An installation profile is a set of parameters that are used during the setting up and installation of the Service Mesh Managed Add-On (Istio).
The Installation Profiles page shows custom and default installation profiles. A default installation profile is provided that can be leveraged out of box in a majority of cases. In cases where installation profiles need to be customized to change some parameters, a custom installation profile can be created.
Custom Installation Profiles¶
In certain cases, admins may want the ability to customize certain installation parameters for Istio (e.g. for specific clusters or specific types of environment). To facilitate this, an admin can create custom installation profiles.
The installation profile supports two certificate types:
- Self-Signed: This is the default configuration where the Istio control plane itself is the Certificate Authority (CA).
- Cert Manager: In case different certificates need to be used (for example for mTLS encryption) or you need a more enhanced signing authority, you can select Cert Manager. In order to use this, Cert Manager Add-On components must be set up. Read to learn more.
Enable Sidecar Injection Globally¶
By default this parameter is disabled. However, when this parameter is turned on, anytime a namespace is created or republished, a sidecar will automatically be injected for the pods living in that namespace. This means that enabling sidecar injection at the namespace level is not applicable as it is always enabled by default. This is useful when potentially the entire cluster is being used for service mesh use cases.
See Istio's Sidecar Injection Documentation for more details.
NOTE: In order for sidecars to be injected for existing workloads, the pods must be restarted.
By default this parameter is disabled. However, enabling this creates an automatic ingress gateway that can be used to exposes a service outside of the service mesh or secure north-south traffic, much like a load balancer.
See Istio's Ingress Gateway Documentation for more details.
Depending on how much traffic will be running in your service mesh, you may want to fine tune your resource quotas in terms of CPU and memory. Specifically, the following parameters under resource quotas are supported.
- CPU and Memory Requests: This is the resource allocation for the Istio control plane components. The default is 500 mCores for CPU and 2 GB/2048 MB for memory. If you expect traffic spikes in the service mesh, then you may want to give more CPU and memory accordingly.
- CPU and Memory Limits: This determines the maximum cpu and memory that can be given to a given control plane component. If the workload for the control plane components needs more CPU or memory, it can be terminated. Hence, it is only recommended setting this if you want to preserve CPU or memory from a budgeting or performance point of view and if you expect no traffic spikes in the service mesh.
Creating a Custom Installation Profile¶
Perform the steps to create a custom installation profile:
- Login to the controller and select Installation Profiles under Service Mesh
- Under the Custom Profiles tab, click New Profile. Provide a name for the profile. Remember that if you intend to share this profile with other projects, the name needs to be unique. Click on Create
- Provide a unique version name under Version Name.
- Select the installation parameters you want to configure.
- Click Save Changes.
Updating a Custom Installation Profile¶
Updating an installation profile will create a new version for the profile.
Perform the steps to update a custom installation profile:
- Login to the controller select Installation Profiles under Service Mesh.
- Find the name of the custom profile in the custom profiles tab (can also use the search). Click the edit icon to update the profile
- Click New Version
- Provide a unique version name under Version Name
- Select the installation parameters
- Click Save Changes
Deleting a Custom Installation Profile¶
Perform the steps to delete a custom installation profile:
- Login to the controller select Installation Profiles under Service Mesh
- Find the name of the custom profile in the custom profiles tab (can also use 'search')
- Click the trash icon to delete the installation profile
NOTE: If the profile is in use in a blueprint, you will not be able to delete the profile.
Using a Custom Installation Profile¶
Custom Installation Profiles can be selected as part of enabling Service Mesh when creating or updating a blueprint.
Follow the instructions here for the Custom Blueprint Creation.
- Go to the Service Mesh section to enable the capability
- In the profile section, use the dropdown to select either the default profile (istio-profile-minimal) or a custom profile that was created. Select the version you want to use.