Helm Changes

The tables below show changes made to the installation options used to customize Istio install using Helm between Istio 1.1 and Istio 1.2. The tables are grouped in to three different categories:

  • The installation options already in the previous release but whose values have been modified in the new release.
  • The new installation options added in the new release.
  • The installation options removed from the new release.

Modified configuration options

Modified kiali key/value pairs

Key Old Default Value New Default Value Old Description New Description
kiali.hub docker.io/kiali quay.io/kiali
kiali.tag v0.14 v0.20

Modified prometheus key/value pairs

Key Old Default Value New Default Value Old Description New Description
prometheus.tag v2.3.1 v2.8.0

Modified global key/value pairs

Key Old Default Value New Default Value Old Description New Description
global.tag release-1.1-latest-daily 1.2.0-rc.3 Default tag for Istio images. Default tag for Istio images.
global.proxy.resources.limits.memory 128Mi 1024Mi
global.proxy.dnsRefreshRate 5s 300s Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS 5 seconds is the default refresh rate used by Envoy Configure the DNS refresh rate for Envoy cluster of type STRICT_DNS This must be given it terms of seconds. For example, 300s is valid but 5m is invalid.

Modified mixer key/value pairs

Key Old Default Value New Default Value Old Description New Description
mixer.adapters.useAdapterCRDs true false Setting this to false sets the useAdapterCRDs mixer startup argument to false Setting this to false sets the useAdapterCRDs mixer startup argument to false

Modified grafana key/value pairs

Key Old Default Value New Default Value Old Description New Description
grafana.image.tag 5.4.0 6.1.6

New configuration options

New tracing key/value pairs

Key Default Value Description
tracing.podAntiAffinityLabelSelector []
tracing.podAntiAffinityTermLabelSelector []

New sidecarInjectorWebhook key/value pairs

Key Default Value Description
sidecarInjectorWebhook.podAntiAffinityLabelSelector []
sidecarInjectorWebhook.podAntiAffinityTermLabelSelector []
sidecarInjectorWebhook.neverInjectSelector [] You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or always skip the injection on pods that match that label selector, regardless of the global policy. See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/more-control-adding-exceptions
sidecarInjectorWebhook.alwaysInjectSelector []

New global key/value pairs

Key Default Value Description
global.logging.level "default:info"
global.proxy.logLevel "" Log level for proxy, applies to gateways and sidecars. If left empty, "warning" is used. Expected values are: trace\|debug\|info\|warning\|error\|critical\|off
global.proxy.componentLogLevel "" Per Component log level for proxy, applies to gateways and sidecars. If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used.
global.proxy.excludeOutboundPorts ""
global.tracer.datadog.address "$(HOST_IP):8126"
global.imagePullSecrets [] Lists the secrets you need to use to pull Istio images from a secure registry.
global.localityLbSetting {}

New galley key/value pairs

Key Default Value Description
galley.nodeSelector {}
galley.tolerations []
galley.podAntiAffinityLabelSelector []
galley.podAntiAffinityTermLabelSelector []

New mixer key/value pairs

Key Default Value Description
mixer.tolerations []
mixer.podAntiAffinityLabelSelector []
mixer.podAntiAffinityTermLabelSelector []
mixer.templates.useTemplateCRDs false

New grafana key/value pairs

Key Default Value Description
grafana.tolerations []
grafana.podAntiAffinityLabelSelector []
grafana.podAntiAffinityTermLabelSelector []

New prometheus key/value pairs

Key Default Value Description
prometheus.tolerations []
prometheus.podAntiAffinityLabelSelector []
prometheus.podAntiAffinityTermLabelSelector []

New gateways key/value pairs

Key Default Value Description
gateways.istio-ingressgateway.sds.resources.requests.cpu 100m
gateways.istio-ingressgateway.sds.resources.requests.memory 128Mi
gateways.istio-ingressgateway.sds.resources.limits.cpu 2000m
gateways.istio-ingressgateway.sds.resources.limits.memory 1024Mi
gateways.istio-ingressgateway.resources.requests.cpu 100m
gateways.istio-ingressgateway.resources.requests.memory 128Mi
gateways.istio-ingressgateway.resources.limits.cpu 2000m
gateways.istio-ingressgateway.resources.limits.memory 1024Mi
gateways.istio-ingressgateway.applicationPorts ""
gateways.istio-ingressgateway.tolerations []
gateways.istio-ingressgateway.podAntiAffinityLabelSelector []
gateways.istio-ingressgateway.podAntiAffinityTermLabelSelector []
gateways.istio-egressgateway.resources.requests.cpu 100m
gateways.istio-egressgateway.resources.requests.memory 128Mi
gateways.istio-egressgateway.resources.limits.cpu 2000m
gateways.istio-egressgateway.resources.limits.memory 256Mi
gateways.istio-egressgateway.tolerations []
gateways.istio-egressgateway.podAntiAffinityLabelSelector []
gateways.istio-egressgateway.podAntiAffinityTermLabelSelector []
gateways.istio-ilbgateway.tolerations []

New certmanager key/value pairs

Key Default Value Description
certmanager.replicaCount 1
certmanager.nodeSelector {}
certmanager.tolerations []
certmanager.podAntiAffinityLabelSelector []
certmanager.podAntiAffinityTermLabelSelector []

New kiali key/value pairs

Key Default Value Description
kiali.podAntiAffinityLabelSelector []
kiali.podAntiAffinityTermLabelSelector []
kiali.dashboard.viewOnlyMode false Bind the service account to a role with only read access

New istiocoredns key/value pairs

Key Default Value Description
istiocoredns.tolerations []
istiocoredns.podAntiAffinityLabelSelector []
istiocoredns.podAntiAffinityTermLabelSelector []

New security key/value pairs

Key Default Value Description
security.tolerations []
security.citadelHealthCheck false
security.podAntiAffinityLabelSelector []
security.podAntiAffinityTermLabelSelector []

New nodeagent key/value pairs

Key Default Value Description
nodeagent.tolerations []
nodeagent.podAntiAffinityLabelSelector []
nodeagent.podAntiAffinityTermLabelSelector []

New pilot key/value pairs

Key Default Value Description
pilot.tolerations []
pilot.podAntiAffinityLabelSelector []
pilot.podAntiAffinityTermLabelSelector []

Removed configuration options

Removed kiali key/value pairs

Key Default Value Description
kiali.dashboard.usernameKey username This is the key name within the secret whose value is the actual username.
kiali.dashboard.passphraseKey passphrase This is the key name within the secret whose value is the actual passphrase.

Removed security key/value pairs

Key Default Value Description
security.replicaCount 1

Removed gateways key/value pairs

Key Default Value Description
gateways.istio-ingressgateway.resources {}

Removed mixer key/value pairs

Key Default Value Description
mixer.enabled true

Removed servicegraph key/value pairs

Key Default Value Description
servicegraph.ingress.enabled false
servicegraph.service.name http
servicegraph.replicaCount 1
servicegraph.service.type ClusterIP
servicegraph.service.annotations {}
servicegraph.enabled false
servicegraph.image servicegraph
servicegraph.service.externalPort 8088
servicegraph.ingress.hosts servicegraph.local Used to create an Ingress record.
servicegraph.nodeSelector {}
servicegraph.prometheusAddr http://prometheus:9090
Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!