Istio provides an alternative way to control ingress traffic into the cluster. In addition, it allows to finetune the traffic inside the cluster and provides a huge repertoire of load balancing and routing mechanisms.
***note Currently, only the Gerrit replica chart allows using istio out of the box.
An example configuration based on the default profile provided by istio can be
found under ./istio/src/. Some values will have to be adapted to the respective
system. These are marked by comments tagged with TO_BE_CHANGED.
To install istio with this configuration, run:
kubectl apply -f istio/istio-system-namespace.yaml
istioctl install -f istio/gerrit.profile.yamlTo install Gerrit using istio for networking, the namespace running Gerrit has to
be configured to enable sidecar injection, by setting the istio-injection: enabled
label. An example for such a namespace can be found at ./istio/namespace.yaml.
To uninstall istio, run:
istioctl uninstall -f istio/gerrit.profile.yamlIn development setups, it might be wanted to allow access to the setup only from
specified IPs. This can be done by patching the spec.loadBalancerSourceRanges
value of the service used for the IngressGateway. A patch doing that can be
uncommented in istio/gerrit.profile.yaml.