内容简介:Istio Helm Chart 的安装配置解析
| 序号 | 名称 | 用途 | 分类 | 归属 |
|---|---|---|---|---|
| 1 | virtualservices.networking.istio.io | 用于路由,定义virtual service | networking | pilot |
| 2 | destinationrules.networking.istio.io | 用于路由,定义destination rule | ||
| 3 | serviceentries.networking.istio.io | 用于路由,定义service entry | ||
| 4 | gateways.networking.istio.io | 用于路由,定义gateway | ||
| 5 | envoyfilters.networking.istio.io | 使用filter为特定envoy添加特定配置 | ||
| 6 | policies.authentication.istio.io | 用于authn,作用域为namespace | authentication | citadel |
| 7 | meshpolicies.authentication.istio.io | 用于authn,作用域为global | ||
| 8 | httpapispecbindings.config.istio.io | apim | mixer | |
| 9 | httpapispecs.config.istio.io | |||
| 10 | quotaspecbindings.config.istio.io | |||
| 11 | quotaspecs.config.istio.io | |||
| 12 | rules.config.istio.io | mixer rule,用于绑定handler和instance | mixer core | |
| 13 | attributemanifests.config.istio.io | 定义envoy传递给mixer的用于policy和telemetry的attribute | ||
| 14 | bypasses.config.istio.io | mixer adapter用于处理从envoy收集的数据 | ||
| 15 | circonuses.config.istio.io | 定义circonus adapter | ||
| 16 | deniers.config.istio.io | 定义dinier adapter | ||
| 17 | fluentds.config.istio.io | 定义fluentd adapter | ||
| 18 | kubernetesenvs.config.istio.io | 定义kubernetesenv adapter | ||
| 19 | listcheckers.config.istio.io | 定义list adapter | ||
| 20 | memquotas.config.istio.io | 定义memquota adapter | ||
| 21 | noops.config.istio.io | |||
| 22 | opas.config.istio.io | 定义opa adapter | ||
| 23 | prometheuses.config.istio.io | 定义prometheus adapter | ||
| 24 | rbacs.config.istio.io | 定义rbac adapter | ||
| 25 | redisquotas.config.istio.io | 定义redisquota adapter | ||
| 26 | servicecontrols.config.istio.io | 定义servicecontrol adapter | ||
| 27 | signalfxs.config.istio.io | 定义signalfx adapter | ||
| 28 | solarwindses.config.istio.io | 定义solarwinds adapter | ||
| 29 | stackdrivers.config.istio.io | 定义stackdriver adapter | ||
| 30 | statsds.config.istio.io | 定义statsd adapter | ||
| 31 | stdios.config.istio.io | 定义stdio adapter | ||
| 32 | apikeys.config.istio.io | 定义apikey template | mixer instance用于定义从envoy收集的数据 | |
| 33 | authorizations.config.istio.io | 定义authorization template | ||
| 34 | checknothings.config.istio.io | 定义checknothing template | ||
| 35 | kuberneteses.config.istio.io | 定义kubernetes template | ||
| 36 | listentries.config.istio.io | 定义listentry template | ||
| 37 | logentries.config.istio.io | 定义logentry template | ||
| 38 | edges.config.istio.io | |||
| 39 | metrics.config.istio.io | 定义metric template | ||
| 40 | quotas.config.istio.io | 定义quota template | ||
| 41 | reportnothings.config.istio.io | 定义reportnothing template | ||
| 42 | servicecontrolreports.config.istio.io | 定义servicecontrolreport template | ||
| 43 | tracespans.config.istio.io | 定义tracespan template | ||
| 44 | rbacconfigs.rbac.istio.io | 用于authz,定义istio的rbac策略 | rbac | |
| 45 | serviceroles.rbac.istio.io | 用于authz,定义service role | ||
| 46 | servicerolebindings.rbac.istio.io | 用于authz,定义service role binding | ||
| 47 | adapters.config.istio.io | others | ||
| 48 | instances.config.istio.io | |||
| 49 | templates.config.istio.io | |||
