helm安装istio_Istio CRD 汇总与 Helm Chart 配置解析
序号chart文件k8s组件类型k8s组件名称用途1main_affinity.tpl无无用于定义各个组件deployment chart中的nodeAffinity_helpers.tpl无无用于定义各个组件chart中一些变量的默认值configmap.yamlConfigMapistioistio主配置configmapcrds.yamlCustomResourceDefinition共5
序号
chart
文件
k8s组件类型
k8s组件名称
用途
1
main
_affinity.tpl
无
无
用于定义各个组件deployment chart中的nodeAffinity
_helpers.tpl
无
无
用于定义各个组件chart中一些变量的默认值
configmap.yaml
ConfigMap
istio
istio主配置configmap
crds.yaml
CustomResourceDefinition
共50个
istio需要的所有的crd资源
install-custom-resources.sh.tpl
无
无
用于定义grafana和security chart中configmap中所包含的脚本,验证istio-galley validatingwebhookconfiguration已经存在并且部署组件相关其他资源
sidecar-injector-configmap.yaml
ConfigMap
istio-sidecar-injector
用于定义sidecar injector的configmap
2
sidecarInjectorWebhook默认开启
_helpers.tpl
无
无
用于定义sidecarInjectorWebhook chart中一些变量的默认值
clusterrole.yaml
ClusterRole
istio-sidecar-injector-{{ .Release.Namespace }}
用于定义sidecarInjectorWebhook使用的clusterrole
clusterrolebinding.yaml
ClusterRoleBinding
istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }}
用于定义sidecarInjectorWebhook使用的clusterrolebinding
deployment.yaml
Deployment
istio-sidecar-injector
用于定义sidecarInjectorWebhook使用的deployment
mutatingwebhook.yaml
MutatingWebhookConfiguration
istio-sidecar-injector
用于定义sidecarInjectorWebhook使用的mutatingwebhookconfiguration
service.yaml
Service
istio-sidecar-injector
用于定义sidecarInjectorWebhook使用的service
serviceaccount.yaml
ServiceAccount
istio-sidecar-injector-service-account
用于定义sidecarInjectorWebhook使用的serviceaccount
3
security默认开启
_helpers.tpl
无
无
用于定义security chart中一些变量的默认值
cleanup-secrets.yaml
ServiceAccount
istio-cleanup-secrets-service-account
在helm删除istio后对citadel中的secret进行清理
ClusterRole
istio-cleanup-secrets-{{ .Release.Namespace }}
ClusterRoleBinding
istio-cleanup-secrets-{{ .Release.Namespace }}
Job
istio-cleanup-secrets
clusterrole.yaml
ClusterRole
istio-citadel-{{ .Release.Namespace }}
用于定义citadel相关clusterole
clusterrolebinding.yaml
ClusterRoleBinding
istio-citadel-{{ .Release.Namespace }}
用于定义citdel相关clusterrolebinding
configmap.yaml
ConfigMap
istio-security-custom-resources
用于定义citidel相关configmap,与global values中的mtls.enabled相关,是否启用全局的mtls authn
create-custom-resources-job.yaml
ServiceAccount
istio-security-post-install-account
在global values的mtls.enabled设置为true后才会生效,建立mtls相关serviceaccount,clusterrole,clusterrolebinding,以及comfigmap中定义的其他相关对象
ClusterRole
istio-security-post-install-{{ .Release.Namespace }}
ClusterRoleBinding
istio-security-post-install-role-binding-{{ .Release.Namespace }}
Job
istio-security-post-install
deployment.yaml
Deployment
istio-citadel
用于定义citadel相关deployment
enable-mesh-mtls.yaml
MeshPolicy
default
在global values的mtls.enabled设置为true后,这些资源会写入configmap
DestinationRule
default
DestinationRule
api-server
meshexpansion.yaml
VirtualService
meshexpansion-citadel
在global values的meshExpansion设置为true后,新建citadel相关virtualservice
VirtualService
meshexpansion-ilb-citadel
在global values的meshExpansionILB设置为true后,新建citadel相关virtualservice
service.yaml
Service
istio-citadel
用于定义citade相关service
serviceaccount.yaml
ServiceAccount
istio-citadel-service-account
用于定义citade相关serviceaccount
4
galley默认开启
_helpers.tpl
无
无
用于定义galley chart中一些变量的默认值
clusterrole.yaml
ClusterRole
istio-galley-{{ .Release.Namespace }}
用于定义galley相关clusterrole
clusterrolebinding.yaml
ClusterRoleBinding
