Installation with Helm

Quick start instructions for the setup and configuration of Istio using the Helm package manager.

Warning Installation of Istio prior to version 0.8.0 with Helm is unstable and not recommended.

Prerequisites

Kubernetes 1.7.3 or newer is required.
Helm 2.7.2 or newer is required.
If you want to manage Istio releases with Tiller, the capability to install service accounts is required.
Using automatic sidecar injection describes Kubernetes environmental requirements.

Deploy Istio using Helm

There are two techniques for using Helm to deploy Istio. The first technique is to use helm template to render a manifest and use kubectl to create it.

The second technique uses Helm’s Tiller service to manage the lifecycle of Istio.

Render Kubernetes manifest with Helm and deploy with kubectl

This is the most heavily tested method of deploying Istio. During the continuous integration automated testing and release process, the helm binary in template mode is used to render the various manifests produced for Istio.

Create an istio.yaml Kubernetes manifest:

helm template install/kubernetes/helm/istio --name istio --set prometheus.enabled=true > $HOME/istio.yaml

Create the Istio control plane from istio.yaml manifest:
```
kubectl create -f $HOME/istio.yaml
```

Alternatively, use Helm and Tiller to manage the Istio deployment

Warning Upgrading Istio using Helm is not validated.

If a service account has not already been installed for Helm, please install one:
```
kubectl create -f install/kubernetes/helm/helm-service-account.yaml
```
Initialize Helm:
```
helm init --service-account tiller
```

Create the Helm chart:

helm install install/kubernetes/helm/istio --name istio

Customization with Helm

The Helm chart ships with reasonable defaults. There may be circumstances in which defaults require overrides. To override Helm values, use --set key=value argument during the helm install command. Multiple --set operations may be used in the same Helm operation.

Helm charts expose configuration options which are currently in alpha. The currently exposed options are explained in the following table:

Parameter	Description	Values	Default
`global.hub`	Specifies the HUB for most images used by Istio	registry/namespace	`docker.io/istionightly`
`global.tag`	Specifies the TAG for most images used by Istio	valid image tag	`circleci-nightly`
`global.proxy.image`	Specifies the proxy image name	valid proxy name	`proxy`
`global.imagePullPolicy`	Specifies the image pull policy	valid image pull policy	`IfNotPresent`
`global.securityEnabled`	Specifies whether Istio CA should be installed	true/false	`true`
`global.controlPlaneSecurityEnabled`	Specifies whether control plane mTLS is enabled	true/false	`false`
`global.mtls.enabled`	Specifies whether mTLS is enabled by default between services	true/false	`false`
`global.mtls.mtlsExcludedServices`	List of FQDNs to exclude from mTLS	a list of FQDNs	`- kubernetes.default.svc.cluster.local`
`global.rbacEnabled`	Specifies whether to create Istio RBAC rules or not	true/false	`true`
`global.refreshInterval`	Specifies the mesh discovery refresh interval	integer followed by s	`10s`
`global.arch.amd64`	Specifies the scheduling policy for `amd64` architectures	0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred	`2`
`global.arch.s390x`	Specifies the scheduling policy for `s390x` architectures	0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred	`2`
`global.arch.ppc64le`	Specifies the scheduling policy for `ppc64le` architectures	0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred	`2`

The Helm chart also offers significant customization options per individual service. Customize these per-service options at your own risk. The per-service options are exposed via the values.yaml file.

Uninstall Istio

Uninstall using kubectl:
```
kubectl delete -f $HOME/istio.yaml
```
Uninstall using Helm:
```
helm delete --purge istio
```

Quick Start with Google Kubernetes Engine

Installation with Ansible