| 50 | handlers.config.istio.io |
Istio Helm Chart 的安装配置解析
| 序号 | chart | 文件 | k8s组件类型 | k8s组件名称 | 用途 |
|---|---|---|---|---|---|
| 1 | main | _affinity.tpl | 无 | 无 | 用于定义各个组件deployment chart中的nodeAffinity |
| _helpers.tpl | 无 | 无 | 用于定义各个组件chart中一些变量的默认值 | ||
| configmap.yaml | ConfigMap | istio | istio主配置configmap | ||
| crds.yaml | CustomResourceDefinition | 共50个 | istio需要的所有的crd资源 | ||
| install-custom-resources.sh.tpl | 无 | 无 | 用于定义grafana和security chart中configmap中所包含的脚本,验证istio-galley validatingwebhookconfiguration已经存在并且部署组件相关其他资源 | ||
| sidecar-injector-configmap.yaml | ConfigMap | istio-sidecar-injector | 用于定义sidecar injector的configmap | ||
| 2 | sidecarInjectorWebhook默认开启 | _helpers.tpl | 无 | 无 | 用于定义sidecarInjectorWebhook chart中一些变量的默认值 |
| clusterrole.yaml | ClusterRole | istio-sidecar-injector-{{ .Release.Namespace }} | 用于定义sidecarInjectorWebhook使用的clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-sidecar-injector-admin-role-binding-{{ .Release.Namespace }} | 用于定义sidecarInjectorWebhook使用的clusterrolebinding | ||
| deployment.yaml | Deployment | istio-sidecar-injector | 用于定义sidecarInjectorWebhook使用的deployment | ||
| mutatingwebhook.yaml | MutatingWebhookConfiguration | istio-sidecar-injector | 用于定义sidecarInjectorWebhook使用的mutatingwebhookconfiguration | ||
| service.yaml | Service | istio-sidecar-injector | 用于定义sidecarInjectorWebhook使用的service | ||
| serviceaccount.yaml | ServiceAccount | istio-sidecar-injector-service-account | 用于定义sidecarInjectorWebhook使用的serviceaccount | ||
| 3 | security默认开启 | _helpers.tpl | 无 | 无 | 用于定义security chart中一些变量的默认值 |
| cleanup-secrets.yaml | ServiceAccount | istio-cleanup-secrets-service-account | 在helm删除istio后对citadel中的secret进行清理 | ||
| ClusterRole | istio-cleanup-secrets-{{ .Release.Namespace }} | ||||
| ClusterRoleBinding | istio-cleanup-secrets-{{ .Release.Namespace }} | ||||
| Job | istio-cleanup-secrets | ||||
| clusterrole.yaml | ClusterRole | istio-citadel-{{ .Release.Namespace }} | 用于定义citadel相关clusterole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-citadel-{{ .Release.Namespace }} | 用于定义citdel相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | istio-security-custom-resources | 用于定义citidel相关configmap,与global values中的mtls.enabled相关,是否启用全局的mtls authn | ||
| create-custom-resources-job.yaml | ServiceAccount | istio-security-post-install-account | 在global values的mtls.enabled设置为true后才会生效,建立mtls相关serviceaccount,clusterrole,clusterrolebinding,以及comfigmap中定义的其他相关对象 | ||
| ClusterRole | istio-security-post-install-{{ .Release.Namespace }} | ||||
| ClusterRoleBinding | istio-security-post-install-role-binding-{{ .Release.Namespace }} | ||||
| Job | istio-security-post-install | ||||
| deployment.yaml | Deployment | istio-citadel | 用于定义citadel相关deployment | ||
| enable-mesh-mtls.yaml | MeshPolicy | default | 在global values的mtls.enabled设置为true后,这些资源会写入configmap | ||
| DestinationRule | default | ||||
| DestinationRule | api-server | ||||
| meshexpansion.yaml | VirtualService | meshexpansion-citadel | 在global values的meshExpansion设置为true后,新建citadel相关virtualservice | ||
