Skip to content

Installation Profiles

Overview

An installation profile is a set of parameters that are used during the setting up and installation of the Service Mesh Managed Add-On (Istio).

Installation Profile Overview

The Installation Profiles page shows custom and default installation profiles. A default installation profile is provided that can be leveraged out of box in a majority of cases. In cases where installation profiles need to be customized to change some parameters, a custom installation profile can be created.

Custom Installation Profiles

In certain cases, admins may want the ability to customize certain installation parameters for Istio (e.g. for specific clusters or specific types of environment). To facilitate this, an admin can create custom installation profiles.

Parameters Supported

Certificate Type

The installation profile supports two certificate types:

  • Self-Signed: This is the default configuration where the Istio control plane itself is the Certificate Authority (CA).
  • Cert Manager: In case different certificates need to be used (for example for mTLS encryption) or you need a more enhanced signing authority, you can select Cert Manager. In order to use this, Cert Manager Add-On components must be set up. Read to learn more.

Enable Sidecar Injection Globally

By default this parameter is disabled. However, when this parameter is turned on, anytime a namespace is created or republished, a sidecar will automatically be injected for the pods living in that namespace. This means that enabling sidecar injection at the namespace level is not applicable as it is always enabled by default. This is useful when potentially the entire cluster is being used for service mesh use cases.

See Istio's Sidecar Injection Documentation for more details.

NOTE: In order for sidecars to be injected for existing workloads, the pods must be restarted.

Enable Ingress

By default this parameter is disabled. However, enabling this creates an automatic ingress gateway that can be used to exposes a service outside of the service mesh or secure north-south traffic, much like a load balancer.

See Istio's Ingress Gateway Documentation for more details.

Resource Quotas

Depending on how much traffic will be running in your service mesh, you may want to fine tune your resource quotas in terms of CPU and memory. Specifically, the following parameters under resource quotas are supported.

  • CPU and Memory Requests: This is the resource allocation for the Istio control plane components. The default is 500 mCores for CPU and 2 GB/2048 MB for memory. If you expect traffic spikes in the service mesh, then you may want to give more CPU and memory accordingly.
  • CPU and Memory Limits: This determines the maximum cpu and memory that can be given to a given control plane component. If the workload for the control plane components needs more CPU or memory, it can be terminated. Hence, it is only recommended setting this if you want to preserve CPU or memory from a budgeting or performance point of view and if you expect no traffic spikes in the service mesh.

Creating a Custom Installation Profile

Perform the steps to create a custom installation profile:

  • Login to the controller and select Installation Profiles under Service Mesh
  • Under the Custom Profiles tab, click New Profile. Provide a name for the profile. Remember that if you intend to share this profile with other projects, the name needs to be unique. Click on Create
  • Provide a unique version name under Version Name.
  • Select the installation parameters you want to configure.
  • Click Save Changes.

Installation Profile Creation

Updating a Custom Installation Profile

Updating an installation profile will create a new version for the profile.

Perform the steps to update a custom installation profile:

  • Login to the controller select Installation Profiles under Service Mesh.
  • Find the name of the custom profile in the custom profiles tab (can also use the search). Click the edit icon to update the profile
  • Click New Version
  • Provide a unique version name under Version Name
  • Select the installation parameters
  • Click Save Changes

Deleting a Custom Installation Profile

Perform the steps to delete a custom installation profile:

  • Login to the controller select Installation Profiles under Service Mesh
  • Find the name of the custom profile in the custom profiles tab (can also use 'search')
  • Click the trash icon to delete the installation profile

NOTE: If the profile is in use in a blueprint, you will not be able to delete the profile.

Using a Custom Installation Profile

Custom Installation Profiles can be selected as part of enabling Service Mesh when creating or updating a custom or golden blueprint.

Follow the instructions here to learn about creating a custom or golden blueprint.

  • Go to the Service Mesh section to enable the capability
  • In the profile section, use the dropdown to select either the default profile (istio-profile-minimal) or a custom profile that was created. Select the version you want to use.

Important

When using a custom blueprint, if it inherits from a golden blueprint, then the installation profile specified in the golden blueprint cannot be overridden or deleted. This is to ensure that the golden path for installation the admin specifies is being followed.

Installation Profile Assignment