内容简介:Istio Helm Chart 的安装配置解析
| 序号 | 名称 | 用途 | 分类 | 归属 |
|---|---|---|---|---|
| 1 | virtualservices.networking.istio.io | 用于路由,定义virtual service | networking | pilot |
| 2 | destinationrules.networking.istio.io | 用于路由,定义destination rule | ||
| 3 | serviceentries.networking.istio.io | 用于路由,定义service entry | ||
| 4 | gateways.networking.istio.io | 用于路由,定义gateway | ||
| 5 | envoyfilters.networking.istio.io | 使用filter为特定envoy添加特定配置 | ||
| 6 | policies.authentication.istio.io | 用于authn,作用域为namespace | authentication | citadel |
| 7 | meshpolicies.authentication.istio.io | 用于authn,作用域为global | ||
| 8 | httpapispecbindings.config.istio.io | apim | mixer | |
| 9 | httpapispecs.config.istio.io | |||
| 10 | quotaspecbindings.config.istio.io | |||
| 11 | quotaspecs.config.istio.io | |||
| 12 | rules.config.istio.io | mixer rule,用于绑定handler和instance | mixer core | |
| 13 | attributemanifests.config.istio.io | 定义envoy传递给mixer的用于policy和telemetry的attribute | ||
| 14 | bypasses.config.istio.io | mixer adapter用于处理从envoy收集的数据 | ||
| 15 | circonuses.config.istio.io | 定义circonus adapter | ||
| 16 | deniers.config.istio.io | 定义dinier adapter | ||
| 17 | fluentds.config.istio.io | 定义fluentd adapter | ||
| 18 | kubernetesenvs.config.istio.io | 定义kubernetesenv adapter | ||
| 19 | listcheckers.config.istio.io | 定义list adapter | ||
| 20 | memquotas.config.istio.io | 定义memquota adapter | ||
| 21 | noops.config.istio.io | |||
| 22 | opas.config.istio.io | 定义opa adapter | ||
| 23 | prometheuses.config.istio.io | 定义prometheus adapter | ||
| 24 | rbacs.config.istio.io | 定义rbac adapter | ||
| 25 | redisquotas.config.istio.io | 定义redisquota adapter | ||
| 26 | servicecontrols.config.istio.io | 定义servicecontrol adapter | ||
| 27 | signalfxs.config.istio.io | 定义signalfx adapter | ||
| 28 | solarwindses.config.istio.io | 定义solarwinds adapter | ||
| 29 | stackdrivers.config.istio.io | 定义stackdriver adapter | ||
| 30 | statsds.config.istio.io | 定义statsd adapter | ||
| 31 | stdios.config.istio.io | 定义stdio adapter | ||
| 32 | apikeys.config.istio.io | 定义apikey template | mixer instance用于定义从envoy收集的数据 | |
| 33 | authorizations.config.istio.io | 定义authorization template | ||
| 34 | checknothings.config.istio.io | 定义checknothing template | ||
| 35 | kuberneteses.config.istio.io | 定义kubernetes template | ||
| 36 | listentries.config.istio.io | 定义listentry template | ||
| 37 | logentries.config.istio.io | 定义logentry template | ||
| 38 | edges.config.istio.io | |||
| 39 | metrics.config.istio.io | 定义metric template | ||
| 40 | quotas.config.istio.io | 定义quota template | ||
| 41 | reportnothings.config.istio.io | 定义reportnothing template | ||
| 42 | servicecontrolreports.config.istio.io | 定义servicecontrolreport template | ||
| 43 | tracespans.config.istio.io | 定义tracespan template | ||
| 44 | rbacconfigs.rbac.istio.io | 用于authz,定义istio的rbac策略 | rbac | |
| 45 | serviceroles.rbac.istio.io | 用于authz,定义service role | ||
| 46 | servicerolebindings.rbac.istio.io | 用于authz,定义service role binding | ||
| 47 | adapters.config.istio.io | others | ||
| 48 | instances.config.istio.io | |||