| VirtualService | meshexpansion-ilb-citadel | 在global values的meshExpansionILB设置为true后,新建citadel相关virtualservice | |||
| service.yaml | Service | istio-citadel | 用于定义citade相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-citadel-service-account | 用于定义citade相关serviceaccount | ||
| 4 | galley默认开启 | _helpers.tpl | 无 | 无 | 用于定义galley chart中一些变量的默认值 |
| clusterrole.yaml | ClusterRole | istio-galley-{{ .Release.Namespace }} | 用于定义galley相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-galley-admin-role-binding-{{ .Release.Namespace }} | 用于定义galley相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | istio-galley-configuration | 用于定义galley相关configmap | ||
| deployment.yaml | Deployment | istio-galley | 用于定义galley相关deployment | ||
| service.yaml | Service | istio-galley | 用于定义galley相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-galley-service-account | 用于定义galley相关serviceaccount | ||
| validatingwehookconfiguration.yaml.tpl | ValidatingWebhookConfiguration | istio-galley | 用于定义对pilot和mixer的配置进行验证,与galley deployment关联 | ||
| 5 | mixer默认开启 | _helpers.tpl | 无 | 无 | 用于定义mixer chart中一些变量的默认值 |
| autoscale.yaml | HorizontalPodAutoscaler | istio-policy | 用于定义mixer,包括policy和telemetry的horizontalpodautoscaler | ||
| HorizontalPodAutoscaler | istio-telemetry | ||||
| clusterrole.yaml | ClusterRole | istio-mixer-{{ .Release.Namespace }} | 用于定义mixer相关clusterole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-mixer-admin-role-binding-{{ .Release.Namespace }} | 用于定义mixer相关clusterolebinding | ||
| config.yaml | attributemanifest | istioproxy | 用于定义从envoy到mixer的attributemanifest | ||
| attributemanifest | kubernetes | 用于定义从k8s到mixer的attributemanifest | |||
| stdio | handler | 用于定义stdio handler | |||
| logentry | accesslog | 用于定义http logentry instance | |||
| logentry | tcpaccesslog | 用于定义tcp logentry instance | |||
| rule | stdio | 用于定义从accesslog.logentry到handler.stdio的rule,将accesslog发送至stdio | |||
| rule | stdiotcp | 用于定义从tcpaccesslog.logentry到handler.stdio的rule,将tcpaccesslog发送至stdio | |||
| metric | requestcount | 用于定义requestcount metric instance | |||
| metric | requestduration | 用于定义requestduration metric instance | |||
| metric | requestsize | 用于定义requestsize metric instance | |||
| metric | responsesize | 用于定义responsesize metric instance | |||
| metric | tcpbytesent | 用于定义tcpbytesent metric instance | |||
| metric | tcpbytereceived | 用于定义tcpbytereceived metric instance | |||
| prometheus | handler | 用于定义prometheus handler | |||
| rule | promhttp | 用于定义从requestcount.metric,requestduration.metric,requestsize.metric和responsesize.metric到handler.prometheus的rule,将http metric发送至prometheus | |||
| rule | promtcp | 用于定义从tcpbytesent.metric和tcpbytereceived.metric到handler.prometheus的rule,将tcp metric发送至prometheus | |||
| kubernetesenv | handler | 用于定义kubernetesenv handler | |||
| rule | kubeattrgenrulerule | 用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes相关attribute | |||
| rule | tcpkubeattrgenrulerule | 用于定义从attributes.kubernetes到handler.kubernetesenv的rule,生成kubernetes tcp相关attribute | |||
| kubernetes | attributes | 用于定义kubernetes相关attribute instance | |||
| DestinationRule | istio-policy | 用于定义istio-policy相关destinationrule | |||
| DestinationRule | istio-telemetry | 用于定义istio-telemetry相关destinationrule | |||
| configmap.yaml | ConfigMap | istio-statsd-prom-bridge | 用于定义istio-statsd-prom-bridge相关configmap | ||
| deployment.yaml | Deployment | istio-policy | 用于定义istio-policy相关deployment | ||
| Deployment | istio-telemetry | 用于定义istio-telemetry相关deployment | |||
| service.yaml | Service | istio-policy | 用于定义istio-policy相关service | ||
| Service | istio-telemetry | 用于定义istio-telemetry相关service | |||
| serviceaccount.yaml | ServiceAccount | istio-mixer-service-account | 用于定义mixer相关serviceaccount | ||
| statsdtoprom.yaml | Service | istio-statsd-prom-bridge | 用于定义istio-statsd-prom-bridge相关service | ||
| Deployment | istio-statsd-prom-bridge | 用于定义istio-statsd-prom-bridge相关deployment | |||
| 6 | pilot默认开启 | autoscale.yaml | horizontalPodAutoscaler | istio-pilot | 用于定义pilot相关horizontalpodautoscaler |
| clusterrole.yaml | ClusterRole | istio-pilot | 用于定义pilot相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-pilot | 用于定义pilot相关clusterrolebinding | ||
| deployment.yaml | Deployment | istio-pilot | 用于定义pilot相关deployment | ||
| gateway.yaml | Gateway | istio-autogenerated-k8s-ingress | 用于定义pilot相关gateway,缺省向前兼容,使用ingress | ||
| Gateway | meshexpansion-gateway | 用于定义pilot相关gateway,如果global.meshExpansion设置为true,则将pilot暴露在gateway | |||
| Gateway | meshexpansion-ilb-gateway | 用于定义pilot相关gateway,如果global.meshExpansionILB设置为true,则将pilot暴露在internal gateway | |||
| meshexpansion.yaml | VirtualService | meshexpansion-pilot | 在global values的meshExpansion设置为true后,新建pilot相关virtualservice | ||
| VirtualService | ilb-meshexpansion-pilot | 在global values的meshExpansionILB设置为true后,新建pilot相关virtualservice | |||
| service.yaml | Service | istio-pilot | 用于定义pilot相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-pilot-service-account | 用于定义pilot相关serviceaccount | ||
| 7 | gateways默认开启 | autoscale.yaml | horizontalPodAutoscaler | istio-ingressgateway | 用于定义ingressgateway相关horizontalpodautoscaler |
| horizontalPodAutoscaler | istio-egressgateway | 用于定义egressgateway相关horizontalpodautoscaler | |||
| horizontalPodAutoscaler | istio-ilbgateway | 用于定义ilbgateway相关horizontalpodautoscaler,默认关闭,只支持gcp | |||
| clusterrole.yaml | ClusterRole | istio-ingressgateway-{{ $.Release.Namespace }} | 用于定义ingressgateway相关clusterrole | ||
| ClusterRole | istio-egressgateway-{{ $.Release.Namespace }} | 用于定义egressgateway相关clusterrole | |||
| ClusterRole | istio-ilbgateway-{{ $.Release.Namespace }} | 用于定义ilbgateway相关clusterrole,默认关闭,只支持gcp | |||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-ingressgateway-{{ $.Release.Namespace }} | 用于定义ingressgateway相关clusterrolebinding | ||
| ClusterRoleBinding | istio-egressgateway-{{ $.Release.Namespace }} | 用于定义egressgateway相关clusterrolebinding | |||
| ClusterRoleBinding | istio-ilbgateway-{{ $.Release.Namespace }} | 用于定义ilbgateway相关clusterrolebindig,默认关闭,只支持gcp | |||
| deployment.yaml | Deployment | istio-ingressgateway | 用于定义ingressgateway相关deployment | ||
| Deployment | istio-egressgateway | 用于定义egressgateway相关deployment | |||
| Deployment | istio-ilbgateway | 用于定义ilbgateway相关deployment,默认关闭,只支持gcp | |||
| service.yaml | Service | istio-ingressgateway | 用于定义ingressgateway相关service | ||
| Service | istio-egressgateway | 用于定义egressgateway相关service | |||
| Service | istio-ilbgateway | 用于定义ilbgateway相关service,默认关闭,只支持gcp | |||
| serviceaccount.yaml | ServiceAccount | istio-ingressgateway-service-account | 用于定义ingressgateway相关serviceaccount | ||
| ServiceAccount | istio-egressgateway-service-account | 用于定义egressgateway相关serviceaccount | |||
| ServiceAccount | istio-ilbgateway-service-account | 用于定义ilbgateway相关serviceaccount,默认关闭,只支持gcp | |||
| 8 | prometheus默认开启 | _helpers.tpl | 无 | 无 | 用于定义prometheus chart中一些变量的默认值 |
| clusterrole.yaml | ClusterRole | prometheus-{{ .Release.Namespace }} | 用于定义prometheus相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | prometheus-{{ .Release.Namespace }} | 用于定义prometheus相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | prometheus | 用于定义prometheus相关configmap | ||
| deployment.yaml | Deployment | prometheus | 用于定义prometheus相关deployment | ||
| service.yaml | Service | prometheus | 用于定义prometheus相关service | ||
| serviceaccount.yaml | ServiceAccount | prometheus | 用于定义prometheus相关serviceaccount | ||
| 9 | telemetry-gateway默认关闭 | gateway.yaml | Gateway | istio-telemetry-gateway | 用于定义prometheus和grafana的gateway,如果prometheusEnabled设置为true,则添加prometheus相关gateway配置,如果grafanaEnabled设置为true,则添加grafana相关gateway配置 |
| DestinationRule | grafana | 定义prometheus相关destinationrule | |||
| DestinationRule | prometheus | 定义grafana相关destinationrule | |||
| VirtualService | telemetry-virtual-service | 用于定义prometheus和grafana的virtualservice,如果prometheusEnabled设置为true,则添加prometheus相关virtualservice配置,如果grafanaEnabled设置为true,则添加grafana相关virtualservice配置 | |||
| 10 | ingress默认关闭legacy ingress support | autoscale.yaml | HorizontalPodAutoscaler | istio-ingress | 用于定义ingress相关horizontalpodautoscaler |
| clusterrole.yaml | ClusterRole | istio-ingress-{{ .Release.Namespace }} | 用于定义ingress相关clusterrole | ||
| clusterrolebinding.yaml | ClusterRoleBinding | istio-ingress-{{ .Release.Namespace }} | 用于定义ingress相关clusterrolebinding | ||
| deployment.yaml | Deployment | istio-ingress | 用于定义ingress相关deployment | ||
| service.yaml | Service | istio-ingress | 用于定义ingress相关service | ||
| serviceaccount.yaml | ServiceAccount | istio-ingress-service-account | 用于定义ingress相关serviceaccount | ||
| 11 | grafana默认关闭 | _helpers.tpl | 无 | 无 | 用于定义grafana chart中一些变量的默认值 |
| configmap.yaml | ConfigMap | istio-grafana-custom-resources | 用于定义grafana相关configmap | ||
| create-custom-resources-job.yaml | ServiceAccount | istio-grafana-post-install-account | 用于定义grafana post install相关serviceaccount | ||
| ClusterRole | istio-grafana-post-install-{{ .Release.Namespace }} | 用于定义grafana post install相关clusterrole | |||
| ClusterRoleBinding | istio-grafana-post-install-role-binding-{{ .Release.Namespace }} | 用于定义grafana post install相关clusterrolebinding | |||
| Job | istio-grafana-post-install | 用于定义grafana post install相关job | |||
| deployment.yaml | Deployment | grafana | 用于定义grafana相关deployment | ||