istio-galley-admin-role-binding-{{ .Release.Namespace }}
用于定义galley相关clusterrolebinding
configmap.yaml
ConfigMap
istio-galley-configuration
用于定义galley相关configmap
deployment.yaml
Deployment
istio-galley
用于定义galley相关deployment
service.yaml
Service
istio-galley
用于定义galley相关service
serviceaccount.yaml
ServiceAccount
istio-galley-service-account
用于定义galley相关serviceaccount
validatingwehookconfiguration.yaml.tpl
ValidatingWebhookConfiguration
istio-galley
用于定义对pilot和mixer的配置进行验证,与galley deployment关联
5
mixer默认开启
_helpers.tpl
无
无
用于定义mixer chart中一些变量的默认值
autoscale.yaml
HorizontalPodAutoscaler
istio-policy
用于定义mixer,包括policy和telemetry的horizontalpodautoscaler
HorizontalPodAutoscaler
istio-telemetry
clusterrole.yaml
ClusterRole
istio-mixer-{{ .Release.Namespace }}
用于定义mixer相关clusterole
clusterrolebinding.yaml
ClusterRoleBinding
istio-mixer-admin-role-binding-{{ .Release.Namespace }}
用于定义mixer相关clusterolebinding
config.yaml
attributemanifest
istioproxy
用于定义从envoy到mixer的attributemanifest
attributemanifest
kubernetes
用于定义从k8s到mixer的attributemanifest
stdio
handler
用于定义stdio handler
logentry
accesslog
用于定义http logentry instance
logentry
tcpaccesslog
用于定义tcp logentry instance
rule
stdio
用于定义从accesslog.logentry到handler.stdio的rule,将accesslog发送至stdio
rule
stdiotcp
用于定义从tcpaccesslog.logentry到handler.stdio的rule,将tcpaccesslog发送至stdio
metric
requestcount
用于定义requestcount metric instance
metric
requestduration
用于定义requestduration metric instance
metric
requestsize
用于定义requestsize metric instance
metric
responsesize
用于定义responsesize metric instance
metric
tcpbytesent
用于定义tcpbytesent metric instance
metric
tcpbytereceived
用于定义tcpbytereceived metric instance
prometheus
handler
用于定义prometheus handler
rule
promhttp
用于定义从requestcount.metric,requestduration.metric,requestsize.metric和responsesize.metric到handler.prometheus的rule,将http metric发送至prometheus
rule
promtcp
用于定义从tcpbytesent.metric和tcpbytereceived.metric到handler.prometheus的rule,将tcp metric发送至prometheus
kubernetesenv
handler
用于定义kubernetesenv handler
rule
kubeattrgenrulerule
用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes相关attribute
rule
tcpkubeattrgenrulerule
用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes tcp相关attribute
kubernetes
attributes
用于定义kubernetes相关attribute instance
DestinationRule
istio-policy
用于定义istio-policy相关destinationrule
DestinationRule
istio-telemetry
用于定义istio-telemetry相关destinationrule
configmap.yaml
ConfigMap
istio-statsd-prom-bridge
用于定义istio-statsd-prom-bridge相关configmap
deployment.yaml
Deployment
istio-policy
用于定义istio-policy相关deployment
Deployment
istio-telemetry
用于定义istio-telemetry相关deployment
service.yaml
Service
istio-policy
用于定义istio-policy相关service
Service
istio-telemetry
用于定义istio-telemetry相关service
serviceaccount.yaml
ServiceAccount
istio-mixer-service-account
用于定义mixer相关serviceaccount
statsdtoprom.yaml
Service
istio-statsd-prom-bridge
用于定义istio-statsd-prom-bridge相关service
Deployment
istio-statsd-prom-bridge
用于定义istio-statsd-prom-bridge相关deployment
6
pilot默认开启
autoscale.yaml
horizontalPodAutoscaler
istio-pilot
用于定义pilot相关horizontalpodautoscaler
clusterrole.yaml
ClusterRole
istio-pilot
用于定义pilot相关clusterrole
clusterrolebinding.yaml
ClusterRoleBinding
istio-pilot
用于定义pilot相关clusterrolebinding
deployment.yaml
Deployment
istio-pilot
用于定义pilot相关deployment
gateway.yaml
Gateway
istio-autogenerated-k8s-ingress
