Customize installation
The installation of Service Mesh Manager can be customized through its CRs. This page covers the most frequently used configuration options for Service Mesh Manager.
Configure container images
Service Mesh Manager images
The ControlPlane CR can be configured to set the following container images:
apiVersion: smm.cisco.com/v1alpha1
kind: ControlPlane
metadata:
name: smm
spec:
smm:
als:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-als
tag: v1.11.0
log: {}
application:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm
tag: v1.11.0
log: {}
auth:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-authentication
tag: v1.11.0
mode: impersonation
certManager:
enabled: true
enabled: true
federationGateway:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-federation-gateway
tag: v1.11.0
enabled: true
name: smm
service:
enabled: true
name: smm-federation-gateway
port: 80
federationGatewayOperator:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-federation-gateway-operator
tag: v1.11.0
grafana:
enabled: true
image:
repository: grafana/grafana
tag: 7.5.11
sidecar:
image:
repository: ghcr.io/banzaicloud/k8s-sidecar
tag: v1.11.3-bzc
health:
enabled: true
api:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-health-api
tag: v1.11.0
controller:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-health
tag: v1.11.0
impersonation:
enabled: true
istio:
revision: cp-v115x.istio-system
kubestatemetrics:
enabled: true
image:
repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics
tag: v2.6.0
leo:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-leo
tag: v1.11.0
log: {}
log: {}
namespace: smm-system
prometheus:
enabled: true
replicas: 1
image:
repository: prom/prometheus
tag: v2.39.1
configReloader:
image:
repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: v0.60.1
thanos:
image:
repository: quay.io/thanos/thanos
tag: v0.28.1
prometheusOperator:
image:
repository: quay.io/prometheus-operator/prometheus-operator
tag: v0.60.1
k8sproxy:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/k8s-proxy
tag: v0.0.9
releaseName: smm
role: active
sre:
enabled: true
alertExporter:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-sre-alert-exporter
tag: v1.11.0
api:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-sre-api
tag: v1.11.0
controller:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-sre
tag: v1.11.0
useIstioResources: true
tracing:
enabled: true
jaeger:
image:
repository: jaegertracing/all-in-one
tag: "1.28.0"
web:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-web
tag: v1.11.0
downloads:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-cli
tag: v1.11.0-nginx
vmIntegration:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-vm-integration
tag: v1.11.0
certManager:
enabled: true
namespace: cert-manager
manageNamespace: true
image:
repository: quay.io/jetstack/cert-manager-controller
tag: v1.9.1
cainjector:
image:
repository: quay.io/jetstack/cert-manager-cainjector
tag: v1.9.1
webhook:
image:
repository: quay.io/jetstack/cert-manager-webhook
tag: v1.9.1
clusterName: primary
clusterRegistry:
enabled: true
namespace: cluster-registry
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/cluster-registry-controller
tag: v0.2.4
log: {}
meshManager:
enabled: true
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-mesh-manager
tag: v1.11.0
istio:
istioCRRef:
name: cp-v115x
namespace: istio-system
istioCROverrides: |
spec:
istiod:
deployment:
podDisruptionBudget:
minAvailable: 0
sidecarInjector:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-sidecar-injector
tag: v1.15.3-bzc.0
initCNIConfiguration:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-install-cni
tag: v1.15.3-bzc.0
pilot:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-pilot
tag: v1.15.3-bzc.0
proxy:
image:
repository: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2
tag: v1.15.3-bzc.0
operators:
namespace: smm-system
instances:
- image:
repository: ghcr.io/banzaicloud/istio-operator
tag: v2.15.3
name: v115x
version: 1.15.3
- image:
repository: ghcr.io/banzaicloud/istio-operator
tag: v2.13.5
name: v113x
version: 1.13.5
namespace: smm-system
prometheusMetrics:
authProxy:
image:
repository: quay.io/brancz/kube-rbac-proxy
tag: v0.11.0
nodeExporter:
enabled: true
namespace: smm-system
psp:
enabled: false
rbac:
enabled: true
image:
repository: quay.io/prometheus/node-exporter
tag: v1.2.2
registryAccess:
enabled: true
imagePullSecretsController:
image:
repository: ghcr.io/banzaicloud/imagepullsecrets
tag: v0.3.5
namespace: smm-registry-access
pullSecrets:
- name: smm--033498657557.dkr.ecr.us-east-2.amazonaws.com-pull-secret-c17fa163
namespace: smm-registry-access
- name: smm--626007623524.dkr.ecr.us-east-2.amazonaws.com-pull-secret-72b452b5
namespace: smm-registry-access
role: active
The IstioOperator CR can be configured to set the istio-operator container image:
apiVersion: smm.cisco.com/v1alpha1
kind: IstioOperator
metadata:
name: v115x
spec:
enabled: true
image:
repository: ghcr.io/banzaicloud/istio-operator
tag: v2.15.3
version: 1.15.3
If you installed Service Mesh Manager in operator mode, the changes in these CRs should be reflected automatically on your cluster.