| 49 | templates.config.istio.io | |||
| 50 | handlers.config.istio.io |
Istio Helm Chart 的安装配置解析
| 序号 | chart | 文件 | k8s组件类型 | k8s组件名称 | 用途 |
|---|---|---|---|---|---|
| 1 | main | _affinity.tpl | 无 | 无 | 用于定义各个组件deployment chart中的nodeAffinity |
| _helpers.tpl | 无 | 无 | 用于定义各个组件chart中一些变量的默认值 | ||
| configmap.yaml | ConfigMap | istio | istio主配置configmap | ||
| crds.yaml | CustomResourceDefinition | 共50个 | istio需要的所有的crd资源 | ||
| install-custom-resources.sh.tpl | 无 | 无 | 用于定义grafana和security chart中configmap中所包含的脚本,验证istio-galley validatingwebhookconfiguration已经存在并且部署组件相关其他资源 | ||
| sidecar-injector-configmap.yaml | ConfigMap | istio-sidecar-injector | 用于定义sidecar injector的configmap | ||
| 2 | sidecarInjectorWebhook默认开启 | _helpers.tpl | 无 | 无 | 用于定义sidecarInjectorWebhook chart中一些变量的默认值 |
| clusterrole.yaml | ClusterRole | istio-sidecar-injector-{{ .Release.Namespace }} | 用于定义sidecarInjectorWebhook使用的clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} | 用于定义sidecarInjectorWebhook使用的clusterrolebinding | ||
| deployment.yaml | Deployment | istio-sidecar-injector | 用于定义sidecarInjectorWebhook使用的deployment | ||
| mutatingwebhook.yaml | MutatingWebhookConfiguration | istio-sidecar-injector | 用于定义sidecarInjectorWebhook使用的mutatingwebhookconfiguration | ||
| service.yaml | Service | istio-sidecar-injector | 用于定义sidecarInjectorWebhook使用的service | ||
| serviceaccount.yaml | ServiceAccount | istio-sidecar-injector-service-account | 用于定义sidecarInjectorWebhook使用的serviceaccount | ||
| 3 | security默认开启 | _helpers.tpl | 无 | 无 | 用于定义security chart中一些变量的默认值 |
| cleanup-secrets.yaml | ServiceAccount | istio-cleanup-secrets-service-account | 在helm删除istio后对citadel中的secret进行清理 | ||
| ClusterRole | istio-cleanup-secrets-{{ .Release.Namespace }} | ||||
| ClusterRoleBinding | istio-cleanup-secrets-{{ .Release.Namespace }} | ||||
| Job | istio-cleanup-secrets | ||||
| clusterrole.yaml | ClusterRole | istio-citadel-{{ .Release.Namespace }} | 用于定义citadel相关clusterole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-citadel-{{ .Release.Namespace }} | 用于定义citdel相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | istio-security-custom-resources | 用于定义citidel相关configmap,与global values中的mtls.enabled相关,是否启用全局的mtls authn | ||
| create-custom-resources-job.yaml | ServiceAccount | istio-security-post-install-account | 在global values的mtls.enabled设置为true后才会生效,建立mtls相关serviceaccount,clusterrole,clusterrolebinding,以及comfigmap中定义的其他相关对象 | ||
| ClusterRole | istio-security-post-install-{{ .Release.Namespace }} | ||||
| ClusterRoleBinding | istio-security-post-install-role-binding-{{ .Release.Namespace }} | ||||
| Job | istio-security-post-install | ||||
| deployment.yaml | Deployment | istio-citadel | 用于定义citadel相关deployment | ||
| enable-mesh-mtls.yaml | MeshPolicy | default | 在global values的mtls.enabled设置为true后,这些资源会写入configmap | ||
| DestinationRule | default | ||||
| DestinationRule | api-server | ||||
| meshexpansion.yaml | VirtualService | meshexpansion-citadel | 在global values的meshExpansion设置为true后,新建citadel相关virtualservice | ||
