Skip to main content
logoTetrate Istio SubscriptionVersion: Next

Install a Tetrate Istio distribution using helm

Helm is the best way to deploy a Tetrate Istio distribution in a standard, automatable manner. Helm manages upgrades and installation cleanly.

For quick experiments, you could install using istioctl.

New Versioning Format

TID has adopted a new versioning format. See Versioning System Update for more details. We recommend familiarizing yourself with this new format and gradually transitioning to it.

Post the TID 1.24.0 release, the old versioning scheme and its associated repository will be phased out, consolidating all users on the updated format in the new repository.

Before you begin

You need a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. Istio has a number of platform and networking/application requirements.

You also need the helm tool (version 3.6 or later) to install using this method.

You will need credentials from Tetrate to access Tetrate's private repository. Set your credential as env variable:

export TIS_USER="<tis-username>"
export TIS_PASS="<tis-password>"

Installation Steps

  1. Add the Tetrate Helm Repo

    Add Tetrate's Helm repo, and verify you can see the Tetrate Istio distribution releases:

    helm repo add tetratelabs https://tis.tetrate.io/charts
    helm repo update tetratelabs

    helm search repo tetratelabs

  2. Determine the Install Version

    Tetrate provide support for a number of Istio releases.

    You can get the latest release by using following command:

    helm search repo tetratelabs/base

    Or you can list all available releases:

    helm search repo tetratelabs/base --versions

    Set $VERSION using Helm version that you want to install, for example 1.20.0+tetrate0.

    Set $TAG using App version from above helm search command.

    export VERSION=1.20.0+tetrate0
    export TAG=1.20.0-tetrate0

  3. Install a new kubernetes pull secret with your credentials

    We'll create a secret named TIS utility. By default the secret is created in istio-system namespace with name tis-image-pull-secret.

    kubectl create namespace istio-system

    kubectl create secret docker-registry tetrate-tis-creds \
        --docker-server="addon-containers.istio.tetratelabs.com" \
        --docker-username=${TIS_USER} \
        --docker-password=${TIS_PASS} \
        --docker-email="${USER}@" \
        -n istio-system

  4. Install the Istio Control Plane

    Install Tetrate's Istio base and istiod charts. These contains the CRDs (custom resource definitions) required for the Istio install, and the istiod service:

    helm install istio-base tetratelabs/base -n istio-system \
        --set global.tag=${TAG} \
        --set global.hub="addon-containers.istio.tetratelabs.com" \
        --set "global.imagePullSecrets[0]=tetrate-tis-creds" \
        --version ${VERSION}

    helm install istiod tetratelabs/istiod -n istio-system \
        --set global.tag=${TAG} \
        --set global.hub="addon-containers.istio.tetratelabs.com" \
        --set "global.imagePullSecrets[0]=tetrate-tis-creds" \
        --version ${VERSION} \
        --wait

    After a few seconds, verify that the istio-base and istiod releases are installed and that the istiod pod is running:

    helm ls -n istio-system
    kubectl get pods -n istio-system

  5. Install Istio Gateway

    Install Istio Gateway into the istio-ingress namespace. Similar to previous Istio installation, you need to create image pull secret first.

    kubectl create namespace istio-ingress

    kubectl create secret docker-registry tetrate-tis-creds \
        --docker-server="addon-containers.istio.tetratelabs.com" \
        --docker-username=${TIS_USER} \
        --docker-password=${TIS_PASS} \
        --docker-email="${USER}@" \
        -n istio-ingress

    helm install istio-ingress tetratelabs/gateway -n istio-ingress \
        --set global.tag=${TAG} \
        --set global.hub="addon-containers.istio.tetratelabs.com" \
        --set "global.imagePullSecrets[0]=tetrate-tis-creds" \
        --version ${VERSION} \
        --wait

    Verify that the istio-ingressgateway pod is running and the istio-ingress release is installed:

    helm ls -n istio-ingress
    kubectl get pods -n istio-ingress

Upgrade the Installation

When you need to upgrade the version, the steps are similar to the install command.

Query the installed version:

helm ls -n istio-system ; helm ls -n istio-ingress

List available versions:

helm repo update tetratelabs
helm search repo tetratelabs/base --versions

To upgrade to the latest release:

helm upgrade istio-base tetratelabs/base -n istio-system --reuse-values
helm upgrade istiod tetratelabs/istiod -n istio-system --reuse-values
helm upgrade istio-ingress tetratelabs/istio-ingress -n istio-ingress --reuse-values

To upgrade to an intermediate release:

Set $VERSION to the target release version, e.g. 1.20.0+tetrate0 or 1.20.0 for legacy versioning.

helm upgrade istio-base tetratelabs/base -n istio-system --version ${VERSION} --reuse-values
helm upgrade istiod tetratelabs/istiod -n istio-system --version ${VERSION} --reuse-values
helm upgrade istio-ingress tetratelabs/istio-ingress -n istio-ingress --version ${VERSION} --reuse-values

Uninstall a Tetrate Istio distribution

Before removing a Tetrate Istio distribution deployment, all the applications and gateways should be off-boarded.

Use helm uninstall for each chart:

helm uninstall istio-ingress -n istio-ingress
kubectl delete namespace istio-ingress

helm uninstall istiod --namespace istio-system
helm uninstall istio-base --namespace istio-system
kubectl delete namespace istio-system

Next Steps

Once you have installed and validated your Tetrate Istio distribution install, you can proceed to the Istio good practices guide.