If you don’t have the Service Mesh Manager operator installed, run the following command so that the changes take effect:
smm operator reconcile
Istio images
The IstioControlPlane CR can be configured to set the following Istio container images:
apiVersion: servicemesh.cisco.com/v1alpha1
kind: IstioControlPlane
metadata:
name: cp-v115x
spec:
version: "1.15.3"
mode: ACTIVE
istiod:
deployment:
image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-pilot:v1.15.3-bzc.0
sidecarInjector:
deployment:
image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-sidecar-injector:v1.15.3-bzc.0
proxy:
image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.15.3-bzc.0
proxyInit:
image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.15.3-bzc.0
cni:
daemonset:
image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-install-cni:v1.15.3-bzc.0
These changes should be automatically reflected on your cluster after editing the CR.
List of configurable images
Based on the CRs above, you can configure the following components in Service Mesh Manager:
| Images | Repository | Tag |
|---|---|---|
| smm-als | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-als | v1.11.0 |
| smm | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm | v1.11.0 |
| smm-auth | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-authentication | v1.11.0 |
| smm-grafana | grafana/grafana | 7.5.11 |
| smm-federation-gateway | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-federation-gateway | v1.11.0 |
| smm-federation-gateway-operator | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-federation-gateway-operator | v1.11.0 |
| smm-health | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-health | v1.11.0 |
| smm-health-api | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-health-api | v1.11.0 |
| smm-kubestatemetrics | k8s.gcr.io/kube-state-metrics/kube-state-metrics | v2.6.0 |
| smm-leo | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-leo | v1.11.0 |
| smm-prometheus | prom/prometheus | v2.39.1 |
| smm-prometheus-config-reloader | quay.io/prometheus-operator/prometheus-config-reloader | v0.60.1 |
| smm-thanos | quay.io/thanos/thanos | v0.28.1 |
| smm-prometheus-operator | quay.io/prometheus-operator/prometheus-operator | v0.60.1 |
| smm-k8s-proxy | 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/k8s-proxy | v0.0.9 |
| smm-sre | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-sre | v1.11.0 |
| smm-sre-api | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-sre-api | v1.11.0 |
| smm-sre-alert-exporter | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-sre-alert-exporter | v1.11.0 |
| smm-tracing | jaegertracing/all-in-one | “1.28.0” |
| smm-web | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-web | v1.11.0 |
| smm-vm-integration | 033498657557.dkr.ecr.us-east-2.amazonaws.com/smm-vm-integration | v1.11.0 |
| kube-rbac-proxy | gcr.io/kubebuilder/kube-rbac-proxy | v0.11.0 |
| cert-manager | quay.io/jetstack/cert-manager-controller | v1.9.1 |
| cert-manager-cainjector | quay.io/jetstack/cert-manager-cainjector | v1.9.1 |
| cert-manager-webhook | quay.io/jetstack/cert-manager-webhook | v1.9.1 |
| cluster-registry | 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/cluster-registry-controller | v0.2.4 |
| imagepullsecrets-controller | ghcr.io/banzaicloud/imagepullsecrets | v0.3.5 |
| istio-operator | ghcr.io/banzaicloud/istio-operator | v2.15.3(v115x) |
| istio-sidecarinjector | 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-sidecar-injector | v1.15.x-bzc.0 |
| istio-pilot | 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-pilot | v1.15.x-bzc.0 |
| istio-proxy | 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2 | v1.15.x-bzc.0 |
| istio-init-cni | 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-install-cni | v1.15.x-bzc.0 |
(Updated as of November 11, 2022)
If there is a Service Mesh Manager related image that you’d like to change and that image is not listed here, contact us!
Customize IstioControlPlane CR
You can customize the ControlPlane CR to change the configuration of the IstioControlPlane CR. Set your custom values under the spec.meshManager.istio.istioCROverrides of the ControlPlane CR, and Service Mesh Manager merges them to the IstioControlPlane CR.
For example to enable basic DNS proxying, you can set the ISTIO_META_DNS_CAPTURE field using a similar configuration:
apiVersion: smm.cisco.com/v1alpha1
kind: ControlPlane
metadata:
name: smm
spec:
...
meshmanager:
istio:
...
istioCROverrides: |
spec:
meshConfig:
defaultConfig:
proxyMetadata:
# Enable basic DNS proxying
ISTIO_META_DNS_CAPTURE: "true"
# Enable automatic address allocation, optional
ISTIO_META_DNS_AUTO_ALLOCATE: "true"
Customize Istio namespace
Istio is installed to the istio-system namespace by default. To configure this namespace during installation, use one of these methods:
-
Use the
--istio-namespaceCLI flag. For example:smm install -a --istio-namespace custom-istio-namespace -
Create a YAML file that contains the
istioCRRef.namespacefield (see the following example), then use the--additional-cp-settingsCLI flag.spec: meshManager: enabled: true istio: enabled: true istioCRRef: name: cp-test namespace: custom-istio-namespaceAn example of the command:
smm install -a --additional-cp-settings /path/to/file.yaml
Note: The
--istio-namespaceCLI flag has the highest priority. If you specify both flags at the same time, the value from the--istio-namespaceflag is used.