DEVHIDE
Login Or Sign up

Install Istio using Istio Operator and Terraform on EKS

2.2k Views Asked by At

I'm new to Terraform. I need to set up Istio on the AWS EKS cluster. I thought of using Istio-Operator along with Terraform to do the same.

Below is the shell script to install Istio on EKS using Istio-Operator:

install-istio.sh

# Download and install the Istio istioctl client binary

# Specify the Istio version that will be leveraged throughout these instructions
ISTIO_VERSION=1.7.3

curl -sL "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istioctl-$ISTIO_VERSION-linux-amd64.tar.gz" | tar xz

sudo mv ./istioctl /usr/local/bin/istioctl
sudo chmod +x /usr/local/bin/istioctl

# Install the Istio Operator on EKS
istioctl operator init

# The Istio Operator is installed into the istio-operator namespace. Query the namespace.
kubectl get all -n istio-operator

# Install Istio components
istioctl profile dump default

# Create the istio-system namespace and deploy the Istio Operator Spec to that namespace.
kubectl create ns istio-system
kubectl apply -f istio-operator.yaml

# Validate the Istio installation
kubectl get all -n istio-system

Below is the istio-operator.yaml file used by install-istio.sh

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-control-plane
spec:
  # Use the default profile as the base
  # More details at: https://istio.io/docs/setup/additional-setup/config-profiles/
  profile: default
  # Enable the addons that we will want to use
  addonComponents:
    grafana:
      enabled: true
    prometheus:
      enabled: true
    tracing:
      enabled: true
    kiali:
      enabled: true
  values:
    global:
      # Ensure that the Istio pods are only scheduled to run on Linux nodes
      defaultNodeSelector:
        beta.kubernetes.io/os: linux
    kiali:
      dashboard:
        auth:
          strategy: anonymous

Below is the main.tf file which executes the script

resource "null_resource" "install_istio" {

 provisioner "local-exec" {

    command = "/bin/bash install-istio.sh"
  }
}

I request you to help me with few queries:

  1. How can I make use of the above script along with Terraform to install Istio on EKS cluster. What is the terraform part I need to include along with the above script?
  2. Is there any missing part in the script. Will I face any problem updating the Istio using the above script?
  3. What are the other parameters I need to include so that the script can install Istio on the EKS cluster?
  4. How can I create Terraform module using the above script?

Thank you very much for your time. Appreciate all your help!

kubernetes terraform istio amazon-eks servicemesh
Original Q&A
1

There are 1 best solutions below

11
On BEST ANSWER

I believe you will encounter problems if using a local-exec provisioner like this.

Terraform does not play nice with resources it cannot reconcile. Especially when it comes to CRDs. Also, every time you will run terraform apply, you will run istioctl init over and over, which is probably not what you want.

What you can do, is to

  1. convert the istio-operator to standard kubernetes manifests using
mkdir -p istio-operator
istio-operator dump > istio-operator/manifests.yaml
  1. Create a istio-operator/kustomization.yaml file with
#istio-operator/kustomization.yaml

resources:
- manifests.yaml
  1. Install the terraform kustomization provider
# terraform.tf

terraform {
  required_providers {
    kustomization = {
      source  = "kbst/kustomization"
      version = "0.4.3"
    }
  }
}

provider "kustomization" {
  // See online documentation on how to configure this
}
  1. Install istio-operator with the terraform kustomization provider
# istio-operator.tf

data "kustomization" "istio_operator" {
  path     = "./istio-operator"
}

resource "kustomization_resource" "istio_operator" {
  for_each = data.kustomization.istio_operator.ids
  manifest = data.kustomization.istio_operator.manifests[each.value]
}
  1. Create a IstioOperator manifest in istio/manifest.yaml
# istio/manifest.yaml

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istio-control-plane
...
  1. Create a istio/kustomization.yaml with
# istio/kustomization.yaml

resources:
- manifest.yaml
  1. Install the IstioOperator with a second kustomization resource using terraform.
# istio.tf

data "kustomization" "istio" {
  path     = "./istio"
}

resource "kustomization_resource" "istio" {
  for_each = data.kustomization.istio.ids
  manifest = data.kustomization.istio.manifests[each.value]
  depends_on = [kustomization_resource.istio_operator]
}

I would recommend putting this whole thing in a separate folder, such as this

/home
  /project
    /terraform
      /istio
        terraform.tf
        istio_operator.tf
        istio.tf
        /istio
          kustomization.yaml
          manifest.yaml
        /istio-operator
          kustomization.yaml
          manifest.yaml

Related Questions in KUBERNETES

Related Questions in TERRAFORM

Related Questions in ISTIO

Related Questions in AMAZON-EKS

Related Questions in SERVICEMESH

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.