用于定义pilot相关gateway,缺省向前兼容,使用ingress
Gateway
meshexpansion-gateway
用于定义pilot相关gateway,如果global.meshExpansion设置为true,则将pilot暴露在gateway
Gateway
meshexpansion-ilb-gateway
用于定义pilot相关gateway,如果global.meshExpansionILB设置为true,则将pilot暴露在internal gateway
meshexpansion.yaml
VirtualService
meshexpansion-pilot
在global values的meshExpansion设置为true后,新建pilot相关virtualservice
VirtualService
ilb-meshexpansion-pilot
在global values的meshExpansionILB设置为true后,新建pilot相关virtualservice
service.yaml
Service
istio-pilot
用于定义pilot相关service
serviceaccount.yaml
ServiceAccount
istio-pilot-service-account
用于定义pilot相关serviceaccount
7
gateways默认开启
autoscale.yaml
horizontalPodAutoscaler
istio-ingressgateway
用于定义ingressgateway相关horizontalpodautoscaler
horizontalPodAutoscaler
istio-egressgateway
用于定义egressgateway相关horizontalpodautoscaler
horizontalPodAutoscaler
istio-ilbgateway
用于定义ilbgateway相关horizontalpodautoscaler,默认关闭,只支持gcp
clusterrole.yaml
ClusterRole
istio-ingressgateway-{{ $.Release.Namespace }}
用于定义ingressgateway相关clusterrole
ClusterRole
istio-egressgateway-{{ $.Release.Namespace }}
用于定义egressgateway相关clusterrole
ClusterRole
istio-ilbgateway-{{ $.Release.Namespace }}
用于定义ilbgateway相关clusterrole,默认关闭,只支持gcp
clusterrolebinding.yaml
ClusterRoleBinding
istio-ingressgateway-{{ $.Release.Namespace }}
用于定义ingressgateway相关clusterrolebinding
ClusterRoleBinding
istio-egressgateway-{{ $.Release.Namespace }}
用于定义egressgateway相关clusterrolebinding
ClusterRoleBinding
istio-ilbgateway-{{ $.Release.Namespace }}
用于定义ilbgateway相关clusterrolebindig,默认关闭,只支持gcp
deployment.yaml
Deployment
istio-ingressgateway
用于定义ingressgateway相关deployment
Deployment
istio-egressgateway
用于定义egressgateway相关deployment
Deployment
istio-ilbgateway
用于定义ilbgateway相关deployment,默认关闭,只支持gcp
service.yaml
Service
istio-ingressgateway
用于定义ingressgateway相关service
Service
istio-egressgateway
用于定义egressgateway相关service
Service
istio-ilbgateway
用于定义ilbgateway相关service,默认关闭,只支持gcp
serviceaccount.yaml
ServiceAccount
istio-ingressgateway-service-account
用于定义ingressgateway相关serviceaccount
ServiceAccount
istio-egressgateway-service-account
用于定义egressgateway相关serviceaccount
ServiceAccount
istio-ilbgateway-service-account
用于定义ilbgateway相关serviceaccount,默认关闭,只支持gcp
8
prometheus默认开启
_helpers.tpl
无
无
用于定义prometheus chart中一些变量的默认值
clusterrole.yaml
ClusterRole
prometheus-{{ .Release.Namespace }}
用于定义prometheus相关clusterrole
clusterrolebinding.yaml
ClusterRoleBinding
prometheus-{{ .Release.Namespace }}
用于定义prometheus相关clusterrolebinding
configmap.yaml
ConfigMap
prometheus
用于定义prometheus相关configmap
deployment.yaml
Deployment
prometheus
用于定义prometheus相关deployment
service.yaml
Service
prometheus
用于定义prometheus相关service
serviceaccount.yaml
ServiceAccount
prometheus
用于定义prometheus相关serviceaccount
9
telemetry-gateway默认关闭
gateway.yaml
Gateway
istio-telemetry-gateway
用于定义prometheus和grafana的gateway,如果prometheusEnabled设置为true,则添加prometheus相关gateway配置,如果grafanaEnabled设置为true,则添加grafana相关gateway配置
DestinationRule
grafana
定义prometheus相关destinationrule
DestinationRule
prometheus
定义grafana相关destinationrule
VirtualService
telemetry-virtual-service
用于定义prometheus和grafana的virtualservice,如果prometheusEnabled设置为true,则添加prometheus相关virtualservice配置,如果grafanaEnabled设置为true,则添加grafana相关virtualservice配置
10
ingress默认关闭legacy ingress support
autoscale.yaml
HorizontalPodAutoscaler
istio-ingress
