terraformazure-aksistioterraform-provider-azure
How to install ISTIO on AKS for production workload?
I'm trying to install istio on AKS Production workload using Terraform. I have created the AKS cluster with Azure RABC enabled.
I came across the following terraform script
resource "kubernetes_namespace" "istio-system" {
metadata {
annotations = {
name = "istio-namespace"
}
labels = {
mylabel = "label-value"
}
name = "istio-namespace"
}
}
resource "helm_release" "istio_base" {
name = "istio-base"
chart = "./manifests/charts/base"
namespace = "istio-system"
}
resource "helm_release" "istiod" {
name = "istiod"
chart = "./manifests/charts/istio-control/istio-discovery"
namespace = "istio-system"
}
resource "helm_release" "istio-ingress" {
name = "istio-ingress"
chart = "./manifests/charts/gateways/istio-ingress"
namespace = "istio-system"
}
resource "helm_release" "istio-egress" {
name = "istio-ingress"
chart = "./manifests/charts/gateways/istio-egress"
namespace = "istio-system"
}
This is all required to setup ISTIO on AKS production workload? Should I download these HELM charts on the machine from where the code is executed? If so, from where can I download them?
Solution
I tried to reproduce the same in my environment to install ISTIO on AKS using Terraform:
Terraform Script:
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
locals {
istio_charts_url = "https://istio-release.storage.googleapis.com/charts"
}
resource "kubernetes_namespace" "istio-system" {
metadata {
annotations = {
name = "istio-namespace"
}
labels = {
mylabel = "label-value"
}
name = "istio-namespace"
}
}
resource "helm_release" "istio-base" {
repository = local.istio_charts_url
chart = "base"
name = "istio-base"
namespace = "istio-system"
version = "1.12.1"
create_namespace = true
}
resource "helm_release" "istiod" {
repository = local.istio_charts_url
chart = "istiod"
name = "istiod"
namespace = "istio-system"
create_namespace = true
version = "1.12.1"
depends_on = [helm_release.istio-base]
}
resource "kubernetes_namespace" "istio-ingress" {
metadata {
labels = {
istio-injection = "enabled"
}
name = "istio-ingress"
}
}
resource "helm_release" "istio-ingress" {
repository = local.istio_charts_url
chart = "gateway"
name = "istio-ingress"
namespace = "istio-system"
version = "1.12.1"
depends_on = [helm_release.istiod]
}
Terraform plan:
Check the installation status.
helm status istiod -n istio-system
Refer: Stack link followed by Benda.