K
Q

Install Istio using Istio Operator and Terraform on EKS

4/14/2021

I'm new to Terraform. I need to set up Istio on the AWS EKS cluster. I thought of using Istio-Operator along with Terraform to do the same.

Below is the shell script to install Istio on EKS using Istio-Operator:

install-istio.sh

# Download and install the Istio istioctl client binary

# Specify the Istio version that will be leveraged throughout these instructions
ISTIO_VERSION=1.7.3

curl -sL "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istioctl-$ISTIO_VERSION-linux-amd64.tar.gz" | tar xz

sudo mv ./istioctl /usr/local/bin/istioctl
sudo chmod +x /usr/local/bin/istioctl

# Install the Istio Operator on EKS
istioctl operator init

# The Istio Operator is installed into the istio-operator namespace. Query the namespace.
kubectl get all -n istio-operator

# Install Istio components
istioctl profile dump default

# Create the istio-system namespace and deploy the Istio Operator Spec to that namespace.
kubectl create ns istio-system
kubectl apply -f istio-operator.yaml

# Validate the Istio installation
kubectl get all -n istio-system

Below is the istio-operator.yaml file used by install-istio.sh

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-control-plane
spec:
  # Use the default profile as the base
  # More details at: https://istio.io/docs/setup/additional-setup/config-profiles/
  profile: default
  # Enable the addons that we will want to use
  addonComponents:
    grafana:
      enabled: true
    prometheus:
      enabled: true
    tracing:
      enabled: true
    kiali:
      enabled: true
  values:
    global:
      # Ensure that the Istio pods are only scheduled to run on Linux nodes
      defaultNodeSelector:
        beta.kubernetes.io/os: linux
    kiali:
      dashboard:
        auth:
          strategy: anonymous

Below is the main.tf file which executes the script

resource "null_resource" "install_istio" {

 provisioner "local-exec" {

    command = "/bin/bash install-istio.sh"
  }
}

I request you to help me with few queries:

  1. How can I make use of the above script along with Terraform to install Istio on EKS cluster. What is the terraform part I need to include along with the above script?
  2. Is there any missing part in the script. Will I face any problem updating the Istio using the above script?
  3. What are the other parameters I need to include so that the script can install Istio on the EKS cluster?
  4. How can I create Terraform module using the above script?

Thank you very much for your time. Appreciate all your help!

-- Sweta Sharma
amazon-eks
istio
kubernetes
servicemesh
terraform

Similar Questions

Caculating the global index for two ranges in Kubernetes Sprig/helm templates?
OpenStack magnum Kubernetes cluster config issues
Is is possible to choose internal IP for kubernetes host network pod
Can Google Cloud DataFlow be used as a Task Queue to process multiple data in parallel?
How do I properly bring up a kubernetes cluster that was previously brought down?

1 Answer

4/15/2021

I believe you will encounter problems if using a local-exec provisioner like this.

Terraform does not play nice with resources it cannot reconcile. Especially when it comes to CRDs. Also, every time you will run terraform apply, you will run istioctl init over and over, which is probably not what you want.

What you can do, is to

1) convert the istio-operator to standard kubernetes manifests using 

mkdir -p istio-operator
istio-operator dump > istio-operator/manifests.yaml

2) Create a istio-operator/kustomization.yaml file with

#istio-operator/kustomization.yaml

resources:
- manifests.yaml

3) Install the terraform kustomization provider

# terraform.tf

terraform {
  required_providers {
    kustomization = {
      source  = "kbst/kustomization"
      version = "0.4.3"
    }
  }
}

provider "kustomization" {
  // See online documentation on how to configure this
}

4) Install istio-operator with the terraform kustomization provider

# istio-operator.tf

data "kustomization" "istio_operator" {
  path     = "./istio-operator"
}

resource "kustomization_resource" "istio_operator" {
  for_each = data.kustomization.istio_operator.ids
  manifest = data.kustomization.istio_operator.manifests[each.value]
}

5) Create a IstioOperator manifest in istio/manifest.yaml

# istio/manifest.yaml

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istio-control-plane
...

6) Create a istio/kustomization.yaml with 

# istio/kustomization.yaml

resources:
- manifest.yaml

7) Install the IstioOperator with a second kustomization resource using terraform.

# istio.tf

data "kustomization" "istio" {
  path     = "./istio"
}

resource "kustomization_resource" "istio" {
  for_each = data.kustomization.istio.ids
  manifest = data.kustomization.istio.manifests[each.value]
  depends_on = [kustomization_resource.istio_operator]
}

I would recommend putting this whole thing in a separate folder, such as this

/home
  /project
    /terraform
      /istio
        terraform.tf
        istio_operator.tf
        istio.tf
        /istio
          kustomization.yaml
          manifest.yaml
        /istio-operator
          kustomization.yaml
          manifest.yaml
-- Ludovic C
Source: StackOverflow