| VirtualService | meshexpansion-ilb-citadel | 在global values的meshExpansionILB设置为true后,新建citadel相关virtualservice | |||
| service.yaml | Service | istio-citadel | 用于定义citade相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-citadel-service-account | 用于定义citade相关serviceaccount | ||
| 4 | galley默认开启 | _helpers.tpl | 无 | 无 | 用于定义galley chart中一些变量的默认值 |
| clusterrole.yaml | ClusterRole | istio-galley-{{ .Release.Namespace }} | 用于定义galley相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-galley-admin-role-binding-{{ .Release.Namespace }} | 用于定义galley相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | istio-galley-configuration | 用于定义galley相关configmap | ||
| deployment.yaml | Deployment | istio-galley | 用于定义galley相关deployment | ||
| service.yaml | Service | istio-galley | 用于定义galley相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-galley-service-account | 用于定义galley相关serviceaccount | ||
| validatingwehookconfiguration.yaml.tpl | ValidatingWebhookConfiguration | istio-galley | 用于定义对pilot和mixer的配置进行验证,与galley deployment关联 | ||
| 5 | mixer默认开启 | _helpers.tpl | 无 | 无 | 用于定义mixer chart中一些变量的默认值 |
| autoscale.yaml | HorizontalPodAutoscaler | istio-policy | 用于定义mixer,包括policy和telemetry的horizontalpodautoscaler | ||
| HorizontalPodAutoscaler | istio-telemetry | ||||
| clusterrole.yaml | ClusterRole | istio-mixer-{{ .Release.Namespace }} | 用于定义mixer相关clusterole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-mixer-admin-role-binding-{{ .Release.Namespace }} | 用于定义mixer相关clusterolebinding | ||
| config.yaml | attributemanifest | istioproxy | 用于定义从envoy到mixer的attributemanifest | ||
| attributemanifest | kubernetes | 用于定义从k8s到mixer的attributemanifest | |||
| stdio | handler | 用于定义stdio handler | |||
| logentry | accesslog | 用于定义http logentry instance | |||
| logentry | tcpaccesslog | 用于定义tcp logentry instance | |||
| rule | stdio | 用于定义从accesslog.logentry到handler.stdio的rule,将accesslog发送至stdio | |||
| rule | stdiotcp | 用于定义从tcpaccesslog.logentry到handler.stdio的rule,将tcpaccesslog发送至stdio | |||
| metric | requestcount | 用于定义requestcount metric instance | |||
| metric | requestduration | 用于定义requestduration metric instance | |||
| metric | requestsize | 用于定义requestsize metric instance | |||
| metric | responsesize | 用于定义responsesize metric instance | |||
| metric | tcpbytesent | 用于定义tcpbytesent metric instance | |||
| metric | tcpbytereceived | 用于定义tcpbytereceived metric instance | |||
| prometheus | handler | 用于定义prometheus handler | |||
| rule | promhttp | 用于定义从requestcount.metric,requestduration.metric,requestsize.metric和responsesize.metric到handler.prometheus的rule,将http metric发送至prometheus | |||
| rule | promtcp | 用于定义从tcpbytesent.metric和tcpbytereceived.metric到handler.prometheus的rule,将tcp metric发送至prometheus | |||
| kubernetesenv | handler | 用于定义kubernetesenv handler | |||
| rule | kubeattrgenrulerule | 用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes相关attribute | |||
| rule | tcpkubeattrgenrulerule | 用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes tcp相关attribute | |||
| kubernetes | attributes | 用于定义kubernetes相关attribute instance | |||
