Setting up Istio with Terraform, not using Helm

Question

So for background, I am trying to deploy a containerized webapp inside a kubernetes cluster, which is secured and monitored by istio ft kiali. As I do not want to configure everything by hand I am using Terraform to deploy and update any configurations inside the cluster (like deploying services and pods).

They benefit is that Terraform automatically configures the services needed to expose the apps which safes a lot of hassle, especially because this is a pilot project for a larger deployment of that sort.

The problem now is that Terraform does not include Istio as a provider. There is a way to install and configure it by writing the config inside Terraform, which uses Helm, which configures Istio, but Helm is using the Helm Tiller, a permission-elevated pod which executes given tasks. I do not want a permission-elevated pod inside my cluster due to large scale security concerns.

The question now is: Has someone tried or managed to successfully configure the Istio Services like a VirtualService to expose the webapp through the istio-ingressgateway with a Terraform config file? I googled it but there is little to be seen for the combination of those two.

Helm 3 no longer uses Tiller and Terraform's Helm provider now supports Helm 3 as of v1.0.0. Does that solve your problems in a different way? — ydaetskcoR, Mar 04 '20 at 11:09
boils down to configure CRD's via terraform https://github.com/terraform-providers/terraform-provider-kubernetes/issues/183 — Tummala Dhanvi, Mar 04 '20 at 19:17
https://github.com/terraform-providers/terraform-provider-kubernetes/issues/183#issuecomment-592592892 — Tummala Dhanvi, Mar 04 '20 at 19:18
Hi Guys, Did you find any solution for it? I need to set up ISTIO using Terraform, not Helm. Could you please help! Thank you for your time! @TummalaDhanvi — Sweta Sharma, Mar 30 '21 at 02:29

score 4 · Accepted Answer · answered Mar 31 '21 at 06:29

4

Terraform now has an official Helm provider https://registry.terraform.io/providers/hashicorp/helm/latest/docs

You can use that provider and install Istio with helm https://istio.io/latest/docs/setup/install/helm/

You can use Kubernetes provider to configure Istio objects.
Refer https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs and https://www.hashicorp.com/blog/deploy-any-resource-with-the-new-kubernetes-provider-for-hashicorp-terraform

PS: Doing it via Pulumi might be easier checkout https://www.pulumi.com/docs/get-started/kubernetes/

answered Mar 31 '21 at 06:29

Tummala Dhanvi

3,007
2
19
35

Thanks Tummala for sharing the details! I'm curious to know whether the Helm provider which Terraform has is production ready? What are the pros and cons of it? – Sweta Sharma Mar 31 '21 at 07:41
@SwetaSharma helm provider for Terraform is an official one from Hashicorp. It has 12.9M installs(other people are using it) and is last published 15hours ago (well maintained) and the version is 2.1.0 (beyond 1.0 is typically considered stable). You can go ahead and use it if you have a strict requirement of using Terraform. But I wouldn't suggest using terraform for installing Istio, Terraform is better suited for provisioning infrastructure, and installing Istio on Kubernetes cluster looks like more of configuration management. I would suggest installing it just via helm. – Tummala Dhanvi Apr 02 '21 at 07:34
Thank you so much for sharing the knowledge. Is there any example which I can refer to install Istio on the Kubernetes cluster using helm? – Sweta Sharma Apr 03 '21 at 11:32
https://istio.io/latest/docs/setup/install/helm/ should help you out – Tummala Dhanvi Apr 05 '21 at 17:09
I'm curious to know How can I integrate the Installation of Istio using helm with EKS cluster on AWS. Could you please help thanks – Sweta Sharma Apr 11 '21 at 09:45
1

This workshop by AWS will help you out https://www.eksworkshop.com/advanced/310_servicemesh_with_istio/ – Tummala Dhanvi Apr 11 '21 at 12:13

Setting up Istio with Terraform, not using Helm

1 Answers1