Default Istio setup in Kyma
Istio in Kyma is installed with the help of the
istioctl tool. The tool is driven by a configuration file containing an instance of the IstioOperator custom resource.
This list shows the available Istio components and addons. Check which of those are enabled in Kyma:
- Istiod (Pilot)
- Ingress Gateway
- Grafana - installed as separate component - monitoring
- Prometheus - installed as separate component - monitoring
These configuration changes are applied to customize Istio for use with Kyma:
- Both Istio control plane and data plane use distroless images. To learn more, read about Harden Docker Container Images.
- Automatic sidecar injection is disabled by default. See how to enable sidecar proxy injection.
- Resource requests and limits for Istio sidecars are modified to best suit the needs of the evaluation and production profiles.
- Mutual TLS (mTLS) is enabled cluster-wide in a STRICT mode.
- Ingress Gateway is expanded to handle ports
31400for local Kyma deployments.
- The use of HTTP 1.0 is enabled in the outbound HTTP listeners by
PILOT_HTTP10flag set in Istiod component environment variables.
- IstioOperator configuration file is modified. Change Kyma settings to customize the configuration.