How to install ISTIO on AKS for production workload?

Question

I'm trying to install istio on AKS Production workload using Terraform. I have created the AKS cluster with Azure RABC enabled.

I came across the following terraform script

resource "kubernetes_namespace" "istio-system" {
  metadata {
    annotations = {
      name = "istio-namespace"
    }

    labels = {
      mylabel = "label-value"
    }

    name = "istio-namespace"
  }
}

resource "helm_release" "istio_base" {
  name       = "istio-base"
  chart      = "./manifests/charts/base"
  namespace  = "istio-system"
}

resource "helm_release" "istiod" {
  name       = "istiod"
  chart      = "./manifests/charts/istio-control/istio-discovery"
  namespace  = "istio-system"
}

resource "helm_release" "istio-ingress" {
  name       = "istio-ingress"
  chart      = "./manifests/charts/gateways/istio-ingress"
  namespace  = "istio-system"
}

resource "helm_release" "istio-egress" {
  name       = "istio-ingress"
  chart      = "./manifests/charts/gateways/istio-egress"
  namespace  = "istio-system"
}

This is all required to setup ISTIO on AKS production workload? Should I download these HELM charts on the machine from where the code is executed? If so, from where can I download them?

score 0 · Accepted Answer · answered Jan 24 '23 at 13:39

I tried to reproduce the same in my environment to install ISTIO on AKS using Terraform:

Terraform Script:

provider "helm" {
  kubernetes {
    config_path = "~/.kube/config"
 }
 }
locals {
  istio_charts_url = "https://istio-release.storage.googleapis.com/charts"
}

resource "kubernetes_namespace" "istio-system" {
  metadata {
    annotations = {
      name = "istio-namespace"
    }

    labels = {
      mylabel = "label-value"
    }

    name = "istio-namespace"
  }
}
resource "helm_release" "istio-base" {
  repository       = local.istio_charts_url
  chart            = "base"
  name             = "istio-base"
  namespace        = "istio-system"
  version          = "1.12.1"
  create_namespace = true
}

resource "helm_release" "istiod" {
  repository       = local.istio_charts_url
  chart            = "istiod"
  name             = "istiod"
  namespace        = "istio-system"
  create_namespace = true
  version          = "1.12.1"
  depends_on       = [helm_release.istio-base]
}

resource "kubernetes_namespace" "istio-ingress" {
  metadata {
    labels = {
      istio-injection = "enabled"
    }

    name = "istio-ingress"
  }
}

resource "helm_release" "istio-ingress" {
  repository = local.istio_charts_url
  chart      = "gateway"
  name       = "istio-ingress"
  namespace  = "istio-system"
  version    = "1.12.1"
  depends_on = [helm_release.istiod]
}

Terraform plan: enter image description here

Check the installation status.

helm status istiod -n istio-system

enter image description here

Refer: Stack link followed by Benda.

How to install ISTIO on AKS for production workload?

1 Answers1