update yamls

Shriram Rajagopalan · Shriram Rajagopalan · commit bb7ffb1ea418 · 2017-09-13T10:20:18.000-04:00
diff --git a/install/kubernetes/istio-auth.yaml b/install/kubernetes/istio-auth.yaml
@@ -554,21 +554,62 @@ data:
   mesh: |-
     # Uncomment the following line to enable mutual TLS between proxies
     authPolicy: MUTUAL_TLS
+    #
+    # Set the following variable to true to disable policy checks by the Mixer.
+    # Note that metrics will still be reported to the Mixer.
+    disablePolicyChecks: false
+    # Set enableTracing to false to disable request tracing.
+    enableTracing: true
+    #
+    # To disable the mixer completely (including metrics), comment out
+    # the following line
+    mixerAddress: istio-mixer.istio-system:9091
+    #
     ingressService: istio-ingress.istio-system
     egressProxyAddress: istio-egress.istio-system:80
-    mixerAddress: istio-mixer.istio-system:9091
+    #
+    # Along with discoveryRefreshDelay, this setting determines how
+    # frequently should Envoy fetch and update its internal configuration
+    # from Istio Pilot. Lower refresh delay results in higher CPU
+    # utilization and potential performance loss in exchange for faster
+    # convergence. Tweak this value according to your setup.
+    rdsRefreshDelay: 30s
+    #
     defaultConfig:
-          configPath:             "/etc/istio/proxy"
-          binaryPath:             "/usr/local/bin/envoy"
-          serviceCluster:         istio-proxy
-          drainDuration:          2s
-          parentShutdownDuration: 3s
-          discoveryAddress:       istio-pilot.istio-system:8080
-          discoveryRefreshDelay:  1s
-          connectTimeout:         1s
-          proxyAdminPort:         15000
-          zipkinAddress:          zipkin.istio-system:9411
-          statsdUdpAddress: istio-mixer.istio-system:9125
+      # See rdsRefreshDelay for explanation about this setting.
+      discoveryRefreshDelay: 30s
+      #
+      # TCP connection timeout between Envoy & the application, and between Envoys.
+      connectTimeout: 10s
+      #
+      ### ADVANCED SETTINGS #############
+      # Where should envoy's configuration be stored in the istio-proxy container
+      configPath: "/etc/istio/proxy"
+      binaryPath: "/usr/local/bin/envoy"
+      # The pseudo service name used for Envoy.
+      serviceCluster: istio-proxy
+      # These settings that determine how long an old Envoy
+      # process should be kept alive after an occasional reload.
+      drainDuration: 45s
+      parentShutdownDuration: 1m0s
+      #
+      # Port where Envoy listens (on local host) for admin commands
+      # You can exec into the istio-proxy container in a pod and
+      # curl the admin port (curl http://localhost:15000/) to obtain
+      # diagnostic information from Envoy. See
+      # https://lyft.github.io/envoy/docs/operations/admin.html
+      # for more details
+      proxyAdminPort: 15000
+      #
+      # Address where Istio Pilot service is running
+      discoveryAddress: istio-pilot.istio-system:8080
+      #
+      # Zipkin trace collector
+      zipkinAddress: zipkin.istio-system:9411
+      #
+      # Statsd metrics collector. Istio mixer exposes a UDP endpoint
+      # to collect and convert statsd metrics into Prometheus metrics.
+      statsdUdpAddress: istio-mixer.istio-system:9125
 ---
 apiVersion: v1
 kind: Service
diff --git a/install/kubernetes/istio-cluster-wide.yaml b/install/kubernetes/istio-cluster-wide.yaml
@@ -554,21 +554,62 @@ data:
   mesh: |-
     # Uncomment the following line to enable mutual TLS between proxies
     authPolicy: MUTUAL_TLS
+    #
+    # Set the following variable to true to disable policy checks by the Mixer.
+    # Note that metrics will still be reported to the Mixer.
+    disablePolicyChecks: false
+    # Set enableTracing to false to disable request tracing.
+    enableTracing: true
+    #
+    # To disable the mixer completely (including metrics), comment out
+    # the following line
+    mixerAddress: istio-mixer.istio-system:9091
+    #
     ingressService: istio-ingress.istio-system
     egressProxyAddress: istio-egress.istio-system:80
-    mixerAddress: istio-mixer.istio-system:9091
+    #
+    # Along with discoveryRefreshDelay, this setting determines how
+    # frequently should Envoy fetch and update its internal configuration
+    # from Istio Pilot. Lower refresh delay results in higher CPU
+    # utilization and potential performance loss in exchange for faster
+    # convergence. Tweak this value according to your setup.
+    rdsRefreshDelay: 30s
+    #
     defaultConfig:
-          configPath:             "/etc/istio/proxy"
-          binaryPath:             "/usr/local/bin/envoy"
-          serviceCluster:         istio-proxy
-          drainDuration:          2s
-          parentShutdownDuration: 3s
-          discoveryAddress:       istio-pilot.istio-system:8080
-          discoveryRefreshDelay:  1s
-          connectTimeout:         1s
-          proxyAdminPort:         15000
-          zipkinAddress:          zipkin.istio-system:9411
-          statsdUdpAddress: istio-mixer.istio-system:9125
+      # See rdsRefreshDelay for explanation about this setting.
