
different egress routes.
> kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/sleep/sleep.yaml
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent