public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-21 20:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update tables, add urls

Browse Source
This commit is contained in:
Brenda Rearden
2020-10-05 14:32:24 -07:00
committed by Catherine Luse
parent f590be9610
commit 1f53aa1338
6 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/istio/_index.md
+5 -5
View File
@@ -34,7 +34,7 @@ The overall architecture of Istio has been simplified. A single component, Istio
Addons that were previously installed by Istio (cert-manager, Grafana, Jaeger, Kiali, Prometheus, Zipkin) will now need to be installed separately. Istio will support installation of integrations that are from the Istio Project and will maintain compatibility with those that are not.
A Prometheus integration will still be available through an installation of [Rancher Monitoring,](../../monitoring-alerting) or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box.
A Prometheus integration will still be available through an installation of [Rancher Monitoring]({{<baseurl>}}/rancher/v2.x/en/monitoring-alerting/), or by installing your own Prometheus operator. Rancher's Istio chart will also install Kiali by default to ensure you can get a full picture of your microservices out of the box.
Istio has migrated away from Helm as a way to install Istio and now provides installation through the istioctl binary or Istio Operator. To ensure the easiest interaction with Istio, Rancher's Istio will maintain a Helm chart that utilizes the istioctl binary to manage your Istio installation.
@@ -50,7 +50,7 @@ Refer to the [setup guide]({{<baseurl>}}/rancher/v2.x/en/cluster-admin/tools/ist
# Remove Istio
To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.]({{<baseurl>}}/rancher/v2.x/en/cluster-admin/tools/istio/disabling-istio)
To remove Istio components from a cluster, namespace, or workload, refer to the section on [uninstalling Istio.]({{<baseurl>}}/rancher/v2.x/en/istio/disabling-istio/)
# Migrate From Previous Istio Version
@@ -66,7 +66,7 @@ To access the Grafana and Prometheus visualizations, from the **Cluster Explorer
To access the Kiali visualization, from the **Cluster Explorer** navigate to the **Istio** app overview page, and click on **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics.
By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](URLNEEDED) if you would like to use a different configuration for prometheus data scraping.
By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup]({{<baseurl>}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs) if you would like to use a different configuration for prometheus data scraping.
Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml.
@@ -86,8 +86,8 @@ By default, each Rancher-provisioned cluster has one NGINX ingress controller al
![In an Istio-enabled cluster, you can have two ingresses: the default Nginx ingress, and the default Istio controller.]({{<baseurl>}}/img/rancher/istio-ingress.svg)
Additional Istio Ingress gateways can be enabled via the [overlay file](URLNEEDED).
Additional Istio Ingress gateways can be enabled via the [overlay file]({{<baseurl>}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file).
### Egress Support
By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file](URLNEEDED)
By default the Egress gateway is disabled, but can be enabled on install or upgrade through the values.yaml or via the [overlay file]({{<baseurl>}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file).
content/rancher/v2.x/en/istio/rbac/_index.md
+13 -13
View File
@@ -9,7 +9,7 @@ This section describes the permissions required to access Istio features.
The rancher istio chart installs three `ClusterRoles`
# Cluster-Admin Access
## Cluster-Admin Access
By default, only those with the `cluster-admin` `ClusterRole` can:
@@ -26,21 +26,21 @@ By default, only Admin and Edit roles can:
- View the traffic metrics and traffic graph for the cluster
- Configure Istio's resources (such as the gateway, destination rules, or virtual services)
# Summary of Default Permissions for Kubernetes Default roles
## Summary of Default Permissions for Kubernetes Default roles
Istio creates three `ClusterRoles` and adds Istio CRD access to the following default K8s `ClusterRole`:
| ClusterRole create by chart | Default K8s ClusterRole | Rancher Role |
| ------------------------------| ---------------------------|---------|
| `istio-admin` | admin| Project Owner, Project Member |
| `istio-edit`| edit | Project Owner, Project Member |
| `istio-view` | view | Read-only |
ClusterRole create by chart | Default K8s ClusterRole | Rancher Role |
------------------------------:| ---------------------------:|---------:|
`istio-admin` | admin| Project Owner, Project Member |
`istio-edit`| edit | Project Owner, Project Member |
`istio-view` | view | Read-only |
Rancher will continue to use cluster-owner, cluster-member, project-owner, project-member, etc as role names, but will utilize default roles to determine access. For each default K8s `ClusterRole` there are different Istio CRD permissions and K8s actions (Create (C), Get (G), List (L), Update (U), Patch (P), Delete(D), All (*)) that can be performed.
Rancher will continue to use cluster-owner, cluster-member, project-owner, project-member, etc as role names, but will utilize default roles to determine access. For each default K8s `ClusterRole` there are different Istio CRD permissions and K8s actions (Create ( C ), Get ( G ), List ( L ), Update ( U ), Patch ( P ), Delete( D ), All ( * )) that can be performed.
|CRDs | Admin | Edit | View |
|----------------------------| ------| -----| -----|
| <ul><li>`config.istio.io`</li><ul><li>`adapters`</li><li>`attributemanifests`<li>`handlers`</li><li>`httpapispecbindings`</li><li>`httpapispecs`</li><li>`instances`</li><li>`quotaspecbindings`</li><li>`quotaspecs`</li><li>`rules`</lli><li>`templates`</li></ul></ul>| GLW | GLW | GLW|
|<ul><li>`networking.istio.io`</li><ul><li>`destinationrules`</li><li>`envoyfilters`<li>`gateways`</li><li>`serviceentries`</li><li>`sidecars`</li><li>`virtualservices`</li><li>`workloadentries`</li></ul></ul>| * | * | GLW |
|<ul><li>`security.istio.io`</li><ul><li>`authorizationpolicies`</li><li>`peerauthentications`<li>`requestauthentications`</li></ul></ul>| * | * | GLW |
|CRDs | Admin | Edit | View
|----------------------------| ------| -----| -----
| <ul><li>`config.istio.io`</li><ul><li>`adapters`</li><li>`attributemanifests`<li>`handlers`</li><li>`httpapispecbindings`</li><li>`httpapispecs`</li><li>`instances`</li><li>`quotaspecbindings`</li><li>`quotaspecs`</li><li>`rules`</lli><li>`templates`</li></ul></ul>| GLW | GLW | GLW
|<ul><li>`networking.istio.io`</li><ul><li>`destinationrules`</li><li>`envoyfilters`<li>`gateways`</li><li>`serviceentries`</li><li>`sidecars`</li><li>`virtualservices`</li><li>`workloadentries`</li></ul></ul>| * | * | GLW
|<ul><li>`security.istio.io`</li><ul><li>`authorizationpolicies`</li><li>`peerauthentications`<li>`requestauthentications`</li></ul></ul>| * | * | GLW
content/rancher/v2.x/en/istio/resources/_index.md
+3 -3
View File
@@ -6,7 +6,7 @@ aliases:
- /rancher/v2.x/en/project-admin/istio/config/
- /rancher/v2.x/en/cluster-admin/tools/istio/resources
---
_This section applies to Istio in Rancher v2.5.0. If you are using Rancher v2.4.x, refer to [this section.](../../legacy/resources)_
_This section applies to Istio in Rancher v2.5.0. If you are using Rancher v2.4.x, refer to [this section.]({{<baseurl>}}/rancher/v2.x/en/cluster-admin/tools/istio/)_
This section describes the minimum recommended computing resources for the Istio components in a cluster.
@@ -36,12 +36,12 @@ You can individually configure the resource allocation for each type of Istio co
To make it easier to schedule the workloads to a node, a cluster-admin can reduce the CPU and memory resource requests for the component. However, the default CPU and memory allocations are the minimum that we recommend.
You can find more information about Istio configuration in the [official Istio documentation](https://istio.io/docs/concepts/what-is-istio).
You can find more information about Istio configuration in the [official Istio documentation](https://istio.io/).
To configure the resources allocated to an Istio component,
1. In the Rancher **Cluster Explorer**, navigate to your Istio installation in **Apps & Marketplace**
1. Click **Upgrade** to edit the base components via changes the values.yaml or add an [overlay file](URLNEEDED).
1. Click **Upgrade** to edit the base components via changes the values.yaml or add an [overlay file]({{<baseurl>}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file).
1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations.
1. Click **Upgrade.** to rollout changes
content/rancher/v2.x/en/istio/setup/deploy-workloads/_index.md
+1
View File
@@ -34,6 +34,7 @@ To add a **Service** to your namespace
1. Click **Create**
You can also create deployments and services using the kubectl **shell**
1. Run `kubectl create -f <name of service/deployment file>.yaml` if your file is stored locally in the cluster
1. Or run `cat<< EOF | kubectl apply -f -`, paste the file contents into the terminal, then run `EOF` to complete the command.
content/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/_index.md
+2 -2
View File
@@ -9,7 +9,6 @@ Only a user with the following [Kubernetes default roles](https://kubernetes.io/
- `cluster-admin`
> If the cluster has a Pod Security Policy enabled there are [prerequisites steps.]({{<baseurl>}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/enable-istio-in-cluster/enable-istio-with-psp/)
1. From the **Cluster Explorer**, navigate to available **Charts** in **Apps & Marketplace**
1. Select the Istio chart from the rancher provided charts
@@ -114,7 +113,8 @@ spec:
This enables monitoring accross namespaces by giving prometheus additional scrape configurations.
>Usability tradeoff is that all of prometheus' additionalScrapeConfigs are maintained in a single Secret. This could make upgrading difficult if monitoring is already deployed with additionalScrapeConfigs prior to installing Istio.
>Usability tradeoff is that all of prometheus' `additionalScrapeConfigs` are maintained in a single Secret. This could make upgrading difficult if monitoring is already deployed with additionalScrapeConfigs prior to installing Istio.
1. If starting a new install, **Click** the **rancher-monitoring** chart, then in **Chart Options** click **Edit as Yaml**.
1. If updating an existing installation, click on **Upgrade**, then in **Chart Options** click **Edit as Yaml**.
1. If updating an existing installation, click on **Upgrade** and then **Preview Yaml**.
content/rancher/v2.x/en/istio/setup/view-traffic/_index.md
+1 -2
View File
@@ -11,11 +11,10 @@ This section describes how to view the traffic that is being managed by Istio.
The Istio overpage provides a link to the Kiali dashboard. From the Kiali dashboard, you are able to view graphs for each namespace. The Kiali graph provides a powerful way to visualize the topology of your Istio service mesh. It shows you which services communicate with each other.
>**Prerequisite:** To enable traffic to show up in the graph, ensure you have enabled one of the [Selectors & Scrape Configs](NEEDSURL) options. If you do not have this configured, you will not see information on the graph.
>**Prerequisite:** To enable traffic to show up in the graph, ensure you have enabled one of the [Selectors & Scrape Configs]({{<baseurl>}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs)options. If you do not have this configured, you will not see information on the graph.
To see the traffic graph,
1. From the **Cluster Explorer**, select **Istio** from the nav dropdown.
1. Click the **Kiali** link on the Istio **Overview** page.
1. Click on **Graph** in the side nav.