| grafana-ports-mtls.yaml | Policy | grafana-ports-mtls-disabled | 对grafana访问开启mtls | ||
| pvc.yaml | PersistentVolumeClaim | istio-grafana-pvc | 如果persist设置为true,则为grafana新建pvc和pv | ||
| secret.yaml | Secret | grafana | 如果security.enabled设置为true,则为grafana启用authn | ||
| service.yaml | Service | grafana | 用于定义grafana相关service | ||
| 12 | servicegraph默认关闭 | _helpers.tpl | 无 | 无 | 用于定义servicegraph chart中一些变量的默认值 |
| deployment.yaml | Deployment | servicegraph | 用于定义servicegraph相关deployment | ||
| ingress.yaml | Ingress | servicegraph | 用于定义servicegraph相关ingress | ||
| service.yaml | Service | servicegraph | 用于定义servicegraph相关service | ||
| 13 | tracing默认关闭 | _helpers.tpl | 无 | 无 | 用于定义tracing chart中一些变量的默认值 |
| deployment.yaml | Deployment | istio-tracing | 用于定义jaeger tracing相关deployment | ||
| ingress-jaeger.yaml | Ingress | jaeger-query | 用于定义jaeger tracing相关ingress | ||
| ingress.yaml | Ingress | tracing | 用于定义zipkin tracing相关ingress | ||
| service-jaeger.yaml | Service | jaeger-query | 用于定义jaeger tracing query相关service | ||
| Service | jaeger-collector | 用于定义jaeger tracing collector相关service | |||
| Service | jaeger-agent | 用于定义jaeger tracing agent相关service | |||
| service.yaml | Service | zipkin | 用于定义zipkin tracing相关service | ||
| Service | tracing | 用于定义jaeger tracing相关service | |||
| 14 | kiali默认关闭 | clusterrole.yaml | ClusterRole | kiali | 用于定义kiali相关clusterrole |
| clusterrolebinding.yaml | ClusterRoleBinding | istio-kiali-admin-role-binding-{{ .Release.Namespace }} | 用于定义kiali相关clusterrolebinding | ||
| configmap.yaml | ConfigMap | kiali | 用于定义kiali相关configmap | ||
| deployment.yaml | Deployment | kiali | 用于定义kiali相关deployment | ||
| ingress.yaml | Ingress | kiali | 用于定义kiali相关ingress | ||
| secrets.yaml | Secret | kiali | 用于定义kiali相关secret | ||
| service.yaml | Service | kiali | 用于定义kiali相关service | ||
| serviceaccount.yaml | ServiceAccount | kiali-service-account | 用于定义kiali相关serviceaccount | ||
| 15 | certmanager默认关闭 | _helpers.tpl | 无 | 无 | 用于定义certmanager chart中一些变量的默认值 |
| crds.yaml | CustomResourceDefinition | clusterissuers.certmanager.k8s.io | 用于定义certmanager相关crd | ||
| CustomResourceDefinition | issuers.certmanager.k8s.io | ||||
| CustomResourceDefinition | certificates.certmanager.k8s.io | ||||
| deployment.yaml | Deployment | certmanager | 用于定义certmanager相关deployment | ||
| issuer.yaml | ClusterIssuer | letsencrypt-staging | 用于定义certmanager相关clusterissuer | ||
| ClusterIssuer | letsencrypt | ||||
| rbac.yaml | ClusterRole | certmanager | 用于定义certmanager相关clusterrole | ||
| ClusterRoleBinding | certmanager | 用于定义certmanager相关clusterrolebinding | |||
| certmanager | ServiceAccount | certmanager | 用于定义certmanager相关serviceaccount |
以上所述就是小编给大家介绍的《Istio CRD 汇总与 Helm Chart 配置解析》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Practical Django Projects, Second Edition
James Bennett / Apress / 2009 / 44.99
Build a django content management system, blog, and social networking site with James Bennett as he introduces version 1.1 of the popular Django framework. You’ll work through the development of ea......一起来看看 《Practical Django Projects, Second Edition》 这本书的介绍吧!