| DestinationRule | istio-policy | 用于定义istio-policy相关destinationrule | |||
| DestinationRule | istio-telemetry | 用于定义istio-telemetry相关destinationrule | |||
| configmap.yaml | ConfigMap | istio-statsd-prom-bridge | 用于定义istio-statsd-prom-bridge相关configmap | ||
| deployment.yaml | Deployment | istio-policy | 用于定义istio-policy相关deployment | ||
| Deployment | istio-telemetry | 用于定义istio-telemetry相关deployment | |||
| service.yaml | Service | istio-policy | 用于定义istio-policy相关service | ||
| Service | istio-telemetry | 用于定义istio-telemetry相关service | |||
| serviceaccount.yaml | ServiceAccount | istio-mixer-service-account | 用于定义mixer相关serviceaccount | ||
| statsdtoprom.yaml | Service | istio-statsd-prom-bridge | 用于定义istio-statsd-prom-bridge相关service | ||
| Deployment | istio-statsd-prom-bridge | 用于定义istio-statsd-prom-bridge相关deployment | |||
| 6 | pilot默认开启 | autoscale.yaml | horizontalPodAutoscaler | istio-pilot | 用于定义pilot相关horizontalpodautoscaler |
| clusterrole.yaml | ClusterRole | istio-pilot | 用于定义pilot相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-pilot | 用于定义pilot相关clusterrolebinding | ||
| deployment.yaml | Deployment | istio-pilot | 用于定义pilot相关deployment | ||
| gateway.yaml | Gateway | istio-autogenerated-k8s-ingress | 用于定义pilot相关gateway,缺省向前兼容,使用ingress | ||
| Gateway | meshexpansion-gateway | 用于定义pilot相关gateway,如果global.meshExpansion设置为true,则将pilot暴露在gateway | |||
| Gateway | meshexpansion-ilb-gateway | 用于定义pilot相关gateway,如果global.meshExpansionILB设置为true,则将pilot暴露在internal gateway | |||
| meshexpansion.yaml | VirtualService | meshexpansion-pilot | 在global values的meshExpansion设置为true后,新建pilot相关virtualservice | ||
| VirtualService | ilb-meshexpansion-pilot | 在global values的meshExpansionILB设置为true后,新建pilot相关virtualservice | |||
| service.yaml | Service | istio-pilot | 用于定义pilot相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-pilot-service-account | 用于定义pilot相关serviceaccount | ||
| 7 | gateways默认开启 | autoscale.yaml | horizontalPodAutoscaler | istio-ingressgateway | 用于定义ingressgateway相关horizontalpodautoscaler |
| horizontalPodAutoscaler | istio-egressgateway | 用于定义egressgateway相关horizontalpodautoscaler | |||
| horizontalPodAutoscaler | istio-ilbgateway | 用于定义ilbgateway相关horizontalpodautoscaler,默认关闭,只支持gcp | |||
| clusterrole.yaml | ClusterRole | istio-ingressgateway-{{ $.Release.Namespace }} | 用于定义ingressgateway相关clusterrole | ||
| ClusterRole | istio-egressgateway-{{ $.Release.Namespace }} | 用于定义egressgateway相关clusterrole | |||
| ClusterRole | istio-ilbgateway-{{ $.Release.Namespace }} | 用于定义ilbgateway相关clusterrole,默认关闭,只支持gcp | |||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-ingressgateway-{{ $.Release.Namespace }} | 用于定义ingressgateway相关clusterrolebinding | ||
| ClusterRoleBinding | istio-egressgateway-{{ $.Release.Namespace }} | 用于定义egressgateway相关clusterrolebinding | |||
| ClusterRoleBinding | istio-ilbgateway-{{ $.Release.Namespace }} | 用于定义ilbgateway相关clusterrolebindig,默认关闭,只支持gcp | |||
| deployment.yaml | Deployment | istio-ingressgateway | 用于定义ingressgateway相关deployment | ||
| Deployment | istio-egressgateway | 用于定义egressgateway相关deployment | |||
