Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Install Istio on EKS cluster using Terraform and Helm

I'm new to Terraform and Helm world! I need to set up Istio on the AWS EKS cluster. I'm trying to install Istio on top of EKS cluster using Terraform and Helm as a provider: Below is the terraform code for the same:

resource "kubernetes_namespace" "istio-system" {
  metadata {
    annotations = {
      name = "istio-namespace"
    }

    labels = {
      mylabel = "label-value"
    }

    name = "istio-namespace"
  }
}

resource "helm_release" "istio_base" {
  name       = "istio-base"
  chart      = "./manifests/charts/base"
  namespace  = "istio-system"
}

resource "helm_release" "istiod" {
  name       = "istiod"
  chart      = "./manifests/charts/istio-control/istio-discovery"
  namespace  = "istio-system"
}

resource "helm_release" "istio-ingress" {
  name       = "istio-ingress"
  chart      = "./manifests/charts/gateways/istio-ingress"
  namespace  = "istio-system"
}

resource "helm_release" "istio-egress" {
  name       = "istio-ingress"
  chart      = "./manifests/charts/gateways/istio-egress"
  namespace  = "istio-system"
}


Can someone help me to answer my few queries:

  1. Do I need a service account for Istio and helm both to install Istio on the EKS cluster?

  2. Do I need to create a specific IAM role to install Istio on the EKS cluster?

  3. What are some security checks I need to take care of to install Istio on the EKS cluster?

  4. Let's say in the future I need to change some default value provided by helm chart How can I change those values? Let's say changing memory from 3072Mi to 4000Mi

  5. How can I enable mTLS using helm chart in Istio?

  6. Installing add-on for example Kiali using helm chart?

like image 762
Sweta Sharma Avatar asked Apr 12 '21 11:04

Sweta Sharma


People also ask

What is terraform EKS?

AWS's Elastic Kubernetes Service (EKS) is a managed service that lets you deploy, manage, and scale containerized applications on Kubernetes. In this tutorial, you will deploy an EKS cluster using Terraform. Then, you will configure kubectl using Terraform output and verify that your cluster is ready to use.

What is Istio operator?

Istio operator consists of an application deployed to the Kubernetes cluster and a custom resource called IstioOperator that describes the desired state of your Istio installation. The operator uses the IstioOperator resource to manage and maintain your Istio service mesh installation.

Can I set up Istio on the AWS EKS cluster using terraform?

I need to set up Istio on the AWS EKS cluster. I was able to set up the EKS cluster using Terraform. I'm thinking of installing ISTIO on top of the EKS cluster using Terraform by writing terraform modules. However, I found that we can set up Istio on top of eks using the helm chart.

How to upgrade Istio with Helm?

Easy to upgrade istio using the kubectl provider As long as helm is in alpha, this might be the best approach. terraform + helm with terraform helm provider Istio provides some charts for the different componentes, when downloading istioctl. Those can be used for installing it with helm.

Is it possible to use Istio with terraform?

Installing istio with terraform works but seams to be a bit dirty at the moment. Once the helm setup is stable, I guess this would be the best approach. And with the helm provider it can be composed with terraform creation of other resources.

What is Istio in Kubernetes?

Istio is an important addition to Kubernetes cluster to help you in connecting all your services together and securing the communication between them. What will we do? Install terraform. Create a Digital Ocean Kubernetes Cluster using terraform. Install helm and download the istio helm charts.


1 Answers

yes, you have to create the IAM role also if you want to create it for workers you can also create the IAM for the same.

resource "aws_iam_role" "eksproject-cluster" {
  name = "terraform-eks-eksproject-cluster"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}

https://github.com/prabhatpankaj/eks-terraform-istio

but if you are an admin of EKS it's not required to create the IAM you can directly setup the istio

helm template istio-1.1.4/install/kubernetes/helm/istio --name istio --namespace istio-system  --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true --set kiali.dashboard.secretName=kiali --set kiali.dashboard.usernameKey=username --set kiali.dashboard.passphraseKey=passphrase | kubectl apply -f -

Let's say in the future I need to change some default value provided by helm chart How can I change those values? Let's say changing memory from 3072Mi to 4000Mi

you can use the helm for the same

update the value into values.yaml and run command

helm upragde istio -f values.yaml

How can I enable mTLS using helm chart in Istio?

for mTLS between services or at the namespace level, you might have to configure the other YAMLs or you edit the chart apply those new YAML as part of helm.

spec:
  mtls:
    mode: STRICT

Installing add-on for example Kali using helm chart?

it's already part of helm

helm template istio-1.1.4/install/kubernetes/helm/istio --name istio --namespace istio-system  --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true --set kiali.dashboard.secretName=kiali --set kiali.dashboard.usernameKey=username --set kiali.dashboard.passphraseKey=passphrase | kubectl apply -f -

--set kiali.enabled=true overriding the default value in command.

like image 87
Harsh Manvar Avatar answered Oct 16 '22 13:10

Harsh Manvar