Configuration Options
Egress Support
By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the overlay file.
Enabling Automatic Sidecar Injection
Automatic sidecar injection is disabled by default. To enable this, set the sidecarInjectorWebhook.enableNamespacesByDefault=true
in the values.yaml on install or upgrade. This automatically enables Istio sidecar injection into all new namespaces that are deployed.
Overlay File
An Overlay File is designed to support extensive configuration of your Istio installation. It allows you to make changes to any values available in the IstioOperator API. This will ensure you can customize the default installation to fit any scenario.
The Overlay File will add configuration on top of the default installation that is provided from the Istio chart installation. This means you do not need to redefine the components that already defined for installation.
For more information on Overlay Files, refer to the Istio documentation.
Selectors and Scrape Configs
The Monitoring app sets prometheus.prometheusSpec.ignoreNamespaceSelectors=false
which enables monitoring across all namespaces by default. This ensures you can view traffic, metrics and graphs for resources deployed in a namespace with istio-injection=enabled
label.
If you would like to limit Prometheus to specific namespaces, set prometheus.prometheusSpec.ignoreNamespaceSelectors=true
. Once you do this, you must perform some additional configuration to continue to monitor your resources.
For details, refer to this section.
Enable Istio with Pod Security Policies
Refer to this section.
Additional Steps for Installing Istio on an SUSE® Rancher Prime: RKE2 Cluster
Refer to this section.
Additional Steps for Project Network Isolation
Refer to this section.