| Deployment | istio-ilbgateway | 用于定义ilbgateway相关deployment,默认关闭,只支持gcp | |||
| service.yaml | Service | istio-ingressgateway | 用于定义ingressgateway相关service | ||
| Service | istio-egressgateway | 用于定义egressgateway相关service | |||
| Service | istio-ilbgateway | 用于定义ilbgateway相关service,默认关闭,只支持gcp | |||
| serviceaccount.yaml | ServiceAccount | istio-ingressgateway-service-account | 用于定义ingressgateway相关serviceaccount | ||
| ServiceAccount | istio-egressgateway-service-account | 用于定义egressgateway相关serviceaccount | |||
| ServiceAccount | istio-ilbgateway-service-account | 用于定义ilbgateway相关serviceaccount,默认关闭,只支持gcp | |||
| 8 | prometheus默认开启 | _helpers.tpl | 无 | 无 | 用于定义prometheus chart中一些变量的默认值 |
| clusterrole.yaml | ClusterRole | prometheus-{{ .Release.Namespace }} | 用于定义prometheus相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | prometheus-{{ .Release.Namespace }} | 用于定义prometheus相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | prometheus | 用于定义prometheus相关configmap | ||
| deployment.yaml | Deployment | prometheus | 用于定义prometheus相关deployment | ||
| service.yaml | Service | prometheus | 用于定义prometheus相关service | ||
| serviceaccount.yaml | ServiceAccount | prometheus | 用于定义prometheus相关serviceaccount | ||
| 9 | telemetry-gateway默认关闭 | gateway.yaml | Gateway | istio-telemetry-gateway | 用于定义prometheus和grafana的gateway,如果prometheusEnabled设置为true,则添加prometheus相关gateway配置,如果grafanaEnabled设置为true,则添加grafana相关gateway配置 |
| DestinationRule | grafana | 定义prometheus相关destinationrule | |||
| DestinationRule | prometheus | 定义grafana相关destinationrule | |||
| VirtualService | telemetry-virtual-service | 用于定义prometheus和grafana的virtualservice,如果prometheusEnabled设置为true,则添加prometheus相关virtualservice配置,如果grafanaEnabled设置为true,则添加grafana相关virtualservice配置 | |||
| 10 | ingress默认关闭legacy ingress support | autoscale.yaml | HorizontalPodAutoscaler | istio-ingress | 用于定义ingress相关horizontalpodautoscaler |
| clusterrole.yaml | ClusterRole | istio-ingress-{{ .Release.Namespace }} | 用于定义ingress相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-ingress-{{ .Release.Namespace }} | 用于定义ingress相关clusterrolebinding | ||
| deployment.yaml | Deployment | istio-ingress | 用于定义ingress相关deployment | ||
| service.yaml | Service | istio-ingress | 用于定义ingress相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-ingress-service-account | 用于定义ingress相关serviceaccount | ||
| 11 | grafana默认关闭 | _helpers.tpl | 无 | 无 | 用于定义grafana chart中一些变量的默认值 |
| configmap.yaml | ConfigMap | istio-grafana-custom-resources | 用于定义grafana相关configmap | ||
| create-custom-resources-job.yaml | ServiceAccount | istio-grafana-post-install-account | 用于定义grafana post install相关serviceaccount | ||
| ClusterRole | istio-grafana-post-install-{{ .Release.Namespace }} | 用于定义grafana post install相关clusterrole | |||
| ClusterRoleBinding | istio-grafana-post-install-role-binding-{{ .Release.Namespace }} | 用于定义grafana post install相关clusterrolebinding | |||
| Job | istio-grafana-post-install | 用于定义grafana post install相关job | |||
| deployment.yaml | Deployment | grafana | 用于定义grafana相关deployment | ||
