Menu
I'm new to Terraform and Helm world! I need to set up Istio on the AWS EKS cluster. I'm trying to install Istio on top of EKS cluster using Terraform and Helm as a provider: Below is the terraform code for the same:
resource "kubernetes_namespace" "istio-system" {
metadata {
annotations = {
name = "istio-namespace"
}
labels = {
mylabel = "label-value"
}
name = "istio-namespace"
}
}
resource "helm_release" "istio_base" {
name = "istio-base"
chart = "./manifests/charts/base"
namespace = "istio-system"
}
resource "helm_release" "istiod" {
name = "istiod"
chart = "./manifests/charts/istio-control/istio-discovery"
namespace = "istio-system"
}
resource "helm_release" "istio-ingress" {
name = "istio-ingress"
chart = "./manifests/charts/gateways/istio-ingress"
namespace = "istio-system"
}
resource "helm_release" "istio-egress" {
name = "istio-ingress"
chart = "./manifests/charts/gateways/istio-egress"
namespace = "istio-system"
}
Can someone help me to answer my few queries:
Do I need a service account for Istio and helm both to install Istio on the EKS cluster?
Do I need to create a specific IAM role to install Istio on the EKS cluster?
What are some security checks I need to take care of to install Istio on the EKS cluster?
Let's say in the future I need to change some default value provided by helm chart How can I change those values? Let's say changing memory from 3072Mi to 4000Mi
How can I enable mTLS using helm chart in Istio?
Installing add-on for example Kiali using helm chart?
762
AWS's Elastic Kubernetes Service (EKS) is a managed service that lets you deploy, manage, and scale containerized applications on Kubernetes. In this tutorial, you will deploy an EKS cluster using Terraform. Then, you will configure kubectl using Terraform output and verify that your cluster is ready to use.
Istio operator consists of an application deployed to the Kubernetes cluster and a custom resource called IstioOperator that describes the desired state of your Istio installation. The operator uses the IstioOperator resource to manage and maintain your Istio service mesh installation.
I need to set up Istio on the AWS EKS cluster. I was able to set up the EKS cluster using Terraform. I'm thinking of installing ISTIO on top of the EKS cluster using Terraform by writing terraform modules. However, I found that we can set up Istio on top of eks using the helm chart.
Easy to upgrade istio using the kubectl provider As long as helm is in alpha, this might be the best approach. terraform + helm with terraform helm provider Istio provides some charts for the different componentes, when downloading istioctl. Those can be used for installing it with helm.
Installing istio with terraform works but seams to be a bit dirty at the moment. Once the helm setup is stable, I guess this would be the best approach. And with the helm provider it can be composed with terraform creation of other resources.
Istio is an important addition to Kubernetes cluster to help you in connecting all your services together and securing the communication between them. What will we do? Install terraform. Create a Digital Ocean Kubernetes Cluster using terraform. Install helm and download the istio helm charts.
yes, you have to create the IAM role also if you want to create it for workers you can also create the IAM for the same.
resource "aws_iam_role" "eksproject-cluster" {
name = "terraform-eks-eksproject-cluster"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
POLICY
}
https://github.com/prabhatpankaj/eks-terraform-istio
but if you are an admin of EKS it's not required to create the IAM you can directly setup the istio
helm template istio-1.1.4/install/kubernetes/helm/istio --name istio --namespace istio-system --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true --set kiali.dashboard.secretName=kiali --set kiali.dashboard.usernameKey=username --set kiali.dashboard.passphraseKey=passphrase | kubectl apply -f -
Let's say in the future I need to change some default value provided by helm chart How can I change those values? Let's say changing memory from 3072Mi to 4000Mi
you can use the helm for the same
update the value into values.yaml and run command
helm upragde istio -f values.yaml
How can I enable mTLS using helm chart in Istio?
for mTLS between services or at the namespace level, you might have to configure the other YAMLs or you edit the chart apply those new YAML as part of helm.
spec:
mtls:
mode: STRICT
Installing add-on for example Kali using helm chart?
it's already part of helm
helm template istio-1.1.4/install/kubernetes/helm/istio --name istio --namespace istio-system --set grafana.enabled=true --set tracing.enabled=true --set kiali.enabled=true --set kiali.dashboard.secretName=kiali --set kiali.dashboard.usernameKey=username --set kiali.dashboard.passphraseKey=passphrase | kubectl apply -f -
--set kiali.enabled=true overriding the default value in command.
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
