Setting up Istio with Terraform, not using Helm

Question

So for background, I am trying to deploy a containerized webapp inside a kubernetes cluster, which is secured and monitored by istio ft kiali. As I do not want to configure everything by hand I am using Terraform to deploy and update any configurations inside the cluster (like deploying services and pods).

They benefit is that Terraform automatically configures the services needed to expose the apps which safes a lot of hassle, especially because this is a pilot project for a larger deployment of that sort.

The problem now is that Terraform does not include Istio as a provider. There is a way to install and configure it by writing the config inside Terraform, which uses Helm, which configures Istio, but Helm is using the Helm Tiller, a permission-elevated pod which executes given tasks. I do not want a permission-elevated pod inside my cluster due to large scale security concerns.

The question now is: Has someone tried or managed to successfully configure the Istio Services like a VirtualService to expose the webapp through the istio-ingressgateway with a Terraform config file? I googled it but there is little to be seen for the combination of those two.

Answer 1

Terraform now has an official Helm provider https://registry.terraform.io/providers/hashicorp/helm/latest/docs

You can use that provider and install Istio with helm https://istio.io/latest/docs/setup/install/helm/

You can use Kubernetes provider to configure Istio objects.
Refer https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs and https://www.hashicorp.com/blog/deploy-any-resource-with-the-new-kubernetes-provider-for-hashicorp-terraform

PS: Doing it via Pulumi might be easier checkout https://www.pulumi.com/docs/get-started/kubernetes/