用于定义ingress相关horizontalpodautoscaler
clusterrole.yaml
ClusterRole
istio-ingress-{{ .Release.Namespace }}
用于定义ingress相关clusterrole
clusterrolebinding.yaml
ClusterRoleBinding
istio-ingress-{{ .Release.Namespace }}
用于定义ingress相关clusterrolebinding
deployment.yaml
Deployment
istio-ingress
用于定义ingress相关deployment
service.yaml
Service
istio-ingress
用于定义ingress相关service
serviceaccount.yaml
ServiceAccount
istio-ingress-service-account
用于定义ingress相关serviceaccount
11
grafana默认关闭
_helpers.tpl
无
无
用于定义grafana chart中一些变量的默认值
configmap.yaml
ConfigMap
istio-grafana-custom-resources
用于定义grafana相关configmap
create-custom-resources-job.yaml
ServiceAccount
istio-grafana-post-install-account
用于定义grafana post install相关serviceaccount
ClusterRole
istio-grafana-post-install-{{ .Release.Namespace }}
用于定义grafana post install相关clusterrole
ClusterRoleBinding
istio-grafana-post-install-role-binding-{{ .Release.Namespace }}
用于定义grafana post install相关clusterrolebinding
Job
istio-grafana-post-install
用于定义grafana post install相关job
deployment.yaml
Deployment
grafana
用于定义grafana相关deployment
grafana-ports-mtls.yaml
Policy
grafana-ports-mtls-disabled
对grafana访问开启mtls
pvc.yaml
PersistentVolumeClaim
istio-grafana-pvc
如果persist设置为true,则为grafana新建pvc和pv
secret.yaml
Secret
grafana
如果security.enabled设置为true,则为grafana启用authn
service.yaml
Service
grafana
用于定义grafana相关service
12
servicegraph默认关闭
_helpers.tpl
无
无
用于定义servicegraph chart中一些变量的默认值
deployment.yaml
Deployment
servicegraph
用于定义servicegraph相关deployment
ingress.yaml
Ingress
servicegraph
用于定义servicegraph相关ingress
service.yaml
Service
servicegraph
用于定义servicegraph相关service
13
tracing默认关闭
_helpers.tpl
无
无
用于定义tracing chart中一些变量的默认值
deployment.yaml
Deployment
istio-tracing
用于定义jaeger tracing相关deployment
ingress-jaeger.yaml
Ingress
jaeger-query
用于定义jaeger tracing相关ingress
ingress.yaml
Ingress
tracing
用于定义zipkin tracing相关ingress
service-jaeger.yaml
Service
jaeger-query
用于定义jaeger tracing query相关service
Service
jaeger-collector
用于定义jaeger tracing collector相关service
Service
jaeger-agent
用于定义jaeger tracing agent相关service
service.yaml
Service
zipkin
用于定义zipkin tracing相关service
Service
tracing
用于定义jaeger tracing相关service
14
kiali默认关闭
clusterrole.yaml
ClusterRole
kiali
用于定义kiali相关clusterrole
clusterrolebinding.yaml
ClusterRoleBinding
istio-kiali-admin-role-binding-{{ .Release.Namespace }}
用于定义kiali相关clusterrolebinding
configmap.yaml
ConfigMap
kiali
用于定义kiali相关configmap
deployment.yaml
Deployment
kiali
用于定义kiali相关deployment
ingress.yaml
Ingress
kiali
用于定义kiali相关ingress
secrets.yaml
Secret
kiali
用于定义kiali相关secret
service.yaml
Service
kiali
用于定义kiali相关service
serviceaccount.yaml
ServiceAccount
kiali-service-account
用于定义kiali相关serviceaccount
15
certmanager默认关闭
_helpers.tpl
无
无
用于定义certmanager chart中一些变量的默认值
crds.yaml
CustomResourceDefinition
clusterissuers.certmanager.k8s.io
用于定义certmanager相关crd
CustomResourceDefinition
issuers.certmanager.k8s.io
CustomResourceDefinition
certificates.certmanager.k8s.io
deployment.yaml
Deployment
certmanager
用于定义certmanager相关deployment
issuer.yaml
ClusterIssuer
letsencrypt-staging
用于定义certmanager相关clusterissuer
ClusterIssuer
letsencrypt
rbac.yaml
ClusterRole
certmanager
用于定义certmanager相关clusterrole
ClusterRoleBinding
certmanager
用于定义certmanager相关clusterrolebinding
certmanager
ServiceAccount
certmanager
用于定义certmanager相关serviceaccount
更多推荐
所有评论(0)