Install a Tetrate Istio distribution using helm
Helm is the best way to deploy a Tetrate Istio distribution in a standard, automatable manner. Helm manages upgrades and installation cleanly.
For quick experiments, you could install using istioctl.
TID has adopted a new versioning format. See Versioning System Update for more details. We recommend familiarizing yourself with this new format and gradually transitioning to it.
Post the TID 1.24.0 release, the old versioning scheme and its associated repository will be phased out, consolidating all users on the updated format in the new repository.
Before you begin
You need a Kubernetes cluster, and the kubectl
command-line tool must be configured to communicate with your cluster. Istio has a number of platform and networking/application requirements.
You also need the helm tool (version 3.6 or later) to install using this method.
You will need credentials from Tetrate to access Tetrate's private repository. Set your credential as env variable:
export TIS_USER="<tis-username>"
export TIS_PASS="<tis-password>"
Installation Steps
Add the Tetrate Helm Repo
Add Tetrate's Helm repo, and verify you can see the Tetrate Istio distribution releases:
- New
- Legacy
helm repo add tetratelabs https://tis.tetrate.io/charts
helm repo update tetratelabs
helm search repo tetratelabshelm repo add tetratelabs https://tetratelabs.github.io/helm-charts/
helm repo update tetratelabs
helm search repo tetratelabsDetermine the Install Version
Tetrate provide support for a number of Istio releases.
You can get the latest release by using following command:
helm search repo tetratelabs/base
Or you can list all available releases:
helm search repo tetratelabs/base --versions
- New
- Legacy
Set
$VERSION
using Helm version that you want to install, for example 1.25.1+tetrate3.Set
$TAG
using App version from above helm search command.export VERSION=1.25.1+tetrate3
export TAG=1.25.1-tetrate3Set
$VERSION
using Helm version that you want to install, for example 1.20.0.Set
$TAG
using App version from above helm search command.export VERSION=1.20.0
export TAG=1.20.0-tetrate-v0Install a new kubernetes pull secret with your credentials
We'll create a secret named TIS utility. By default the secret is created in
istio-system
namespace with nametetrate-tis-creds
.kubectl create namespace istio-system
kubectl create secret docker-registry tetrate-tis-creds \
--docker-server="addon-containers.istio.tetratelabs.com" \
--docker-username=${TIS_USER} \
--docker-password=${TIS_PASS} \
--docker-email="${USER}@" \
-n istio-systemInstall the Istio Control Plane
Install Tetrate's Istio base and istiod charts. These contains the CRDs (custom resource definitions) required for the Istio install, and the istiod service:
helm install istio-base tetratelabs/base -n istio-system \
--set global.tag=${TAG} \
--set global.hub="addon-containers.istio.tetratelabs.com" \
--set "global.imagePullSecrets[0]=tetrate-tis-creds" \
--version ${VERSION}
helm install istiod tetratelabs/istiod -n istio-system \
--set global.tag=${TAG} \
--set global.hub="addon-containers.istio.tetratelabs.com" \
--set "global.imagePullSecrets[0]=tetrate-tis-creds" \
--version ${VERSION} \
--waitAfter a few seconds, verify that the istio-base and istiod releases are installed and that the istiod pod is running:
helm ls -n istio-system
kubectl get pods -n istio-systemInstall Istio Gateway
Install Istio Gateway into the istio-ingress namespace. Similar to previous Istio installation, you need to create image pull secret first.
kubectl create namespace istio-ingress
kubectl create secret docker-registry tetrate-tis-creds \
--docker-server="addon-containers.istio.tetratelabs.com" \
--docker-username=${TIS_USER} \
--docker-password=${TIS_PASS} \
--docker-email="${USER}@" \
-n istio-ingress
helm install istio-ingress tetratelabs/gateway -n istio-ingress \
--set global.tag=${TAG} \
--set global.hub="addon-containers.istio.tetratelabs.com" \
--set "global.imagePullSecrets[0].name=tetrate-tis-creds" \
--version ${VERSION} \
--waitVerify that the istio-ingress pod is running and the istio-ingress release is installed:
helm ls -n istio-ingress
kubectl get pods -n istio-ingress
Uninstalling Istio
Before removing a Tetrate Istio distribution deployment, all the applications and gateways should be off-boarded.
Use helm uninstall
for each chart:
helm uninstall istio-ingress -n istio-ingress
kubectl delete namespace istio-ingress
helm uninstall istiod --namespace istio-system
helm uninstall istio-base --namespace istio-system
kubectl delete namespace istio-system
Operating in an Air-Gapped Environment
If your target installation cluster does not have access to the Tetrate repository, you can first copy the images to a local, private docker repository.
To copy the images
Login with your username and password
Use the username and password provided by Tetrate:
docker login addon-containers.istio.tetratelabs.com
Username: <username>
Password: <password>Pull each image to the local machine
Make sure to set TAG to the build and version you plan to install:
export TAG=1.25.1-tetrate3
export TETRATE_HUB=addon-containers.istio.tetratelabs.com
export YOUR_HUB=registry.example.com
export IMAGES=(install-cni istioctl pilot proxyv2)
for image in $IMAGES; do docker pull $TETRATE_HUB/$image:$TAG; doneRe-tag with your registry hostname
for image in $IMAGES; do docker tag $TETRATE_HUB/$image:$TAG $YOUR_HUB/$image:$TAG; done
Push to your private registry
docker login <customer private registry>
Username: <username>
Password: <password>
for image in $IMAGES; do docker push $YOUR_HUB/$image:$TAG; done
Once you have copied the images to a local repository, you can use any of the methods described above, replacing the address of the Tetrate repository with your own repository.
Next Steps
Once you have installed and validated your Tetrate Istio distribution install, you can proceed to the Istio good practices guide.