+      discoveryRefreshDelay: 30s
+      #
+      # TCP connection timeout between Envoy & the application, and between Envoys.
+      connectTimeout: 10s
+      #
+      ### ADVANCED SETTINGS #############
+      # Where should envoy's configuration be stored in the istio-proxy container
+      configPath: "/etc/istio/proxy"
+      binaryPath: "/usr/local/bin/envoy"
+      # The pseudo service name used for Envoy.
+      serviceCluster: istio-proxy
+      # These settings that determine how long an old Envoy
+      # process should be kept alive after an occasional reload.
+      drainDuration: 45s
+      parentShutdownDuration: 1m0s
+      #
+      # Port where Envoy listens (on local host) for admin commands
+      # You can exec into the istio-proxy container in a pod and
+      # curl the admin port (curl http://localhost:15000/) to obtain
+      # diagnostic information from Envoy. See
+      # https://lyft.github.io/envoy/docs/operations/admin.html
+      # for more details
+      proxyAdminPort: 15000
+      #
+      # Address where Istio Pilot service is running
+      discoveryAddress: istio-pilot.istio-system:8080
+      #
+      # Zipkin trace collector
+      zipkinAddress: zipkin.istio-system:9411
+      #
+      # Statsd metrics collector. Istio mixer exposes a UDP endpoint
+      # to collect and convert statsd metrics into Prometheus metrics.
+      statsdUdpAddress: istio-mixer.istio-system:9125
 ---
 apiVersion: v1
 kind: Service
diff --git a/install/kubernetes/istio.yaml b/install/kubernetes/istio.yaml
@@ -554,21 +554,62 @@ data:
   mesh: |-
     # Uncomment the following line to enable mutual TLS between proxies
     # authPolicy: MUTUAL_TLS
+    #
+    # Set the following variable to true to disable policy checks by the Mixer.
+    # Note that metrics will still be reported to the Mixer.
+    disablePolicyChecks: false
+    # Set enableTracing to false to disable request tracing.
+    enableTracing: true
+    #
+    # To disable the mixer completely (including metrics), comment out
+    # the following line
+    mixerAddress: istio-mixer.istio-system:9091
+    #
     ingressService: istio-ingress.istio-system
     egressProxyAddress: istio-egress.istio-system:80
-    mixerAddress: istio-mixer.istio-system:9091
+    #
+    # Along with discoveryRefreshDelay, this setting determines how
+    # frequently should Envoy fetch and update its internal configuration
+    # from Istio Pilot. Lower refresh delay results in higher CPU
+    # utilization and potential performance loss in exchange for faster
+    # convergence. Tweak this value according to your setup.
+    rdsRefreshDelay: 30s
+    #
     defaultConfig:
-          configPath:             "/etc/istio/proxy"
-          binaryPath:             "/usr/local/bin/envoy"
-          serviceCluster:         istio-proxy
-          drainDuration:          2s
-          parentShutdownDuration: 3s
-          discoveryAddress:       istio-pilot.istio-system:8080
-          discoveryRefreshDelay:  1s
-          connectTimeout:         1s
-          proxyAdminPort:         15000
-          zipkinAddress:          zipkin.istio-system:9411
-          statsdUdpAddress: istio-mixer.istio-system:9125
+      # See rdsRefreshDelay for explanation about this setting.
+      discoveryRefreshDelay: 30s
+      #
+      # TCP connection timeout between Envoy & the application, and between Envoys.
+      connectTimeout: 10s
+      #
+      ### ADVANCED SETTINGS #############
+      # Where should envoy's configuration be stored in the istio-proxy container
+      configPath: "/etc/istio/proxy"
+      binaryPath: "/usr/local/bin/envoy"
+      # The pseudo service name used for Envoy.
+      serviceCluster: istio-proxy
+      # These settings that determine how long an old Envoy
+      # process should be kept alive after an occasional reload.
+      drainDuration: 45s
+      parentShutdownDuration: 1m0s
+      #
+      # Port where Envoy listens (on local host) for admin commands
+      # You can exec into the istio-proxy container in a pod and
+      # curl the admin port (curl http://localhost:15000/) to obtain
+      # diagnostic information from Envoy. See
+      # https://lyft.github.io/envoy/docs/operations/admin.html
+      # for more details
+      proxyAdminPort: 15000
+      #
+      # Address where Istio Pilot service is running
+      discoveryAddress: istio-pilot.istio-system:8080
+      #
+      # Zipkin trace collector
+      zipkinAddress: zipkin.istio-system:9411
+      #
+      # Statsd metrics collector. Istio mixer exposes a UDP endpoint
+      # to collect and convert statsd metrics into Prometheus metrics.
+      statsdUdpAddress: istio-mixer.istio-system:9125
 ---
 apiVersion: v1
 kind: Service