| grafana-ports-mtls.yaml | Policy | grafana-ports-mtls-disabled | 对grafana访问开启mtls | ||
| pvc.yaml | PersistentVolumeClaim | istio-grafana-pvc | 如果persist设置为true,则为grafana新建pvc和pv | ||
| secret.yaml | Secret | grafana | 如果security.enabled设置为true,则为grafana启用authn | ||
| service.yaml | Service | grafana | 用于定义grafana相关service | ||
| 12 | servicegraph默认关闭 | _helpers.tpl | 无 | 无 | 用于定义servicegraph chart中一些变量的默认值 |
| deployment.yaml | Deployment | servicegraph | 用于定义servicegraph相关deployment | ||
| ingress.yaml | Ingress | servicegraph | 用于定义servicegraph相关ingress | ||
| service.yaml | Service | servicegraph | 用于定义servicegraph相关service | ||
| 13 | tracing默认关闭 | _helpers.tpl | 无 | 无 | 用于定义tracing chart中一些变量的默认值 |
| deployment.yaml | Deployment | istio-tracing | 用于定义jaeger tracing相关deployment | ||
| ingress-jaeger.yaml | Ingress | jaeger-query | 用于定义jaeger tracing相关ingress | ||
| ingress.yaml | Ingress | tracing | 用于定义zipkin tracing相关ingress | ||
| service-jaeger.yaml | Service | jaeger-query | 用于定义jaeger tracing query相关service | ||
| Service | jaeger-collector | 用于定义jaeger tracing collector相关service | |||
| Service | jaeger-agent | 用于定义jaeger tracing agent相关service | |||
| service.yaml | Service | zipkin | 用于定义zipkin tracing相关service | ||
| Service | tracing | 用于定义jaeger tracing相关service | |||
| 14 | kiali默认关闭 | clusterrole.yaml | ClusterRole | kiali | 用于定义kiali相关clusterrole |
| clusterrolebinding.yaml | ClusterRoleBinding | istio-kiali-admin-role-binding-{{ .Release.Namespace }} | 用于定义kiali相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | kiali | 用于定义kiali相关configmap | ||
| deployment.yaml | Deployment | kiali | 用于定义kiali相关deployment | ||
| ingress.yaml | Ingress | kiali | 用于定义kiali相关ingress | ||
| secrets.yaml | Secret | kiali | 用于定义kiali相关secret | ||
| service.yaml | Service | kiali | 用于定义kiali相关service | ||
| serviceaccount.yaml | ServiceAccount | kiali-service-account | 用于定义kiali相关serviceaccount | ||
| 15 | certmanager默认关闭 | _helpers.tpl | 无 | 无 | 用于定义certmanager chart中一些变量的默认值 |
| crds.yaml | CustomResourceDefinition | clusterissuers.certmanager.k8s.io | 用于定义certmanager相关crd | ||
| CustomResourceDefinition | issuers.certmanager.k8s.io | ||||
| CustomResourceDefinition | certificates.certmanager.k8s.io | ||||
| deployment.yaml | Deployment | certmanager | 用于定义certmanager相关deployment | ||
| issuer.yaml | ClusterIssuer | letsencrypt-staging | 用于定义certmanager相关clusterissuer | ||
| ClusterIssuer | letsencrypt | ||||
| rbac.yaml | ClusterRole | certmanager | 用于定义certmanager相关clusterrole | ||
| ClusterRoleBinding | certmanager | 用于定义certmanager相关clusterrolebinding | |||
| certmanager | ServiceAccount | certmanager | 用于定义certmanager相关serviceaccount |
以上所述就是小编给大家介绍的《Istio CRD 汇总与 Helm Chart 配置解析》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
新媒体革命——在线时代的媒体、公关与传播
仇勇 / 电子工业出版社 / 2016-2-1 / CNY 50.00
这既是传统媒体的大裂变年代,也是在线媒体开启的新闻业的黄金时代。 信息流动的新法则不仅改变了媒体业,也在重塑公关、传播和商业的面貌。总之,这个世界的连接方式不仅不再相同,而且这一改变不可逆转。在这个全新重启的在线时代里,无论是信息的获取还是商业本身,信任都变得比以往更重要。 从告别传统媒体的那一刻起,我就有着两个小小的“野心”:一是探寻适合在线时代的媒体生产方式;二是让优质内容有权获得......一起来看看 《新媒体革命——在线时代的媒体、公关与传播》 这本书的介绍吧!
